elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-11-16 13:35:39 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added 'additional_notes' field to JSON output.

Browse Source
This commit is contained in:
Joe Testa 2023-12-19 18:03:07 -05:00
parent c9412cbb88
commit 75dbc03a77
13 changed files with 39 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -187,6 +187,7 @@ For convenience, a web front-end on top of the command-line tool is available at
- Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange list changes due to Terrapin vulnerability patches.
- Re-organized option host key types for OpenSSH 9.2 server policy to correspond with updated Debian 12 hardening guide.
- Added built-in policies for OpenSSH 9.5 and 9.6.
- Added an "additional_notes" field to the JSON output.
### v3.0.0 (2023-09-07)
- Results from concurrent scans against multiple hosts are no longer improperly combined; bug discovered by [Adam Russell](https://github.com/thecliguy).

7
src/ssh_audit/ssh_audit.py
View File

@ -697,7 +697,7 @@ def output(out: OutputBuffer, aconf: AuditConf, banner: Optional[Banner], header
if aconf.json:
out.reset()
# Build & write the JSON struct.
out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, cves, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list), indent=4 if aconf.json_print_indent else None, sort_keys=True))
out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, cves, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list, additional_notes=additional_notes), indent=4 if aconf.json_print_indent else None, sort_keys=True))
elif len(unknown_algorithms) > 0: # If we encountered any unknown algorithms, ask the user to report them.
out.warn("\n\n!!! WARNING: unknown algorithm(s) found!: %s. Please email the full output above to the maintainer (jtesta@positronsecurity.com), or create a Github issue at <https://github.com/jtesta/ssh-audit/issues>.\n" % ','.join(unknown_algorithms))
@ -1033,7 +1033,7 @@ def process_commandline(out: OutputBuffer, args: List[str], usage_cb: Callable[.
return aconf
def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[str, Union[str, float]]], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None) -> Any: # pylint: disable=too-many-arguments
def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[str, Union[str, float]]], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None, additional_notes: str = "") -> Any: # pylint: disable=too-many-arguments
def fetch_notes(algorithm: str, alg_type: str) -> Dict[str, List[Optional[str]]]:
'''Returns a dictionary containing the messages in the "fail", "warn", and "info" levels for this algorithm.'''
@ -1201,6 +1201,9 @@ def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[s
# Add in the recommendations.
res['recommendations'] = get_algorithm_recommendations(algorithms, algorithm_recommendation_suppress_list, software, for_server=True)
# Add in the additional notes. Currently just one string, but in the future this may grow to multiple strings. Hence, an array is needed to prevent future schema breakage.
res['additional_notes'] = [additional_notes]
return res

3
test/docker/expected_results/dropbear_2019.78_test1.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_4.0p1_test1.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "1.99",

3
test/docker/expected_results/openssh_5.6p1_test1.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_5.6p1_test2.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_5.6p1_test3.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_5.6p1_test4.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_5.6p1_test5.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_8.0p1_test1.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_8.0p1_test2.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/openssh_8.0p1_test3.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": null,
"protocol": "2.0",

3
test/docker/expected_results/tinyssh_20190101_test1.json
View File

@ -1,4 +1,7 @@
{
"additional_notes": [
""
],
"banner": {
"comments": "",
"protocol": "2.0",