mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 22:15:22 +01:00
Added 'additional_notes' field to JSON output.
This commit is contained in:
parent
c9412cbb88
commit
75dbc03a77
@ -187,6 +187,7 @@ For convenience, a web front-end on top of the command-line tool is available at
|
|||||||
- Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange list changes due to Terrapin vulnerability patches.
|
- Updated Ubuntu Server & Client policies for 20.04 and 22.04 to account for key exchange list changes due to Terrapin vulnerability patches.
|
||||||
- Re-organized option host key types for OpenSSH 9.2 server policy to correspond with updated Debian 12 hardening guide.
|
- Re-organized option host key types for OpenSSH 9.2 server policy to correspond with updated Debian 12 hardening guide.
|
||||||
- Added built-in policies for OpenSSH 9.5 and 9.6.
|
- Added built-in policies for OpenSSH 9.5 and 9.6.
|
||||||
|
- Added an "additional_notes" field to the JSON output.
|
||||||
|
|
||||||
### v3.0.0 (2023-09-07)
|
### v3.0.0 (2023-09-07)
|
||||||
- Results from concurrent scans against multiple hosts are no longer improperly combined; bug discovered by [Adam Russell](https://github.com/thecliguy).
|
- Results from concurrent scans against multiple hosts are no longer improperly combined; bug discovered by [Adam Russell](https://github.com/thecliguy).
|
||||||
|
@ -697,7 +697,7 @@ def output(out: OutputBuffer, aconf: AuditConf, banner: Optional[Banner], header
|
|||||||
if aconf.json:
|
if aconf.json:
|
||||||
out.reset()
|
out.reset()
|
||||||
# Build & write the JSON struct.
|
# Build & write the JSON struct.
|
||||||
out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, cves, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list), indent=4 if aconf.json_print_indent else None, sort_keys=True))
|
out.info(json.dumps(build_struct(aconf.host + ":" + str(aconf.port), banner, cves, kex=kex, client_host=client_host, software=software, algorithms=algs, algorithm_recommendation_suppress_list=algorithm_recommendation_suppress_list, additional_notes=additional_notes), indent=4 if aconf.json_print_indent else None, sort_keys=True))
|
||||||
elif len(unknown_algorithms) > 0: # If we encountered any unknown algorithms, ask the user to report them.
|
elif len(unknown_algorithms) > 0: # If we encountered any unknown algorithms, ask the user to report them.
|
||||||
out.warn("\n\n!!! WARNING: unknown algorithm(s) found!: %s. Please email the full output above to the maintainer (jtesta@positronsecurity.com), or create a Github issue at <https://github.com/jtesta/ssh-audit/issues>.\n" % ','.join(unknown_algorithms))
|
out.warn("\n\n!!! WARNING: unknown algorithm(s) found!: %s. Please email the full output above to the maintainer (jtesta@positronsecurity.com), or create a Github issue at <https://github.com/jtesta/ssh-audit/issues>.\n" % ','.join(unknown_algorithms))
|
||||||
|
|
||||||
@ -1033,7 +1033,7 @@ def process_commandline(out: OutputBuffer, args: List[str], usage_cb: Callable[.
|
|||||||
return aconf
|
return aconf
|
||||||
|
|
||||||
|
|
||||||
def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[str, Union[str, float]]], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None) -> Any: # pylint: disable=too-many-arguments
|
def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[str, Union[str, float]]], kex: Optional['SSH2_Kex'] = None, pkm: Optional['SSH1_PublicKeyMessage'] = None, client_host: Optional[str] = None, software: Optional[Software] = None, algorithms: Optional[Algorithms] = None, algorithm_recommendation_suppress_list: Optional[List[str]] = None, additional_notes: str = "") -> Any: # pylint: disable=too-many-arguments
|
||||||
|
|
||||||
def fetch_notes(algorithm: str, alg_type: str) -> Dict[str, List[Optional[str]]]:
|
def fetch_notes(algorithm: str, alg_type: str) -> Dict[str, List[Optional[str]]]:
|
||||||
'''Returns a dictionary containing the messages in the "fail", "warn", and "info" levels for this algorithm.'''
|
'''Returns a dictionary containing the messages in the "fail", "warn", and "info" levels for this algorithm.'''
|
||||||
@ -1201,6 +1201,9 @@ def build_struct(target_host: str, banner: Optional['Banner'], cves: List[Dict[s
|
|||||||
# Add in the recommendations.
|
# Add in the recommendations.
|
||||||
res['recommendations'] = get_algorithm_recommendations(algorithms, algorithm_recommendation_suppress_list, software, for_server=True)
|
res['recommendations'] = get_algorithm_recommendations(algorithms, algorithm_recommendation_suppress_list, software, for_server=True)
|
||||||
|
|
||||||
|
# Add in the additional notes. Currently just one string, but in the future this may grow to multiple strings. Hence, an array is needed to prevent future schema breakage.
|
||||||
|
res['additional_notes'] = [additional_notes]
|
||||||
|
|
||||||
return res
|
return res
|
||||||
|
|
||||||
|
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "1.99",
|
"protocol": "1.99",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": null,
|
"comments": null,
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
@ -1,4 +1,7 @@
|
|||||||
{
|
{
|
||||||
|
"additional_notes": [
|
||||||
|
""
|
||||||
|
],
|
||||||
"banner": {
|
"banner": {
|
||||||
"comments": "",
|
"comments": "",
|
||||||
"protocol": "2.0",
|
"protocol": "2.0",
|
||||||
|
Loading…
Reference in New Issue
Block a user