Added implementation for DHEat denial-of-service attack (CVE-2002-20001). (#211, #217)

This commit is contained in:
Joe Testa
2024-04-18 13:58:13 -04:00
parent d7f8bf3e6d
commit 8190fe59d0
24 changed files with 1313 additions and 61 deletions

View File

@ -73,6 +73,7 @@ class _VirtualSocket:
self.rdata = []
self.sdata = []
self.errors = {}
self.blocking = False
self.gsock = _VirtualGlobalSocket(self)
def _check_err(self, method):
@ -83,12 +84,18 @@ class _VirtualSocket:
def connect(self, address):
return self._connect(address, False)
def connect_ex(self, address):
return self.connect(address)
def _connect(self, address, ret=True):
self.peer_address = address
self._connected = True
self._check_err('connect')
return self if ret else None
def setblocking(self, r: bool):
self.blocking = r
def settimeout(self, timeout):
self.timeout = timeout

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "1.99",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": null,
"protocol": "2.0",

View File

@ -1,7 +1,5 @@
{
"additional_notes": [
""
],
"additional_notes": [],
"banner": {
"comments": "",
"protocol": "2.0",

29
test/test_dheater.py Normal file
View File

@ -0,0 +1,29 @@
import pytest
from ssh_audit.ssh2_kexdb import SSH2_KexDB
from ssh_audit.dheat import DHEat
class TestDHEat:
@pytest.fixture(autouse=True)
def init(self):
self.SSH2_KexDB = SSH2_KexDB
self.DHEat = DHEat
def test_kex_definition_completeness(self):
alg_db = self.SSH2_KexDB.get_db()
kex_db = alg_db['kex']
# Get all Diffie-Hellman algorithms defined in our database.
dh_algs = []
for kex in kex_db:
if kex.startswith('diffie-hellman-'):
dh_algs.append(kex)
# Ensure that each DH algorithm in our database is in either DHEat's alg_priority or gex_algs list. Also ensure that all non-group exchange algorithms are accounted for in the alg_modulus_sizes dictionary.
for dh_alg in dh_algs:
assert (dh_alg in self.DHEat.alg_priority) or (dh_alg in self.DHEat.gex_algs)
if dh_alg.find("group-exchange") == -1:
assert dh_alg in self.DHEat.alg_modulus_sizes

View File

@ -17,6 +17,7 @@ class TestErrors:
conf = self.AuditConf('localhost', 22)
conf.colors = False
conf.batch = True
conf.skip_rate_test = True
return conf
def _audit(self, spy, conf=None, exit_expected=False):

View File

@ -33,6 +33,7 @@ class TestSSH1:
conf.verbose = True
conf.ssh1 = True
conf.ssh2 = False
conf.skip_rate_test = True
return conf
def _create_ssh1_packet(self, payload, valid_crc=True):

View File

@ -32,6 +32,7 @@ class TestSSH2:
conf.verbose = True
conf.ssh1 = False
conf.ssh2 = True
conf.skip_rate_test = True
return conf
@classmethod