elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-07-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity

For unrecognized servers, only recommend algorithm changes & removals, not additions (since they can be very inaccurate).

Browse Source
This commit is contained in:
Joe Testa 2019-08-28 00:37:55 -04:00
parent 7221413567
commit c185a25af1
1 changed files with 24 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
ssh-audit.py
View File

@ -1681,21 +1681,27 @@ class SSH(object): # pylint: disable=too-few-public-methods
SSH.Product.DropbearSSH, SSH.Product.DropbearSSH,
SSH.Product.LibSSH, SSH.Product.LibSSH,
SSH.Product.TinySSH] SSH.Product.TinySSH]
# Set to True if server is not one of vproducts, above.
unknown_software = False
if software is not None: if software is not None:
if software.product not in vproducts: if software.product not in vproducts:
software = None unknown_software = True
if software is None: #
ssh_timeframe = self.get_ssh_timeframe(for_server) # The code below is commented out because it would try to guess what the server is,
for product in vproducts: # usually resulting in wild & incorrect recommendations.
if product not in ssh_timeframe: #
continue # if software is None:
version = ssh_timeframe.get_from(product, for_server) # ssh_timeframe = self.get_ssh_timeframe(for_server)
if version is not None: # for product in vproducts:
software = SSH.Software(None, product, version, None, None) # if product not in ssh_timeframe:
break # continue
# version = ssh_timeframe.get_from(product, for_server)
# if version is not None:
# software = SSH.Software(None, product, version, None, None)
# break
rec = {} # type: Dict[int, Dict[str, Dict[str, Dict[str, int]]]] rec = {} # type: Dict[int, Dict[str, Dict[str, Dict[str, int]]]]
if software is None: if software is None:
return software, rec unknown_software = True
for alg_pair in self.values: for alg_pair in self.values:
sshv, alg_db = alg_pair.sshv, alg_pair.db sshv, alg_db = alg_pair.sshv, alg_pair.db
rec[sshv] = {} rec[sshv] = {}
@ -1708,15 +1714,17 @@ class SSH(object): # pylint: disable=too-few-public-methods
if len(versions) == 0 or versions[0] is None: if len(versions) == 0 or versions[0] is None:
continue continue
matches = False matches = False
if unknown_software:
matches = True
for v in versions[0].split(','): for v in versions[0].split(','):
ssh_prefix, ssh_version, is_cli = SSH.Algorithm.get_ssh_version(v) ssh_prefix, ssh_version, is_cli = SSH.Algorithm.get_ssh_version(v)
if not ssh_version: if not ssh_version:
continue continue
if ssh_prefix != software.product: if (software is not None) and (ssh_prefix != software.product):
continue continue
if is_cli and for_server: if is_cli and for_server:
continue continue
if software.compare_version(ssh_version) < 0: if (software is not None) and (software.compare_version(ssh_version) < 0):
continue continue
matches = True matches = True
break break
@ -1740,6 +1748,9 @@ class SSH(object): # pylint: disable=too-few-public-methods
rec[sshv][alg_type]['chg'][n] = faults rec[sshv][alg_type]['chg'][n] = faults
else: else:
rec[sshv][alg_type]['del'][n] = faults rec[sshv][alg_type]['del'][n] = faults
# If we are working with unknown software, drop all add recommendations, because we don't know if they're valid.
if unknown_software:
rec[sshv][alg_type]['add'] = {}
add_count = len(rec[sshv][alg_type]['add']) add_count = len(rec[sshv][alg_type]['add'])
del_count = len(rec[sshv][alg_type]['del']) del_count = len(rec[sshv][alg_type]['del'])
chg_count = len(rec[sshv][alg_type]['chg']) chg_count = len(rec[sshv][alg_type]['chg'])