mirror of
https://github.com/jtesta/ssh-audit.git
synced 2024-12-22 22:15:22 +01:00
Added extra warnings for SSHv1. (#6)
This commit is contained in:
parent
d42725652f
commit
e0f0956edc
@ -250,6 +250,9 @@ def output_security(out: OutputBuffer, banner: Optional[Banner], client_audit: b
|
|||||||
software = Software.parse(banner)
|
software = Software.parse(banner)
|
||||||
output_security_sub(out, 'cve', software, client_audit, padlen)
|
output_security_sub(out, 'cve', software, client_audit, padlen)
|
||||||
output_security_sub(out, 'txt', software, client_audit, padlen)
|
output_security_sub(out, 'txt', software, client_audit, padlen)
|
||||||
|
if banner.protocol[0] == 1:
|
||||||
|
p = '' if out.batch else ' ' * (padlen - 14)
|
||||||
|
out.fail('(sec) SSH v1 enabled{} -- SSH v1 can be exploited to recover plaintext passwords'.format(p))
|
||||||
if not out.is_section_empty() and not is_json_output:
|
if not out.is_section_empty() and not is_json_output:
|
||||||
out.head('# security')
|
out.head('# security')
|
||||||
out.flush_section()
|
out.flush_section()
|
||||||
@ -408,12 +411,17 @@ def output(out: OutputBuffer, aconf: AuditConf, banner: Optional[Banner], header
|
|||||||
if len(header) > 0:
|
if len(header) > 0:
|
||||||
out.info('(gen) header: ' + '\n'.join(header))
|
out.info('(gen) header: ' + '\n'.join(header))
|
||||||
if banner is not None:
|
if banner is not None:
|
||||||
out.good('(gen) banner: {}'.format(banner))
|
banner_line = '(gen) banner: {}'.format(banner)
|
||||||
|
if sshv == 1 or banner.protocol[0] == 1:
|
||||||
|
out.fail(banner_line)
|
||||||
|
out.fail('(gen) protocol SSH1 enabled')
|
||||||
|
else:
|
||||||
|
out.good(banner_line)
|
||||||
|
|
||||||
if not banner.valid_ascii:
|
if not banner.valid_ascii:
|
||||||
# NOTE: RFC 4253, Section 4.2
|
# NOTE: RFC 4253, Section 4.2
|
||||||
out.warn('(gen) banner contains non-printable ASCII')
|
out.warn('(gen) banner contains non-printable ASCII')
|
||||||
if sshv == 1 or banner.protocol[0] == 1:
|
|
||||||
out.fail('(gen) protocol SSH1 enabled')
|
|
||||||
software = Software.parse(banner)
|
software = Software.parse(banner)
|
||||||
if software is not None:
|
if software is not None:
|
||||||
out.good('(gen) software: {}'.format(software))
|
out.good('(gen) software: {}'.format(software))
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
[0;36m# general[0m
|
[0;36m# general[0m
|
||||||
[0;32m(gen) banner: SSH-1.99-OpenSSH_4.0[0m
|
[0;31m(gen) banner: SSH-1.99-OpenSSH_4.0[0m
|
||||||
[0;31m(gen) protocol SSH1 enabled[0m
|
[0;31m(gen) protocol SSH1 enabled[0m
|
||||||
[0;32m(gen) software: OpenSSH 4.0[0m
|
[0;32m(gen) software: OpenSSH 4.0[0m
|
||||||
[0;32m(gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
|
[0;32m(gen) compatibility: OpenSSH 3.9-6.6, Dropbear SSH 0.53+ (some functionality from 0.52)[0m
|
||||||
@ -25,6 +25,7 @@
|
|||||||
[0;33m(cve) CVE-2006-4924 -- (CVSSv2: 7.8) cause DoS via crafted packet (CPU consumption)[0m
|
[0;33m(cve) CVE-2006-4924 -- (CVSSv2: 7.8) cause DoS via crafted packet (CPU consumption)[0m
|
||||||
[0;33m(cve) CVE-2006-0225 -- (CVSSv2: 4.6) execute arbitrary code[0m
|
[0;33m(cve) CVE-2006-0225 -- (CVSSv2: 4.6) execute arbitrary code[0m
|
||||||
[0;33m(cve) CVE-2005-2798 -- (CVSSv2: 5.0) leak data about authentication credentials[0m
|
[0;33m(cve) CVE-2005-2798 -- (CVSSv2: 5.0) leak data about authentication credentials[0m
|
||||||
|
[0;31m(sec) SSH v1 enabled -- SSH v1 can be exploited to recover plaintext passwords[0m
|
||||||
|
|
||||||
[0;36m# key exchange algorithms[0m
|
[0;36m# key exchange algorithms[0m
|
||||||
[0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
[0;31m(kex) diffie-hellman-group-exchange-sha1 (1024-bit) -- [fail] using small 1024-bit modulus[0m
|
||||||
|
@ -167,6 +167,6 @@ class TestErrors:
|
|||||||
conf = self._conf()
|
conf = self._conf()
|
||||||
conf.ssh1, conf.ssh2 = True, False
|
conf.ssh1, conf.ssh2 = True, False
|
||||||
lines = self._audit(output_spy, conf)
|
lines = self._audit(output_spy, conf)
|
||||||
assert len(lines) == 3
|
assert len(lines) == 4
|
||||||
assert 'error reading packet' in lines[-1]
|
assert 'error reading packet' in lines[-1]
|
||||||
assert 'major versions differ' in lines[-1]
|
assert 'major versions differ' in lines[-1]
|
||||||
|
@ -138,7 +138,7 @@ class TestSSH1:
|
|||||||
self.audit(out, self._conf())
|
self.audit(out, self._conf())
|
||||||
out.write()
|
out.write()
|
||||||
lines = output_spy.flush()
|
lines = output_spy.flush()
|
||||||
assert len(lines) == 15
|
assert len(lines) == 16
|
||||||
|
|
||||||
def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
|
def test_ssh1_server_invalid_first_packet(self, output_spy, virtual_socket):
|
||||||
vsocket = virtual_socket
|
vsocket = virtual_socket
|
||||||
@ -153,7 +153,7 @@ class TestSSH1:
|
|||||||
out.write()
|
out.write()
|
||||||
assert ret != 0
|
assert ret != 0
|
||||||
lines = output_spy.flush()
|
lines = output_spy.flush()
|
||||||
assert len(lines) == 9
|
assert len(lines) == 10
|
||||||
assert 'unknown message' in lines[-1]
|
assert 'unknown message' in lines[-1]
|
||||||
|
|
||||||
def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):
|
def test_ssh1_server_invalid_checksum(self, output_spy, virtual_socket):
|
||||||
|
Loading…
Reference in New Issue
Block a user