elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-07-04 13:14:45 +02:00
Code Issues Packages Projects Releases Wiki Activity
378 Commits 1 Branch 15 Tags 3.1 MiB
2a87860e84
Commit Graph

249 Commits

Author SHA1 Message Date
Andris Raugulis
fabb4b5bb2 Add static typing and refactor code to pass all mypy checks. 
Move Python compatibility types to first lines of code.
Add Python (text/byte) compatibility helper functions.
Check for SSH banner ASCII validity.
 2016-10-19 20:47:13 +03:00
Andris Raugulis
8ca6ec591d Handle the case when received data is in wrong encoding (not utf-8). 2016-10-18 09:45:03 +03:00
Andris Raugulis
6b76e68d0d Fix wrongly introduced Python 3 incompatibility. Fixes #14 and #15. 
Add static type checks via mypy (optional static type checker),
Add relevant tests, which could trigger the issue.
 2016-10-17 20:31:13 +03:00
Andris Raugulis
c9d58bb827 Switch to new development version. 2016-10-14 09:14:07 +03:00
Andris Raugulis
e60d4ff809 Add kex/pkm payload generation. 2016-10-13 17:53:39 +03:00
Andris Raugulis
93b908f890 Fix error output. 2016-10-13 17:53:01 +03:00
Andris Raugulis
f1e8231b67 Make usage's output independent. 2016-10-10 12:42:01 +03:00
Andris Raugulis
84ac5a30ab Decouple AuditConf from Output. 2016-10-07 19:55:31 +03:00
Andris Raugulis
705bedd608 Do not output empty algorithm. 2016-10-06 16:22:09 +03:00
Andris Raugulis
4b456dd01e Return level name, not level itself (make consistent with setter). 2016-10-06 15:18:39 +03:00
Andris Raugulis
301a27ae27 Wrap utils in single class. 2016-10-06 14:36:30 +03:00
Andris Raugulis
76f49d4016 Output unicode not bytes in Python3. 2016-10-06 03:42:43 +03:00
Andris Raugulis
ec0b4704e9 Move Kex to SSH2. 2016-10-06 02:59:15 +03:00
Andris Raugulis
a193059bc9 Lazy CRC32 initialization. 2016-10-05 14:56:36 +03:00
Andris Raugulis
7959c7448a Fix and update write buffer. Add buffer tests. 2016-10-05 06:06:26 +03:00
Andris Raugulis
262c65b7be Fix version comparison and update tests. 2016-10-05 04:09:50 +03:00
Andris Raugulis
407ddbd7ea Cosmetic whitespace fix. 2016-10-05 03:31:03 +03:00
Andris Raugulis
aee949a717 Fix software representation. Add software tests. 2016-10-05 03:27:43 +03:00
Andris Raugulis
489a24c564 Fix banner protocol (1.99) recognition and clean banner comments. Add banner tests. 2016-10-05 03:25:54 +03:00
Andris Raugulis
5269b63e64 Weigh faults to recommend lesser evil. Colorize recommendations. 2016-10-04 11:14:03 +03:00
Andris Raugulis
5de7b913fd Recognize libssh (software, history, compatibility, security, etc). Closes #8. 2016-10-04 10:27:27 +03:00
Andris Raugulis
0c98bc1397 If software is not recognized, output recommendations based on compatibility. 2016-10-03 00:29:28 +03:00
Andris Raugulis
f25e6caa2a Implement algorithm recommendations sections. 2016-09-28 17:03:38 +03:00
Andris Raugulis
29a0bb86fa Refactor algorithm pair/set reuse. 2016-09-28 17:01:37 +03:00
Andris Raugulis
1fda7b2a3e Support simple software output (without patch). 2016-09-28 16:58:58 +03:00
Andris Raugulis
7d5f74810b Back to development version. 2016-09-20 12:36:14 +03:00
Andris Raugulis
e9b9a457dd Release 1.5.0. 2016-09-20 12:26:14 +03:00
Andris Raugulis
4dcf1c91cd Bump version. 2016-09-17 20:37:48 +03:00
Andris Raugulis
3421c8e294 Output fingerprint (defaults to SHA256 format). 2016-09-17 20:37:03 +03:00
Andris Raugulis
684ea315ec Shorten variables. 2016-09-17 20:24:53 +03:00
Andris Raugulis
a70b93862a Output SSH1 host-key algorithm. 2016-09-17 20:21:18 +03:00
Andris Raugulis
b16ef4d040 Add fingerprint support. 2016-09-17 20:15:47 +03:00
Andris Raugulis
5bc31ea70c Implement SSH1 support (cipher, auth, compatibility, texts, etc) #6. 2016-09-17 20:15:21 +03:00
Andris Raugulis
fce491767c Signed mpint. 2016-09-17 19:23:24 +03:00
Andris Raugulis
ddc5ea22f5 Refactor algorithm functions. 2016-09-17 05:38:11 +03:00
Andris Raugulis
adba0ea08a Refactor timeframe and compatibility functions. 2016-09-17 00:58:06 +03:00
Andris Raugulis
11ee9ecd05 Fix output compatibility for ssh client. 2016-09-17 00:35:33 +03:00
Andris Raugulis
a861fe0c8a Since text could be empty or client-only. 2016-09-17 00:30:04 +03:00
Andris Raugulis
f6a6fb98bc Recognize Allegro Software RomSShell. 2016-09-16 16:09:49 +03:00
Andris Raugulis
cb19718568 Add SSH1 and SSH2 forcing options. By default, both are allowed. 2016-09-16 14:55:27 +03:00
Andris Raugulis
9030e71892 Initial SSH1 support (packet reading, SMSG_PUBLIC_KEY, CRC32, etc) #6. 2016-09-15 18:00:09 +03:00
Andris Raugulis
d6980242ba Pyython 2.6 compatible bit length. 2016-09-15 15:55:27 +03:00
Andris Raugulis
285d7280eb Implement mpint1 read/write. Optimize mpint writing. Test mpint1. 2016-09-15 06:09:08 +03:00
Andris Raugulis
089d7d597c Implement mpint2 read/write and tests. Refactor (Read|Write)Buf. 2016-09-14 16:33:38 +03:00
Andris Raugulis
bfa9e6f936 Do not hang when remote host closes connection fast. Fix security output. 2016-09-13 13:17:41 +03:00
Andris Raugulis
e3559a76b8 Differentiate between server and client security issues. Ignore client-side. 2016-09-13 13:01:38 +03:00
Andris Raugulis
4479db966a Implement OpenSSH version comparison. 2016-09-13 12:38:05 +03:00
Andris Raugulis
3aaad8b734 Implement specific Dropbear SSH version comparison (e.g., 0.44 vs 0.44test3). 2016-09-12 19:21:57 +03:00
Andris Raugulis
e8fd70a541 Fix Software __repr__. 2016-09-09 17:43:25 +03:00
Andris Raugulis
b11018bd7d Add other security information. Add remote root exploit for Dropbear SSH. 2016-09-08 20:04:48 +03:00
Andris Raugulis
864b5dae85 Bump version. 2016-09-08 19:01:17 +03:00
Andris Raugulis
bdee87c7d3 Do not use padding, when outputting in batch mode. 2016-09-08 19:00:35 +03:00
Andris Raugulis
2747907784 Consistent output for compression. 2016-09-08 18:52:38 +03:00
Andris Raugulis
243e4db74f Create security section. Add CVE for Dropbear SSH. 2016-09-08 18:50:19 +03:00
Andris Raugulis
13d945d8df Fix: Do not hang, while reading banner. 2016-09-08 15:01:57 +03:00
Andris Raugulis
dbcc0f2c4f Do not repeat strings, use constants. Also, encapsulate MSG constants. 2016-09-08 14:55:58 +03:00
Andris Raugulis
3f6a8eb7ba Specify order for compatibility output. 2016-09-08 14:10:39 +03:00
Andris Raugulis
b8effe1462 Better output for OpenSSH patch-level. 2016-09-08 14:06:36 +03:00
Andris Raugulis
6d402819cb Recognize some Windows SSHd servers. 2016-09-07 19:40:30 +03:00
Andris Raugulis
ac64f87327 Extract software (Dropbear, OpenSSH, HP iLO, Cisco) and OS (NetBSD, FreeBSD) from banner. 2016-09-07 19:26:33 +03:00
Andris Raugulis
d07d5078cb Do not capture unnecessary regex groups. 2016-09-07 19:22:47 +03:00
Andris Raugulis
c68211b8e7 Wait for server banner, before sending client banner (fixes Cisco sshd). 2016-09-07 14:32:40 +03:00
Andris Raugulis
280a37ba20 Protocol is numbers. 2016-09-07 13:00:53 +03:00
Andris Raugulis
2ae93b1934 Reduce multiple protocol prefixed banner. 2016-09-07 12:58:03 +03:00
Andris Raugulis
673b88b2b1 Select the least protocol if banner has double protocol. 2016-09-07 12:22:51 +03:00
Andris Raugulis
19ee986e3d Extract banner and recognize other SSH1 banners (e.g, 1.3-1.5). 2016-09-06 18:55:17 +03:00
Andris Raugulis
f7cd4fd954 Better packet parsing error output (e.g., protocol mismatch). 2016-09-06 15:25:29 +03:00
Andris Raugulis
72b0c2e216 Document new arguments. 2016-09-02 18:08:15 +03:00
Andris Raugulis
0a5d66fcde Refactor KexDB. 2016-09-02 17:56:47 +03:00
Andris Raugulis
fba6397721 Multiple style fixes (protector, veryhigh). 2016-09-02 17:22:00 +03:00
Andris Raugulis
c759e53779 Batch implies Verbose. 2016-09-02 16:32:32 +03:00
Andris Raugulis
34ae7d9bec Fix typos. 2016-09-02 16:31:16 +03:00
Andris Raugulis
5189c341f3 Implement new features: minimum output level and batch output. 2016-09-02 16:25:57 +03:00
Andris Raugulis
ef8d727356 Fix compatibility with Python 2.6. Fixes #3. 2016-08-30 15:09:59 +03:00
Andris Raugulis
eb7cb4a36a Release v1.0.20160812. 2016-08-12 16:29:51 +03:00
Andris Raugulis
d4d8c6a659 Parse pre-banner header. Handle sock read/write errors. 2016-08-12 16:20:32 +03:00
Andris Raugulis
07ca434061 Fix Dropbear SSH version typo. 2016-08-12 04:40:13 +03:00
Andris Raugulis
744aec76fb Finish implementing compatibility feature. 
Fix wrong algorithm warning.
Stop on empty packet.
 2016-08-12 04:28:46 +03:00
Andris Raugulis
6df21a9891 Implement compatibility checker (based on returned algorithms). 2016-08-11 19:40:10 +03:00
Andris Raugulis
4ba3485664 More output refactor. 2016-08-11 18:47:27 +03:00
Andris Raugulis
96da1af9ef Refactor result output. 2016-08-11 18:45:14 +03:00
Andris Raugulis
2c84824378 Update version number. 2016-08-03 17:35:35 +03:00
Andris Raugulis
f82c9825d9 Add new key-exchange algorithms. 
Use OpenSSH 7.3 banner.
 2016-08-03 17:32:46 +03:00
Andris Raugulis
5af8859d6b Add initial code for Diffie-Hellman key exchange. 2016-04-01 18:37:20 +03:00
Andris Raugulis
926b78889e Add write buffer, implement ssh packet sending. Use shared block size. 2016-04-01 18:30:54 +03:00
Andris Raugulis
b8201f2550 Add re-entrant banner retrieval method. 2016-04-01 18:19:18 +03:00
Andris Raugulis
06992d7da6 Refactor ssh connection within class for future improvements. 2016-04-01 17:56:06 +03:00
Andris Raugulis
d834074378 Use OpenSSH 7.2 banner. 
Add OpenSSH 7.2 warning messages.
Fix OpenSSH 7.0 failure messages.
Add forgotten failure on rijndael-cbc.
Bump version.
 2016-03-07 12:58:13 +02:00
Andris Raugulis
6f70e328b2 Add warnings for encryption and MAC. 
Add none cipher and MAC.
 2016-01-05 18:02:05 +02:00
Andris Raugulis
ca9baf80b8 Fail on unsafe elliptic curves. 2016-01-05 17:01:04 +02:00
Andris Raugulis
e8fd13e2d8 Add warnings for Kex and Ciphers. 2016-01-05 16:58:42 +02:00
Andris Raugulis
9d4625d9a0 Version bump. 2016-01-05 14:12:03 +02:00
Andris Raugulis
122588cb00 Better compression handling. 2016-01-05 14:10:48 +02:00
Andris Raugulis
c485ffb01e Ensure reading enough data. 2016-01-05 14:10:02 +02:00
Andris Raugulis
716b6acaaa Version bump. 2015-12-30 13:09:42 +02:00
Andris Raugulis
92e6aabcc8 Add Dropbear SSH historical information. 2015-12-30 13:07:50 +02:00
Andris Raugulis
f15f7dac23 Add support for dropbear sshd: 
- send client banner first
- use data read in first chunk (buffer data)
 2015-12-29 17:28:08 +02:00
Andris Raugulis
8ac2750cca Remove unused variable. 2015-12-23 06:02:20 +02:00
Andris Raugulis
3fccc44bc7 Import source. 2015-12-23 05:01:24 +02:00