Joe Testa
ca4ebc56f9
Docker images are now pulled from Dockerhub by default.
2020-10-01 19:42:48 -04:00
Joe Testa
2a87860e84
Added 1 new cipher: des-cbc@ssh.com. Bumped version.
2020-09-29 15:03:41 -04:00
Joe Testa
6067da6793
Updated packaging notes and snap build process.
2020-09-29 10:24:36 -04:00
Joe Testa
c8a1db33c8
Fixed pylint warnings regarding bad indendation.
2020-09-28 13:56:39 -04:00
Joe Testa
32684ddc84
Removed reference to deleted dev branch.
2020-09-28 13:51:18 -04:00
Joe Testa
da4f114b9c
Updated Windows build instructions.
2020-09-27 19:32:23 -04:00
Joe Testa
dc0a959402
Use brighter colors on Windows for better readability. Disable unicode characters on Windows since the default terminal does not display them properly.
2020-09-27 19:29:29 -04:00
Joe Testa
eb1588ddc7
Added release date for v2.3.0. Added link for policy tutorial.
2020-09-27 17:12:10 -04:00
Joe Testa
b7d698d743
Added policy for hardened OpenSSH v8.4.
2020-09-27 17:04:43 -04:00
Joe Testa
b0c00749a6
Improved formatting of usage examples. Added link to web front-end.
2020-09-27 13:24:37 -04:00
Joe Testa
6e3e8bac74
Added policy audit examples and additional usage examples.
2020-09-27 13:13:38 -04:00
Joe Testa
632adc076a
Policy check output now prints port number, if applicable.
2020-09-27 11:48:15 -04:00
Joe Testa
13b065b316
Added CONTRIBUTING.md ( #54 ).
2020-09-26 22:06:49 -04:00
Joe Testa
a7581e07dc
Added explicit statement regarding fork ( #58 ).
2020-09-26 20:14:29 -04:00
Joe Testa
4cae6aff43
Added 6 new host key types: 'spi-sign-rsa', 'ssh-ed448', 'x509v3-ecdsa-sha2-nistp256', 'x509v3-ecdsa-sha2-nistp384', 'x509v3-ecdsa-sha2-nistp521', 'x509v3-rsa2048-sha256'. Added 5 new key exchanges: 'gss-group14-sha256-', 'gss-group15-sha512-', 'gss-group16-sha512-', 'gss-nistp256-sha256-', 'gss-curve25519-sha256-'.
2020-09-26 19:32:19 -04:00
Joe Testa
3e20f7c622
Fixed optional host key values.
2020-08-12 15:26:18 -04:00
Joe Testa
1123ac718c
Send peer a list of supported algorithms after the banner exchange. Fixes not only the weird case of an ssh-audit client hanging against an ssh-audit server, but perhaps some real-world hangs as well.
2020-08-11 20:11:42 -04:00
Joe Testa
6d84cfdc31
Updated program return values for various connection error instances and unknown errors.
2020-08-11 19:45:59 -04:00
Joe Testa
c7ad1828d8
Fixed return value processing and mypy warning in algorithm_lookup(). Updated help listing, man page, and README.
2020-08-11 19:28:53 -04:00
thecliguy
86cb453928
Algorithm lookup ( #53 )
...
* Adding ssh-audit.py to algorithm_lookup_branch
* Removed the use of an error handler from algorithm_lookup and implemented suggestions made by jugmac00 and jtesta
2020-08-11 19:02:35 -04:00
Joe Testa
0c00b37328
Added .deepsource.toml for DeepSource integration.
2020-07-30 12:08:18 -04:00
Joe Testa
936acfa37d
Added more structure to JSON result when policy errors are found.
2020-07-29 12:36:08 -04:00
Joe Testa
b5d7f73125
When an unexpected exit code is returned, print more debugging info.
2020-07-29 12:31:24 -04:00
Joe Testa
6a7bed06d7
Added two new key exchanges: 'kexAlgoCurve25519SHA256' and 'Curve25519SHA256'.
2020-07-28 21:17:29 -04:00
Joe Testa
41e69dd6f2
Alphabetized options in usage message and README.
2020-07-16 12:07:02 -04:00
Joe Testa
25faeb4c59
Added new man page.
2020-07-16 11:48:35 -04:00
Joe Testa
8051078524
When a list of targets is provided (-T), skip empty lines.
2020-07-16 10:19:36 -04:00
Joe Testa
cf815a6652
Added hardened OpenSSH policies.
2020-07-15 14:35:18 -04:00
Joe Testa
2d4eb7da28
Renamed policies to include 'Hardened' in title.
2020-07-15 14:33:10 -04:00
Joe Testa
68a420ff00
Added policy support for optional host key types, like certificates and smart card-based types.
2020-07-15 14:32:14 -04:00
Joe Testa
17f5eb0b38
Added -L option to list built-in policies.
2020-07-14 19:38:10 -04:00
Joe Testa
b95969bbc0
Policy output now more clearly prints the policy version.
2020-07-14 17:38:15 -04:00
Joe Testa
00ce44e728
Added Ubuntu client policies.
2020-07-14 17:18:35 -04:00
Joe Testa
8fb07edafd
Added 'client policy' field in policy files to distinguish server from client policies.
2020-07-14 17:14:47 -04:00
Joe Testa
b27d768c79
Print client IP in output when doing policy audits.
2020-07-14 14:01:08 -04:00
Joe Testa
cb54c2bf33
Moved Windows build instructions to packages directory.
2020-07-14 11:03:35 -04:00
Joe Testa
85f14720cb
Added 3 new host keys: ssh-gost2001, ssh-gost2012-256, and ssh-gost2012-512.
2020-07-14 10:43:18 -04:00
Jürgen Gmach
1410894f45
Update description for targets
argument ( #48 )
...
`targets` takes a file containing a list of target hosts, one on each
line.
Added required format, ie HOST:PORT.
modified: ssh-audit.py
2020-07-14 10:35:54 -04:00
Joe Testa
381ba1a660
Now supports a list of targets with -T ( #11 ).
2020-07-13 18:39:05 -04:00
Joe Testa
8e3f3c6044
Updated PyPI notes.
2020-07-11 12:42:11 -04:00
Joe Testa
f80e3f22ce
Now returns -1 when an uncaught exception is found.
2020-07-07 16:31:44 -04:00
Joe Testa
49bd2c96a8
Added return values for standard scans.
2020-07-07 15:56:37 -04:00
Joe Testa
103b8fb934
Added official policies for hardened Ubuntu 16.04, 18.04, and 20.04.
2020-07-06 16:16:52 -04:00
Joe Testa
1faa24ad86
Do not accidentally overwrite policies when creating new policy with -M.
2020-07-06 16:15:26 -04:00
Joe Testa
adc1007d7d
Mark 'gss-group1-sha1-' kex as failure due to 1024-bit modulus.
2020-07-04 09:41:46 -04:00
Jürgen Gmach
8a406dd9d2
Simplify mypy
config ( #45 )
...
Instead of specifying stricter checks one by one, just run `mypy` in
`strict` mode.
modified: tox.ini
2020-07-04 09:39:43 -04:00
Joe Testa
d717f86238
Added check for use-after-free vulnerability in PuTTY v0.73.
2020-07-03 15:07:34 -04:00
Jürgen Gmach
bf1fbbfa43
Fix RuntimeError for the JSON export ( #44 )
...
* Fix RuntimeError for the JSON export
It is never a good idea to modify an iterable while iterating over it.
Copying the iterable fixes #41
modified: ssh-audit.py
* Add test case for #41
new file: test/test_build_struct.py
* Fix linting error
modified: test/test_build_struct.py
2020-07-03 14:56:46 -04:00
Joe Testa
282770e698
Added 'ssh-dss-sha256@ssh.com' host key type, 'crypticore128@ssh.com' and 'seed-cbc@ssh.com' ciphers, and 'crypticore-mac@ssh.com' MAC.
2020-07-01 14:32:55 -04:00
Joe Testa
01ec6b0b37
Removed header processing from policy checks, as this did not function the way users would expect.
2020-07-01 13:12:49 -04:00