Joe Testa
38f9c21760
The color of all notes will be printed in green when the related algorithm is rated good.
2023-09-03 19:14:25 -04:00
Joe Testa
4e6169d0cb
Added built-in policy for OpenSSH 9.4.
2023-09-03 18:12:16 -04:00
Joe Testa
199e75f6cd
Refined GEX testing against OpenSSH servers: when the fallback mechanism is suspected of being triggered, perform an additional test to obtain more accurate results.
2023-09-03 16:13:00 -04:00
Joe Testa
3f2fdbaa3d
Fixed crash during GEX tests.
2023-07-11 11:08:42 -04:00
thecliguy
83f9e48271
Recommendation output now respects level ( #196 )
2023-06-20 16:09:37 -04:00
Dani Cuesta
a74c3abdde
Removed sys.exit from _resolve in ssh_socket.py ( #187 )
...
Changed (and documented) _resolve so the application does not quit when a hostname cannot be resolved.
Adapted connect function to expect incoming exceptions from _resolve
This fixes issue #186
2023-06-20 09:21:06 -04:00
Joe Testa
e99cb0b579
Now prints the reason why socket listening operations fail.
2023-06-20 08:43:11 -04:00
Joe Testa
639f11a5e5
Results from concurrent scans against multiple hosts are no longer improperly combined ( #190 ).
2023-06-19 14:13:32 -04:00
Joe Testa
521a50a796
Added 'curve448-sha512@libssh.org' kex. ( #195 )
2023-06-19 10:35:13 -04:00
Joe Testa
2d5a97841f
Bumped version to 3.0.0-dev.
2023-04-29 14:46:07 -04:00
Joe Testa
3c1451cfdc
Bumped version to v2.9.0.
2023-04-29 12:33:26 -04:00
Joe Testa
929652c9b7
Simplified host key test logic.
2023-04-29 11:59:50 -04:00
thecliguy
e172932977
RSA key size comments duplicated for all RSA sig algs ( #182 )
...
* RSA key size comments duplicated for all RSA sig algs
* Save results on completion of testing a hostkey
* Revised list names because they operates against all keys now not just rsa.
* ensure all required fields added for non-rsa keys
* Correction to the saving of comments against non-rsa keys
2023-04-29 11:39:29 -04:00
Joe Testa
c33e7d9b72
Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2, and 9.3.
2023-04-27 21:40:47 -04:00
Joe Testa
0074fcc1af
Rolled back Windows multithreading crash fix, as upgrading from Python v3.9 to v3.11 may have fixed the root cause. ( #152 )
2023-04-26 21:55:40 -04:00
Joe Testa
7f8d6b4d5b
Fixed built-in policy formatting and filled in missing host key size information.
2023-04-26 15:47:58 -04:00
Joe Testa
05f159a152
Fixed Windows-specific crash when multiple threads are used ( #152 ).
2023-04-25 10:18:45 -04:00
Joe Testa
263267c5ad
Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) ( #120 ).
2023-04-25 09:17:32 -04:00
Joe Testa
4f31304b66
Alphabetized algorithm database.
2023-03-28 12:09:25 -04:00
Joe Testa
dc083de87e
Added recommendations and CVE information to JSON output ( #122 ).
2023-03-24 18:48:36 -04:00
Joe Testa
7d5eb37a0f
Updated colorama initialization.
2023-03-24 16:43:38 -04:00
Joe Testa
cc9e4fbc4a
Generic failure/warning messages replaced with more specific reasons. SHA-1 algorithms now cause failures. CBC mode ciphers are now warnings instead of failures.
2023-03-23 21:36:02 -04:00
Joe Testa
992aa1b961
Added support for kex GSS wildcards ( #143 ).
2023-03-21 22:17:23 -04:00
thecliguy
e2a9896397
Deprecation of ssh-rsa signature algorithm in OpenSSH 8.8 ( #171 )
2023-03-21 14:52:23 -04:00
Joe Testa
71feaa191e
Add note regarding OpenSSH's 2048-bit GEX fallback, and suppress the related recommendation since the user cannot control it (partly related to #168 ).
2023-03-21 11:44:45 -04:00
thecliguy
e4d864c6c1
usage now respects no color ( #162 )
...
* usage now respects no color
* Removed superfluous parens after 'not'
2023-02-06 18:20:34 -05:00
Joe Testa
c9dc9a9c10
Now issues a warning when 2048-bit moduli are encountered.
2023-02-06 16:27:30 -05:00
Joe Testa
f9e00b6f2d
Renamed WARN_CURVES_WEAK to FAIL_CURVES_WEAK.
2023-02-03 17:22:10 -05:00
Joe Testa
433c7e779d
Added 2 new ciphers: 'rijndael-cbc@ssh.com', 'cast128-12-cbc@ssh.com'. Added 21 new host key types: .
2023-02-02 18:57:53 -05:00
Joe Testa
984ea1eee3
Added the following 9 new host key types: 'dsa2048-sha224@libassh.org', 'dsa2048-sha256@libassh.org', 'dsa3072-sha256@libassh.org', 'ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com', 'eddsa-e382-shake256@libassh.org', 'eddsa-e521-shake256@libassh.org', 'null', 'pgp-sign-dss', 'pgp-sign-rsa'. Added the following 22 new key exchange algorithms: 'diffie-hellman-group-exchange-sha224@ssh.com', 'diffie-hellman-group-exchange-sha384@ssh.com', 'diffie-hellman-group14-sha224@ssh.com', 'diffie-hellman_group17-sha512', 'ecmqv-sha2', 'gss-13.3.132.0.10-sha256-*', 'gss-curve25519-sha256-*', 'gss-curve448-sha512-*', 'gss-gex-sha1-*', 'gss-gex-sha256-*', 'gss-group1-sha1-*', 'gss-group14-sha1-*', 'gss-group14-sha256-*', 'gss-group15-sha512-*', 'gss-group16-sha512-*', 'gss-group17-sha512-*', 'gss-group18-sha512-*', 'gss-nistp256-sha256-*', 'gss-nistp384-sha256-*', 'gss-nistp521-sha512-*', 'm383-sha384@libassh.org', 'm511-sha512@libassh.org'. Added the following 26 new ciphers: '3des-cfb', '3des-ecb', '3des-ofb', 'blowfish-cfb', 'blowfish-ecb', 'blowfish-ofb', 'camellia128-cbc@openssh.org', 'camellia128-ctr@openssh.org', 'camellia192-cbc@openssh.org', 'camellia192-ctr@openssh.org', 'camellia256-cbc@openssh.org', 'camellia256-ctr@openssh.org', 'cast128-cfb', 'cast128-ecb', 'cast128-ofb', 'idea-cfb', 'idea-ecb', 'idea-ofb', 'seed-ctr@ssh.com', 'serpent128-gcm@libassh.org', 'serpent256-gcm@libassh.org', 'twofish-cfb', 'twofish-ecb', 'twofish-ofb', 'twofish128-gcm@libassh.org', 'twofish256-gcm@libassh.org'. Added the following 4 new HMAC algorithms: 'hmac-sha224@ssh.com', 'hmac-sha256-2@ssh.com', 'hmac-sha384@ssh.com', 'hmac-whirlpool'.
2023-02-02 18:30:40 -05:00
Joe Testa
0b905a7fdd
Added Ubuntu Client 22.04 hardening policy.
2023-02-01 19:29:54 -05:00
Joe Testa
32ff04c2cc
Added Tox testing for Python 3.11. Fixed flake8 & pylint errors.
2023-02-01 17:56:54 -05:00
thecliguy
e50ac5c84d
Gex test usage text ( #158 )
...
* Reformatted Usage Text for --gex-test in README.md
* Reformatted Usage Text for --gex-test in ssh_audit.py
Reformatted to adhere to a max line length of 80 characters.
2022-10-27 10:11:05 -04:00
Manfred Kaiser
29496b43d5
updated vulnerability database ( #157 )
...
* updated vulnerability database
* added info for CVE-2021-36367
2022-10-27 10:10:17 -04:00
Joe Testa
3300c60aaa
Added 'ssh-xmss@openssh.com' and 'ssh-xmss-cert-v01@openssh.com' experimental host keys ( #146 ).
2022-10-14 23:21:09 -04:00
Joe Testa
78a9475a32
Added hmac-sha1-96@openssh.com MAC. ( #148 )
2022-10-14 22:56:02 -04:00
Joe Testa
d429b543d0
Added support for host key 'webauthn-sk-ecdsa-sha2-nistp256@openssh.com' ( #149 ).
2022-10-10 20:51:37 -04:00
Joe Testa
b9520cbc25
Fixed pylint & flake8 warnings and errors.
2022-10-10 20:40:29 -04:00
Joe Testa
0b8ecf2fb5
Added Ubuntu Server 22.04 LTS hardening policy.
2022-10-10 20:34:28 -04:00
Joe Testa
113d1de443
Removed experimental warning tag from sntrup761x25519-sha512@openssh.com.
2022-04-10 12:16:25 -04:00
Joe Testa
11905ed44a
Fixed pylint errors, consolidated error checking for granular GEX tests, renamed functions for better readability.
2022-03-24 10:53:47 -04:00
Adam Russell
19f192d21f
Corrected accidental text update and a minor typo.
2022-03-24 10:53:47 -04:00
Adam Russell
5ac0ffa8f1
DH GEX Modulus Size Testing
2022-03-24 10:53:47 -04:00
Joe Testa
0a6ac5de54
Updated CVE vulnerability flag.
2022-02-21 21:51:35 -05:00
Alexandre ZANNI
1bdf7029b4
add a bunch of openssh CVEs ( #126 )
2022-02-21 21:41:44 -05:00
Joe Testa
5fbcb1b90f
Added 24 new key exchanges: 'ecdh-sha2-1.3.132.0.1', 'ecdh-sha2-1.2.840.10045.3.1.1', 'ecdh-sha2-1.3.132.0.33', 'ecdh-sha2-1.3.132.0.26', 'ecdh-sha2-1.3.132.0.27', 'ecdh-sha2-1.2.840.10045.3.1.7', 'ecdh-sha2-1.3.132.0.16', 'ecdh-sha2-1.3.132.0.34', 'ecdh-sha2-1.3.132.0.36', 'ecdh-sha2-1.3.132.0.37', 'ecdh-sha2-1.3.132.0.35', 'ecdh-sha2-1.3.132.0.38', 'ecdh-sha2-4MHB+NBt3AlaSRQ7MnB4cg==', 'ecdh-sha2-5pPrSUQtIaTjUSt5VZNBjg==', 'ecdh-sha2-VqBg4QRPjxx1EXZdV0GdWQ==', 'ecdh-sha2-zD/b3hu/71952ArpUG4OjQ==', 'ecdh-sha2-qCbG5Cn/jjsZ7nBeR7EnOA==', 'ecdh-sha2-9UzNcgwTlEnSCECZa7V1mw==', 'ecdh-sha2-wiRIU8TKjMZ418sMqlqtvQ==', 'ecdh-sha2-qcFQaMAMGhTziMT0z+Tuzw==', 'ecdh-sha2-m/FtSAmrV4j/Wy6RVUaK7A==', 'ecdh-sha2-D3FefCjYoJ/kfXgAyLddYA==', 'ecdh-sha2-h/SsxnLCtRBh7I9ATyeB3A==', 'ecdh-sha2-mNVwCXAoS1HGmHpLvBC94w=='.
2021-10-20 22:25:20 -04:00
Joe Testa
4ace52a190
Now prints a more user-friendly error message when installed as a Snap package and permission errors are encountered. Updated the Snap build process as well.
2021-10-14 23:56:03 -04:00
tomatohater1337
1f0b3acff2
Complete "target" in the JSON output with the port ( #123 )
...
* Complete "target" in JSON output with the port
The JSON output was not showing the port of the target which was scanned. This could be problematic when scanning a host with more than one ssh service running.
* Docker tests completet with the port of the scan target in the JSON output
2021-10-13 23:44:55 -04:00
Joe Testa
9f87acfc74
Bumped version to v2.6.0-dev.
2021-08-27 11:25:27 -04:00
a1346054
597b500eba
Minor cleanups ( #116 )
...
* docker_test.sh: fix shellcheck warnings
* docker_test.sh: unify style
No changes in functionality.
* docker_test.sh: whitespace fixes
* stop mixing tabs and spaces
* remove trailing whitespace
* invoke bash using /usr/bin/env
* build_windows_executable.sh: fix variable assignment
* update_windows_man_page.sh: unify style
No changes in functionality.
* whitespace fixes
* stop mixing tabs and spaces
* remove trailing whitespace
* fix spelling
* remove trailing whitespace
2021-08-27 11:19:18 -04:00