Commit Graph

601 Commits

Author SHA1 Message Date
Joe Testa
83e90729e2 Updated README. 2023-06-20 16:12:30 -04:00
thecliguy
83f9e48271
Recommendation output now respects level (#196) 2023-06-20 16:09:37 -04:00
Joe Testa
e2fc60cbb4 Updated README and test for resolve function. 2023-06-20 09:26:43 -04:00
Dani Cuesta
a74c3abdde
Removed sys.exit from _resolve in ssh_socket.py (#187)
Changed (and documented) _resolve so the application does not quit when a hostname cannot be resolved.

Adapted connect function to expect incoming exceptions from _resolve

This fixes issue #186
2023-06-20 09:21:06 -04:00
Joe Testa
e99cb0b579 Now prints the reason why socket listening operations fail. 2023-06-20 08:43:11 -04:00
Joe Testa
639f11a5e5 Results from concurrent scans against multiple hosts are no longer improperly combined (#190). 2023-06-19 14:13:32 -04:00
Joe Testa
521a50a796 Added 'curve448-sha512@libssh.org' kex. (#195) 2023-06-19 10:35:13 -04:00
Joe Testa
2d5a97841f Bumped version to 3.0.0-dev. 2023-04-29 14:46:07 -04:00
Joe Testa
54b8c7da02 Updated PyPI and Snap build processes. 2023-04-29 14:42:54 -04:00
Joe Testa
3ba28b01e9 Added release date of v2.9.0. 2023-04-29 12:39:04 -04:00
Joe Testa
3c1451cfdc Bumped version to v2.9.0. 2023-04-29 12:33:26 -04:00
Joe Testa
929652c9b7 Simplified host key test logic. 2023-04-29 11:59:50 -04:00
thecliguy
e172932977
RSA key size comments duplicated for all RSA sig algs (#182)
* RSA key size comments duplicated for all RSA sig algs

* Save results on completion of testing a hostkey

* Revised list names because they operates against all keys now not just rsa.

* ensure all required fields added for non-rsa keys

* Correction to the saving of comments against non-rsa keys
2023-04-29 11:39:29 -04:00
Joe Testa
c33e7d9b72 Added built-in policies for OpenSSH 8.8, 8.9, 9.0, 9.1, 9.2, and 9.3. 2023-04-27 21:40:47 -04:00
Joe Testa
0074fcc1af Rolled back Windows multithreading crash fix, as upgrading from Python v3.9 to v3.11 may have fixed the root cause. (#152) 2023-04-26 21:55:40 -04:00
Joe Testa
1eab4ab0e6 Updated README. 2023-04-26 15:49:45 -04:00
Joe Testa
7f8d6b4d5b Fixed built-in policy formatting and filled in missing host key size information. 2023-04-26 15:47:58 -04:00
Joe Testa
4c098b7d12 Windows build script now automatically installs/updates package dependencies. 2023-04-25 20:14:49 -04:00
Joe Testa
0bfb5d6979 Updated snap base image. Now installing snapcraft tool from snap instead of apt. 2023-04-25 11:54:12 -04:00
Joe Testa
a5f5e0dab2 Updated changelog. 2023-04-25 10:25:06 -04:00
Joe Testa
05f159a152 Fixed Windows-specific crash when multiple threads are used (#152). 2023-04-25 10:18:45 -04:00
Joe Testa
263267c5ad Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) (#120). 2023-04-25 09:17:32 -04:00
Joe Testa
4f31304b66 Alphabetized algorithm database. 2023-03-28 12:09:25 -04:00
Joe Testa
6f05a2c6b5 Updated README. 2023-03-25 14:15:53 -04:00
Joe Testa
784d412148 Added Repology table. 2023-03-24 19:22:45 -04:00
Joe Testa
dc083de87e Added recommendations and CVE information to JSON output (#122). 2023-03-24 18:48:36 -04:00
Joe Testa
7d5eb37a0f Updated colorama initialization. 2023-03-24 16:43:38 -04:00
Joe Testa
5c1c447755 Updated testing descriptions. 2023-03-24 14:12:03 -04:00
Joe Testa
cbb7d43006 Updated base image. Removed all suid & sgid bits from image. Drop root privileges by default. 2023-03-23 23:43:52 -04:00
Joe Testa
cc9e4fbc4a Generic failure/warning messages replaced with more specific reasons. SHA-1 algorithms now cause failures. CBC mode ciphers are now warnings instead of failures. 2023-03-23 21:36:02 -04:00
Joe Testa
992aa1b961 Added support for kex GSS wildcards (#143). 2023-03-21 22:17:23 -04:00
Joe Testa
413dea60ae Fixed docker tests affected by previous commit. 2023-03-21 14:58:00 -04:00
thecliguy
e2a9896397
Deprecation of ssh-rsa signature algorithm in OpenSSH 8.8 (#171) 2023-03-21 14:52:23 -04:00
Joe Testa
71feaa191e Add note regarding OpenSSH's 2048-bit GEX fallback, and suppress the related recommendation since the user cannot control it (partly related to #168). 2023-03-21 11:44:45 -04:00
Joe Testa
c02ab8f170 Added --accept option to automatically update failed tests. 2023-03-21 11:28:52 -04:00
Joe Testa
cdaee69642 Improved debugging output. 2023-03-21 10:48:58 -04:00
Joe Testa
7bbf4cdff0 Fix tox tests. 2023-02-06 18:24:03 -05:00
thecliguy
e4d864c6c1
usage now respects no color (#162)
* usage now respects no color

* Removed superfluous parens after 'not'
2023-02-06 18:20:34 -05:00
Joe Testa
1663e5bdcf Fixed setuptools config file. 2023-02-06 16:57:24 -05:00
Joe Testa
5ecad8fac9 Bumped copyright year. 2023-02-06 16:49:25 -05:00
Joe Testa
38ff225ed8 Updated supported Python versions. 2023-02-06 16:48:53 -05:00
Joe Testa
c9dc9a9c10 Now issues a warning when 2048-bit moduli are encountered. 2023-02-06 16:27:30 -05:00
Joe Testa
f9e00b6f2d Renamed WARN_CURVES_WEAK to FAIL_CURVES_WEAK. 2023-02-03 17:22:10 -05:00
Joe Testa
433c7e779d Added 2 new ciphers: 'rijndael-cbc@ssh.com', 'cast128-12-cbc@ssh.com'. Added 21 new host key types: . 2023-02-02 18:57:53 -05:00
Joe Testa
984ea1eee3 Added the following 9 new host key types: 'dsa2048-sha224@libassh.org', 'dsa2048-sha256@libassh.org', 'dsa3072-sha256@libassh.org', 'ecdsa-sha2-1.3.132.0.10-cert-v01@openssh.com', 'eddsa-e382-shake256@libassh.org', 'eddsa-e521-shake256@libassh.org', 'null', 'pgp-sign-dss', 'pgp-sign-rsa'. Added the following 22 new key exchange algorithms: 'diffie-hellman-group-exchange-sha224@ssh.com', 'diffie-hellman-group-exchange-sha384@ssh.com', 'diffie-hellman-group14-sha224@ssh.com', 'diffie-hellman_group17-sha512', 'ecmqv-sha2', 'gss-13.3.132.0.10-sha256-*', 'gss-curve25519-sha256-*', 'gss-curve448-sha512-*', 'gss-gex-sha1-*', 'gss-gex-sha256-*', 'gss-group1-sha1-*', 'gss-group14-sha1-*', 'gss-group14-sha256-*', 'gss-group15-sha512-*', 'gss-group16-sha512-*', 'gss-group17-sha512-*', 'gss-group18-sha512-*', 'gss-nistp256-sha256-*', 'gss-nistp384-sha256-*', 'gss-nistp521-sha512-*', 'm383-sha384@libassh.org', 'm511-sha512@libassh.org'. Added the following 26 new ciphers: '3des-cfb', '3des-ecb', '3des-ofb', 'blowfish-cfb', 'blowfish-ecb', 'blowfish-ofb', 'camellia128-cbc@openssh.org', 'camellia128-ctr@openssh.org', 'camellia192-cbc@openssh.org', 'camellia192-ctr@openssh.org', 'camellia256-cbc@openssh.org', 'camellia256-ctr@openssh.org', 'cast128-cfb', 'cast128-ecb', 'cast128-ofb', 'idea-cfb', 'idea-ecb', 'idea-ofb', 'seed-ctr@ssh.com', 'serpent128-gcm@libassh.org', 'serpent256-gcm@libassh.org', 'twofish-cfb', 'twofish-ecb', 'twofish-ofb', 'twofish128-gcm@libassh.org', 'twofish256-gcm@libassh.org'. Added the following 4 new HMAC algorithms: 'hmac-sha224@ssh.com', 'hmac-sha256-2@ssh.com', 'hmac-sha384@ssh.com', 'hmac-whirlpool'. 2023-02-02 18:30:40 -05:00
Joe Testa
0b905a7fdd Added Ubuntu Client 22.04 hardening policy. 2023-02-01 19:29:54 -05:00
Joe Testa
6e9283e643 Removed unused CI configs. 2023-02-01 18:00:41 -05:00
Joe Testa
32ff04c2cc Added Tox testing for Python 3.11. Fixed flake8 & pylint errors. 2023-02-01 17:56:54 -05:00
thecliguy
e50ac5c84d
Gex test usage text (#158)
* Reformatted Usage Text for --gex-test in README.md

* Reformatted Usage Text for --gex-test in ssh_audit.py

Reformatted to adhere to a max line length of 80 characters.
2022-10-27 10:11:05 -04:00
Manfred Kaiser
29496b43d5
updated vulnerability database (#157)
* updated vulnerability database

* added info for CVE-2021-36367
2022-10-27 10:10:17 -04:00