elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2026-05-25 23:41:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: elie/ssh-audit:27f215d687dcf150a178fc1f909fb0a19a7058b8
Branches Tags
elie/ssh-audit:master
elie/ssh-audit:v3.3.0 elie/ssh-audit:v3.2.0 elie/ssh-audit:v3.1.0 elie/ssh-audit:v3.0.0 elie/ssh-audit:v2.9.0 elie/ssh-audit:v2.5.0 elie/ssh-audit:v2.4.0 elie/ssh-audit:v2.3.1 elie/ssh-audit:v2.3.0 elie/ssh-audit:v2.2.0 elie/ssh-audit:v2.1.1 elie/ssh-audit:v2.1.0 elie/ssh-audit:v2.0.0 elie/ssh-audit:v1.7.0 elie/ssh-audit:v1.6.0 elie/ssh-audit:v1.5.0
..
compare: elie/ssh-audit:8190a285da7b4eb4e8e7ebf78a375015884621eb
Branches Tags
elie/ssh-audit:master
elie/ssh-audit:v3.3.0 elie/ssh-audit:v3.2.0 elie/ssh-audit:v3.1.0 elie/ssh-audit:v3.0.0 elie/ssh-audit:v2.9.0 elie/ssh-audit:v2.5.0 elie/ssh-audit:v2.4.0 elie/ssh-audit:v2.3.1 elie/ssh-audit:v2.3.0 elie/ssh-audit:v2.2.0 elie/ssh-audit:v2.1.1 elie/ssh-audit:v2.1.0 elie/ssh-audit:v2.0.0 elie/ssh-audit:v1.7.0 elie/ssh-audit:v1.6.0 elie/ssh-audit:v1.5.0

4 Commits
27f215d687 .. 8190a285da

Author SHA1 Message Date
Manfred Kaiser 8190a285da Merge 3116c2e678 into 06ebdbd0fe 2024-09-01 23:02:32 +08:00
Joe Testa 06ebdbd0fe Updated README. 2024-08-26 16:46:34 -04:00
Drew Noel 7752023dc2 Switch connect_ex result checks to use errno lookups (#289) 
* Switch connect_ex result checks to errno lookups

* Return errno strings, clean up comment
 2024-08-26 16:38:44 -04:00
Joe Testa a6f02ae8e8 Added debugging output for key exchanges. 2024-08-26 16:25:32 -04:00
5 changed files with 28 additions and 4 deletions
Expand all files Collapse all files
README.md
+1
View File
@@ -220,6 +220,7 @@ For convenience, a web front-end on top of the command-line tool is available at
- Added LANcom LCOS server recognition and Ed448 key extraction; credit [Daniel Lenski](https://github.com/dlenskiSB). - Added LANcom LCOS server recognition and Ed448 key extraction; credit [Daniel Lenski](https://github.com/dlenskiSB).
- Fixed crash when running with `-P` and `-T` options simultaneously. - Fixed crash when running with `-P` and `-T` options simultaneously.
- Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB). - Fixed host key tests from only reporting a key type at most once despite multiple hosts supporting it; credit [Daniel Lenski](https://github.com/dlenskiSB).
- Fixed DHEat connection rate testing on MacOS X and BSD platforms; credit [Drew Noel](https://github.com/drewmnoel) and [Michael Osipov](https://github.com/michael-o).
### v3.2.0 (2024-04-22) ### v3.2.0 (2024-04-22)
- Added implementation of the DHEat denial-of-service attack (see `--dheat` option; [CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)). - Added implementation of the DHEat denial-of-service attack (see `--dheat` option; [CVE-2002-20001](https://nvd.nist.gov/vuln/detail/CVE-2002-20001)).
src/ssh_audit/dheat.py
+3 -2
View File
@@ -21,6 +21,7 @@
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE. THE SOFTWARE.
""" """
import errno
import multiprocessing import multiprocessing
import os import os
import queue import queue
@@ -442,10 +443,10 @@ class DHEat:
# out.d("Creating socket (%u of %u already exist)..." % (len(socket_dict), concurrent_sockets), write_now=True) # out.d("Creating socket (%u of %u already exist)..." % (len(socket_dict), concurrent_sockets), write_now=True)
ret = s.connect_ex((target_ip_address, aconf.port)) ret = s.connect_ex((target_ip_address, aconf.port))
num_attempted_connections += 1 num_attempted_connections += 1
if ret in [0, 115]: # Check if connection is successful or EINPROGRESS. if ret in [0, errno.EINPROGRESS]:
socket_dict[s] = now socket_dict[s] = now
else: else:
out.d("connect_ex() returned: %d" % ret, write_now=True) out.d("connect_ex() returned: %s (%d)" % (os.strerror(ret), ret), write_now=True)
# out.d("Calling select() on %u sockets..." % len(socket_dict), write_now=True) # out.d("Calling select() on %u sockets..." % len(socket_dict), write_now=True)
socket_list: List[socket.socket] = [*socket_dict] # Get a list of sockets from the dictionary. socket_list: List[socket.socket] = [*socket_dict] # Get a list of sockets from the dictionary.
src/ssh_audit/ssh2_kex.py
+14 -1
View File
@@ -1,7 +1,7 @@
""" """
The MIT License (MIT) The MIT License (MIT)
Copyright (C) 2017-2020 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com)
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -132,3 +132,16 @@ class SSH2_Kex:
srv = SSH2_KexParty(srv_enc, srv_mac, srv_compression, srv_languages) srv = SSH2_KexParty(srv_enc, srv_mac, srv_compression, srv_languages)
kex = cls(outputbuffer, cookie, kex_algs, key_algs, cli, srv, follows, unused) kex = cls(outputbuffer, cookie, kex_algs, key_algs, cli, srv, follows, unused)
return kex return kex
def __str__(self) -> str:
ret = "----\nSSH2_Kex object:"
ret += "\nHost keys: "
ret += ", ".join(self.__key_algs)
ret += "\nKey exchanges: "
ret += ", ".join(self.__kex_algs)
ret += "\nClient SSH2_KexParty:"
ret += "\n" + str(self.__client)
ret += "\nServer SSH2_KexParty:"
ret += "\n" + str(self.__server)
ret += "\n----"
return ret
src/ssh_audit/ssh2_kexparty.py
+8
View File
@@ -1,6 +1,7 @@
""" """
The MIT License (MIT) The MIT License (MIT)
Copyright (C) 2024 Joe Testa (jtesta@positronsecurity.com)
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -48,3 +49,10 @@ class SSH2_KexParty:
@property @property
def languages(self) -> List[str]: def languages(self) -> List[str]:
return self.__languages return self.__languages
def __str__(self) -> str:
ret = "Ciphers: " + ", ".join(self.__enc)
ret += "\nMACs: " + ", ".join(self.__mac)
ret += "\nCompressions: " + ", ".join(self.__compression)
ret += "\nLanguages: " + ", ".join(self.__languages)
return ret
src/ssh_audit/ssh_audit.py
+2 -1
View File
@@ -2,7 +2,7 @@
""" """
The MIT License (MIT) The MIT License (MIT)
Copyright (C) 2017-2023 Joe Testa (jtesta@positronsecurity.com) Copyright (C) 2017-2024 Joe Testa (jtesta@positronsecurity.com)
Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu) Copyright (C) 2017 Andris Raugulis (moo@arthepsy.eu)
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -1317,6 +1317,7 @@ def audit(out: OutputBuffer, aconf: AuditConf, sshv: Optional[int] = None, print
elif sshv == 2: elif sshv == 2:
try: try:
kex = SSH2_Kex.parse(out, payload) kex = SSH2_Kex.parse(out, payload)
out.d(str(kex))
except Exception: except Exception:
out.fail("Failed to parse server's kex. Stack trace:\n%s" % str(traceback.format_exc())) out.fail("Failed to parse server's kex. Stack trace:\n%s" % str(traceback.format_exc()))
return exitcodes.CONNECTION_ERROR return exitcodes.CONNECTION_ERROR