Added missing dev tag to Change Log: v3.2.0 -> v3.2.0-dev

Expanded filter of CBC ciphers to flag for the Terrapin vulnerability.
Spelling fixes (#233 )
2026-05-26 07:51:23 +02:00 · 2023-12-21 15:34:38 -05:00 · 2023-12-21 15:30:43 -05:00 · 2023-12-21 08:58:12 -05:00 · 2023-12-20 15:41:03 -05:00 · 2023-12-20 15:40:01 -05:00
7 changed files with 30 additions and 13 deletions
@@ -4,10 +4,21 @@ ifeq ($(VERSION),)
 endif

 all:
-	docker build -t positronsecurity/ssh-audit:${VERSION} .
+	docker buildx create --name multiarch --use || exit 0
+	docker buildx build \
+		--platform linux/amd64,linux/arm64,linux/arm/v7 \
+		--tag positronsecurity/ssh-audit:${VERSION} \
+		--tag positronsecurity/ssh-audit:latest \
+		.
+	docker buildx build \
+		--tag positronsecurity/ssh-audit:${VERSION} \
+		--tag positronsecurity/ssh-audit:latest \
+		--load \
+		--builder=multiarch \
+		.

 upload:
-	docker login
+	docker login -u positronsecurity
 	docker buildx build \
 		--platform linux/amd64,linux/arm64,linux/arm/v7 \
 		--tag positronsecurity/ssh-audit:${VERSION} \
@@ -2,7 +2,7 @@

 An executable can only be made on a Windows host because the PyInstaller tool (https://www.pyinstaller.org/) does not support cross-compilation.

-1.) Install Python v3.11.x from https://www.python.org/.  To make life easier, check the option to add Python to the PATH environment variable.
+1.) Install Python v3.x from https://www.python.org/.  To make life easier, check the option to add Python to the PATH environment variable.

 2.) Install Cygwin (https://www.cygwin.com/).

@@ -15,7 +15,7 @@ An executable can only be made on a Windows host because the PyInstaller tool (h

 # PyPI

-To create package and upload to test server:
+To create package and upload to test server (hint: use username '\_\_token\_\_' and API token for test.pypi.org):

 ```
    $ sudo apt install python3-virtualenv python3.10-venv
@@ -31,7 +31,7 @@ To download from test server and verify:
    $ pip3 install --index-url https://test.pypi.org/simple ssh-audit
 ```

-To upload to production server (hint: use username '\_\_token\_\_' and API token):
+To upload to production server (hint: use username '\_\_token\_\_' and API token for production pypi.org):

 ```
    $ make -f Makefile.pypi uploadprod
@@ -61,19 +61,22 @@ Upload the snap with:
    $ snapcraft export-login ~/snap_creds.txt
    $ export SNAPCRAFT_STORE_CREDENTIALS=$(cat ~/snap_creds.txt)
    $ snapcraft upload --release=beta ssh-audit_*.snap
-    $ snapcraft upload --release=stable ssh-audit_*.snap
+    $ snapcraft status ssh-audit  # Note the revision number of the beta channel.
+    $ snapcraft release ssh-audit X stable  # Fill in with the revision number.
 ```


 # Docker

+Ensure that the buildx plugin is available by following the installation instructions available at: https://docs.docker.com/engine/install/ubuntu/
+
 Build a local image with:

 ```
    $ make -f Makefile.docker
 ```

-Create a multi-architecture build and upload it to Dockerhub with:
+Create a multi-architecture build and upload it to Dockerhub with (hint: use the API token as the password):

 ```
    $ make -f Makefile.docker upload
@@ -178,6 +178,9 @@ For convenience, a web front-end on top of the command-line tool is available at

 ## ChangeLog

+### v3.2.0-dev (???)
+ - Expanded filter of CBC ciphers to flag for the Terrapin vulnerability.  It now includes more rarely found ciphers.
+
 ### v3.1.0 (2023-12-20)
 - Added test for the Terrapin message prefix truncation vulnerability ([CVE-2023-48795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795)).
 - Dropped support for Python 3.7 (EOL was reached in June 2023).
@@ -22,7 +22,7 @@
   THE SOFTWARE.
 """
 # The version to display.
-VERSION = 'v3.1.0'
+VERSION = 'v3.2.0-dev'

 # SSH software to impersonate
 SSH_HEADER = 'SSH-{0}-OpenSSH_8.2'
@@ -80,7 +80,7 @@ class KexDH:  # pragma: nocover
    # contains the host key, among other things.  Function returns the host
    # key blob (from which the fingerprint can be calculated).
    def recv_reply(self, s: 'SSH_Socket', parse_host_key_size: bool = True) -> Optional[bytes]:
-        # Reset the CA info, in case it was set from a prior invokation.
+        # Reset the CA info, in case it was set from a prior invocation.
        self.__hostkey_type = ''
        self.__hostkey_e = 0  # pylint: disable=unused-private-member
        self.__hostkey_n = 0  # pylint: disable=unused-private-member
@@ -100,7 +100,7 @@ class KexDH:  # pragma: nocover
            # A connection error occurred.  We can't parse anything, so just
            # return.  The host key modulus (and perhaps certificate modulus)
            # will remain at length 0.
-            self.out.d("KexDH.recv_reply(): received packge_type == -1.")
+            self.out.d("KexDH.recv_reply(): received package_type == -1.")
            return None

        # Get the host key blob, F, and signature.
@@ -491,7 +491,7 @@ def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_aud
        if algs.ssh2kex is not None:
            ciphers_supported = algs.ssh2kex.client.encryption if client_audit else algs.ssh2kex.server.encryption
            for cipher in ciphers_supported:
-                if cipher.endswith("-cbc"):
+                if cipher.endswith("-cbc") or cipher.endswith("-cbc@openssh.org") or cipher.endswith("-cbc@ssh.com") or cipher == "rijndael-cbc@lysator.liu.se":
                    ret.append(cipher)

        return ret
@@ -501,7 +501,7 @@ def post_process_findings(banner: Optional[Banner], algs: Algorithms, client_aud
        ret = []

        for cipher in db["enc"]:
-            if cipher.endswith("-cbc") and cipher not in _get_cbc_ciphers_enabled(algs):
+            if (cipher.endswith("-cbc") or cipher.endswith("-cbc@openssh.org") or cipher.endswith("-cbc@ssh.com") or cipher == "rijndael-cbc@lysator.liu.se") and cipher not in _get_cbc_ciphers_enabled(algs):
                ret.append(cipher)

        return ret
@@ -122,7 +122,7 @@ class VersionVulnerabilityDB:  # pylint: disable=too-few-public-methods
            ['2.1',     '4.1p1',   1, 'CVE-2005-2798',  5.0, 'leak data about authentication credentials'],
            ['3.5',     '3.5p1',   1, 'CVE-2004-2760',  6.8, 'leak data through different connection states'],
            ['2.3',     '3.7.1p2', 1, 'CVE-2004-2069',  5.0, 'cause DoS via large number of connections (slot exhaustion)'],
-            ['3.0',     '3.4p1',   1, 'CVE-2004-0175',  4.3, 'leak data through directoy traversal'],
+            ['3.0',     '3.4p1',   1, 'CVE-2004-0175',  4.3, 'leak data through directory traversal'],
            ['1.2',     '3.9p1',   1, 'CVE-2003-1562',  7.6, 'leak data about authentication credentials'],
            ['3.1p1',   '3.7.1p1', 1, 'CVE-2003-0787',  7.5, 'privilege escalation via modifying stack'],
            ['3.1p1',   '3.7.1p1', 1, 'CVE-2003-0786', 10.0, 'privilege escalation via bypassing authentication'],
Author	SHA1	Message	Date
Joe Testa	fe65b5df8a	Added missing dev tag to Change Log: v3.2.0 -> v3.2.0-dev	2023-12-21 15:34:38 -05:00
Joe Testa	44393c56b3	Expanded filter of CBC ciphers to flag for the Terrapin vulnerability.	2023-12-21 15:30:43 -05:00
Ville Skyttä	164356e776	Spelling fixes (#233 )	2023-12-21 08:58:12 -05:00
Joe Testa	c8e075ad13	Bumped version number to v3.2.0-dev.	2023-12-20 15:41:03 -05:00
Joe Testa	eebeac99a0	Updated packaging instructions and Docker build steps.	2023-12-20 15:40:01 -05:00