elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-03-12 06:35:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Commit Graph

  • e318787a5c Batch mode no longer automatically enables verbose mode. master Joe Testa 2024-12-05 10:06:58 -05:00
  • d9c703c777 When running against multiple hosts, now prints each target host regardless of output level. (#309) Joe Testa 2024-12-05 09:41:26 -05:00
  • 28a1e23986 Added warnings to all key exchanges that do not provide protection against quantum attacks. Joe Testa 2024-11-25 15:56:51 -05:00
  • a01baadfa8 Additional cleanups after merging #304. Joe Testa 2024-11-22 12:28:02 -05:00
  • 45abc3aaf4
         Argparse v3 - RC1 (#304) oam7575 2024-11-23 04:26:20 +11:00
  • 99c64787d9 Updated description of -m option. Joe Testa 2024-10-16 16:39:11 -04:00
  • 3fa62c3ac5 Fixed man page parsing error. (#301) Joe Testa 2024-10-16 16:23:20 -04:00
  • d7fff591fa Bumped version to v3.4.0-dev. Joe Testa 2024-10-15 18:30:08 -04:00
  • 84647ecb32 Updated packaging notes. Joe Testa 2024-10-15 18:29:25 -04:00
  • 772204ce8b Bumped version to v3.3.0. v3.3.0 Joe Testa 2024-10-15 13:28:38 -04:00
  • c0133a8d5f Listing built-in policies will now hide older versions, unless -v is used. Joe Testa 2024-10-11 15:43:09 -04:00
  • 3220043aaf Added note regarding hardening instructions. Joe Testa 2024-10-10 16:10:52 -04:00
  • 40ed92bbe6 Run tests against stable version of Python 3.13. Joe Testa 2024-10-10 16:06:18 -04:00
  • 720150b471 Issue a warning if an out-dated policy is used. Joe Testa 2024-10-10 15:57:29 -04:00
  • d0628f6eb4 Updated ext-info-c and ext-info-s key exchanges to include versions of OpenSSH they were first included in. (#291) Joe Testa 2024-10-07 17:41:39 -04:00
  • 1e060a94c0 Updated built-in server and client policies for Amazon Linux 2023. Joe Testa 2024-10-01 18:15:02 -04:00
  • 8563c2925b Updated built-in client policy for Debian 12. Joe Testa 2024-10-01 17:48:49 -04:00
  • 556306be5e Updated built-in client policy for Rocky Linux 9. Joe Testa 2024-10-01 17:39:42 -04:00
  • 7ab6d20454 Updated built-in client policy for Ubuntu 22.04. Joe Testa 2024-10-01 17:32:49 -04:00
  • 1f1a51d591 Updated Ubuntu 22.04 built-in policy. Joe Testa 2024-10-01 17:06:03 -04:00
  • 77a63de133 Updated Rocky Linux 9 built-in policy. Joe Testa 2024-10-01 16:21:23 -04:00
  • cffa126277 Updated Debian 12 built-in policy. (#283) Joe Testa 2024-10-01 15:01:44 -04:00
  • dc615cef7f Fixed DH rate testing on Windows. (#261) Joe Testa 2024-09-28 18:39:55 -04:00
  • cb6142c609 Ignore mypy errors on colorama import. Joe Testa 2024-09-28 17:43:32 -04:00
  • 629008e55e Updated test commands. Joe Testa 2024-09-26 18:34:40 -04:00
  • 016a5d89f7 Updated Github Actions workflow to use Tox through pip instead of the platform version. Joe Testa 2024-09-26 18:31:21 -04:00
  • 93b30b4258 Removed version-based CVE information. (#240) Joe Testa 2024-09-26 13:15:58 -04:00
  • 3b8a75e407 Server kex/host key parsing failures no longer output a stack trace unless in debug mode. Joe Testa 2024-09-25 17:34:18 -04:00
  • 67e11f82b3 Updated --targets description. Joe Testa 2024-09-25 17:12:16 -04:00
  • 2cd96f1785 Ensure ECDSA and DSS fingerprints are only output in verbose mode. Clean up Docker tests from merge of #286. Joe Testa 2024-09-25 17:05:17 -04:00
  • a4b78b752e
         Enable HostKeyTest to extract ECDSA and DSA keys (#286) Daniel Lenski 2024-09-25 13:57:03 -07:00
  • ac540c8b5f
         Created FUNDING.yml. Joe Testa 2024-09-25 16:20:45 -04:00
  • e11492b7a3 Updated shields. Joe Testa 2024-09-25 16:07:01 -04:00
  • 02bc48c574 Bumped supported Python range. Joe Testa 2024-09-25 14:18:41 -04:00
  • 24d7d46c42 Updated PyPI downloads shield. Joe Testa 2024-09-25 10:05:35 -04:00
  • e97bbd9782 Added Python 3.13 support. Joe Testa 2024-09-24 18:20:07 -04:00
  • 6d57c7c0f7 The -p/--port option will now set the default port for multi-host scans (specified with -T/--targets). (#294) Joe Testa 2024-09-24 16:42:53 -04:00
  • ea3258151e Fixed invalid JSON output when a socket error occurs while performing a client audit. (#295) Joe Testa 2024-09-24 15:48:14 -04:00
  • f9032c8277 Added built-in policy for OpenSSH 9.9. Joe Testa 2024-09-24 15:05:05 -04:00
  • d7398baad7 Added two new key exchanges: mlkem768x25519-sha256, sntrup761x25519-sha512. Joe Testa 2024-09-19 17:40:49 -04:00
  • 4621d52223 Updated unknown algorithm message. Joe Testa 2024-09-19 17:01:37 -04:00
  • 2a7cb13895 Added grasshopper-ctr128 cipher. Joe Testa 2024-09-18 17:59:45 -04:00
  • 06ebdbd0fe Updated README. Joe Testa 2024-08-26 16:46:34 -04:00
  • 7752023dc2
         Switch connect_ex result checks to use errno lookups (#289) Drew Noel 2024-08-26 16:38:44 -04:00
  • a6f02ae8e8 Added debugging output for key exchanges. Joe Testa 2024-08-26 16:25:32 -04:00
  • 9049c8476a Updated README. Joe Testa 2024-07-06 21:01:19 -04:00
  • bbbdf71e50
         Recognize LANcom LCOS software and support ed448 key extraction (#277) Daniel Lenski 2024-07-06 17:56:24 -07:00
  • 92db5f0138 Updated docker tests and README due to merge of PR #281. Joe Testa 2024-07-05 10:53:00 -04:00
  • bc2a89eb11
         fix for https://github.com/jtesta/ssh-audit/issues/280 (#281) dreizehnutters 2024-07-05 16:49:16 +02:00
  • ea117b203b Updated README. Joe Testa 2024-07-05 10:16:06 -04:00
  • d8f8b7c57c
         Make HostKeyTest class reusable (#278) Daniel Lenski 2024-07-05 07:11:18 -07:00
  • e42961fa9a Added built-in policy for OpenSSH 9.8. Joe Testa 2024-07-02 21:31:36 -04:00
  • dcbc43acdf Fixed crash when running with '-P' and '-T' options simultaneously. (#273) Joe Testa 2024-07-02 20:56:11 -04:00
  • 87e22ae26b Added IPv6 support for DHEat and connection rate tests. (#269) Joe Testa 2024-06-29 19:05:20 -04:00
  • 46ec4e3edc Added built-in policies for Ubuntu 24.04 LTS server and client. Joe Testa 2024-04-29 19:11:47 -04:00
  • d19b154a46 Bumped version to v3.3.0-dev. Joe Testa 2024-04-22 17:57:26 -04:00
  • c5d90106e8 Updated docker run command. Joe Testa 2024-04-22 17:54:37 -04:00
  • 68cf05d0ff Set version to 3.2.0 for release. v3.2.0 Joe Testa 2024-04-22 16:32:57 -04:00
  • 2d9ddabcad Updated DHEat rate connection warning message. Joe Testa 2024-04-22 16:26:03 -04:00
  • 986f83653d Added multi-line real-time output for connection rate testing. Joe Testa 2024-04-22 13:56:50 -04:00
  • 3c459f1428 Revised connection rate warning during standard audits. Joe Testa 2024-04-22 11:58:52 -04:00
  • 46b89fff2e Sockets now time out after 30 seconds during connection rate testing. Joe Testa 2024-04-21 17:05:57 -04:00
  • 81718d1948 Fixed non-interactive connection rate tests. Revised warning for lack of connection throttling. Joe Testa 2024-04-21 15:08:38 -04:00
  • 8124c8e443 Added aes128-ocb@libassh.org cipher. Joe Testa 2024-04-18 21:09:02 -04:00
  • b9f569fdf8 Added warnings for Windows platform. Joe Testa 2024-04-18 20:51:14 -04:00
  • 9126ae7d9c Improved DHEat statistics output. Joe Testa 2024-04-18 20:01:28 -04:00
  • d2f1a295a1 Removed vulture from Tox (it rarely made any findings, and when it did, pylint reported the same issues). Joe Testa 2024-04-18 19:36:13 -04:00
  • 8190fe59d0 Added implementation for DHEat denial-of-service attack (CVE-2002-20001). (#211, #217) Joe Testa 2024-04-18 13:58:13 -04:00
  • d7f8bf3e6d Updated notes on OpenSSH default key exchanges. (#258) Joe Testa 2024-03-19 18:24:22 -04:00
  • 3d403b1d70 Updated availability of algorithms in Dropbear. (#257) Joe Testa 2024-03-19 15:47:09 -04:00
  • 9fae870260 Added allow_larger_keys flag to custom policies to control whether targets can have larger keys, and added Docker tests to complete work started in PR #242. Joe Testa 2024-03-19 14:45:19 -04:00
  • 20873db596
         use less-than instead of not-equal when comparing key sizes (#242) Damian Szuberski 2024-03-20 04:38:27 +10:00
  • 3c31934ac7 Added tests and other cleanups resulting from merging PR #252. Joe Testa 2024-03-18 17:48:50 -04:00
  • 5bd925ffc6
         [WIP] Adding allowed algorithms (#252) yannik1015 2024-03-18 22:41:17 +01:00
  • 7b3402b207 Added note that sntrup761x25519-sha512@openssh.com is the default OpenSSH kex since version 9.0. Joe Testa 2024-03-15 17:24:21 -04:00
  • b2f46eb71a Added extra GSS wildcard matching test. Joe Testa 2024-03-15 17:05:40 -04:00
  • ab41ca1023 Re-organized README. Joe Testa 2024-03-15 16:28:10 -04:00
  • b70fb0bc4c Added built-in policies for Amazon Linux 2023, Debian 12, and Rocky Linux 9. Joe Testa 2024-03-15 16:24:36 -04:00
  • db5104ecb8 Built-in policy change logs no longer printed within quotes. Joe Testa 2024-03-14 18:13:53 -04:00
  • 15078aaea9 Built-in policies now include a change log. Joe Testa 2024-03-14 17:58:16 -04:00
  • f0874af4cd Split built-in policies from policy.py to builtin_policies.py. Joe Testa 2024-03-14 17:24:40 -04:00
  • 064b55e0c2 Added 1 new key exchange algorithm: gss-nistp384-sha384-* Joe Testa 2024-03-14 16:01:48 -04:00
  • a4f508374a Updated README. Joe Testa 2024-03-12 21:13:10 -04:00
  • 6f39407a8c
         use alpine, reduce layers (#249) Daniel Thamdrup 2024-03-13 02:02:26 +01:00
  • cb0f6b63d7 Fixed new pylint warnings. Joe Testa 2024-03-12 20:46:39 -04:00
  • 3313046714 Added built-in policy for OpenSSH 9.7. Joe Testa 2024-03-12 20:23:55 -04:00
  • 8ee0deade1
         Properly upgrade packages and clean up apt cache in Dockerfile (#218) Peter Dave Hello 2024-02-18 23:25:14 +08:00
  • 699739d42a Gracefully handle rare exceptions (i.e.: crashes) while performing GEX tests. Joe Testa 2024-02-17 13:44:06 -05:00
  • a958fd1fec Snap builds are now architecture-independent. (#232) Joe Testa 2024-02-17 12:54:28 -05:00
  • c33f419224 Updated '-m', '--manual' description in README. Joe Testa 2024-02-16 23:16:07 -05:00
  • 6ee4899b4f Bumped copyright year. Joe Testa 2024-02-16 23:13:55 -05:00
  • 20fbb706b0 The built-in man page (, ) is now available on Docker, PyPI, and Snap builds, in addition to the Windows build. (#231) Joe Testa 2024-02-16 22:40:53 -05:00
  • 73b669b49d Fixed parsing of ecdsa-sha2-nistp* CA signatures on host keys. Additionally, they are now flagged as potentially back-doored, just as standard host keys are. (#239) Joe Testa 2024-02-16 21:58:51 -05:00
  • f326d58068 Disable color when the NO_COLOR environment variable is set. (#234) Joe Testa 2024-01-28 18:17:49 -05:00
  • b72f6a420f Added note regarding general OpenSSH policies failing against platforms with back-ported features. (#236) Joe Testa 2024-01-28 17:37:21 -05:00
  • fe65b5df8a Added missing dev tag to Change Log: v3.2.0 -> v3.2.0-dev Joe Testa 2023-12-21 15:34:38 -05:00
  • 44393c56b3 Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. Joe Testa 2023-12-21 15:30:43 -05:00
  • 164356e776
         Spelling fixes (#233) Ville Skyttä 2023-12-21 15:58:12 +02:00
  • c8e075ad13 Bumped version number to v3.2.0-dev. Joe Testa 2023-12-20 15:41:03 -05:00
  • eebeac99a0 Updated packaging instructions and Docker build steps. Joe Testa 2023-12-20 15:40:01 -05:00