elie/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2024-06-30 19:24:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
33 Commits 1 Branch 15 Tags 2.9 MiB
Python 89.9%
Shell 7.2%
Roff 2%
Batchfile 0.7%
Dockerfile 0.2%
744aec76fb
Go to file
Andris Raugulis 744aec76fb Finish implementing compatibility feature. 
Fix wrong algorithm warning.
Stop on empty packet.
2016-08-12 04:28:46 +03:00
.gitignore Init project. 2015-12-23 04:56:13 +02:00
README.md Update screenshot. 2016-08-03 17:42:11 +03:00
ssh-audit.py Finish implementing compatibility feature. 2016-08-12 04:28:46 +03:00

README.md

ssh-audit

ssh-audit is a tool for ssh server auditing.

Features

  • grab banner, detect ssh1 protocol and zlib compression;
  • gather key-exchange, host-key, encryption and message authentication code algorithms;
  • output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
  • historical information from OpenSSH and Dropbear SSH;
  • no dependencies, compatible with python2 and python3;

Usage

usage: ssh-audit.py [-nv] host[:port]

   -v  verbose
   -n  disable colors

Verbose flag will fill each row, i.e, not leave blanks, for easier usage with batch scripts or with manual grepping.

example

screenshot

ChangeLog

v1.0.20160803

  • use OpenSSH 7.3 banner
  • add new key-exchange algorithms

v1.0.20160207

  • use OpenSSH 7.2 banner
  • additional warnings for OpenSSH 7.2
  • fix OpenSSH 7.0 failure messages
  • add rijndael-cbc failure message from OpenSSH 6.7

v1.0.20160105

  • multiple additional warnings
  • support for none algorithm
  • better compression handling
  • ensure reading enough data (fixes few Linux SSH)

v1.0.20151230

  • Dropbear SSH support

v1.0.20151223

  • initial version