SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
Go to file
Andris Raugulis d834074378 Use OpenSSH 7.2 banner.
Add OpenSSH 7.2 warning messages.
Fix OpenSSH 7.0 failure messages.
Add forgotten failure on rijndael-cbc.
Bump version.
2016-03-07 12:58:13 +02:00
.gitignore Init project. 2015-12-23 04:56:13 +02:00
README.md Create thinner screenshot. 2016-01-05 18:13:46 +02:00
ssh-audit.py Use OpenSSH 7.2 banner. 2016-03-07 12:58:13 +02:00

ssh-audit

ssh-audit is a tool for ssh server auditing.

Features

  • grab banner, detect ssh1 protocol and zlib compression;
  • gather key-exchange, host-key, encryption and message authentication code algorithms;
  • output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
  • historical information from OpenSSH and Dropbear SSH;
  • no dependencies, compatible with python2 and python3;

Usage

usage: ssh-audit.py [-nv] host[:port]

   -v  verbose
   -n  disable colors

Verbose flag will fill each row, i.e, not leave blanks, for easier usage with batch scripts or with manual grepping.

example

screenshot

ChangeLog

v1.0.20160105

  • multiple additional warnings
  • support for none algorithm
  • better compression handling
  • ensure reading enough data (fixes few Linux SSH)

v1.0.20151230

  • Dropbear SSH support

v1.0.20151223

  • initial version