nhyatt/ssh-audit
1
0
Fork 0
mirror of https://github.com/jtesta/ssh-audit.git synced 2025-04-20 20:45:01 -05:00
Code Issues Projects Releases Wiki Activity
673 Commits 1 Branch 16 Tags
Commit Graph

71 Commits

Author SHA1 Message Date
Joe Testa
c0133a8d5f Listing built-in policies will now hide older versions, unless -v is used. 2024-10-11 15:43:09 -04:00
Joe Testa
3220043aaf Added note regarding hardening instructions. 2024-10-10 16:10:52 -04:00
Joe Testa
720150b471 Issue a warning if an out-dated policy is used. 2024-10-10 15:57:29 -04:00
Joe Testa
cb6142c609 Ignore mypy errors on colorama import. 2024-09-28 17:43:32 -04:00
Joe Testa
93b30b4258 Removed version-based CVE information. (#240) 2024-09-26 13:15:58 -04:00
Joe Testa
2cd96f1785 Ensure ECDSA and DSS fingerprints are only output in verbose mode. Clean up Docker tests from merge of #286. 2024-09-25 17:05:17 -04:00
Joe Testa
e97bbd9782 Added Python 3.13 support. 2024-09-24 18:20:07 -04:00
Joe Testa
6d57c7c0f7 The -p/--port option will now set the default port for multi-host scans (specified with -T/--targets). (#294) 2024-09-24 16:42:53 -04:00
Joe Testa
4621d52223 Updated unknown algorithm message. 2024-09-19 17:01:37 -04:00
Joe Testa
a6f02ae8e8 Added debugging output for key exchanges. 2024-08-26 16:25:32 -04:00
dreizehnutters
bc2a89eb11
fix for https://github.com/jtesta/ssh-audit/issues/280 (#281) 
* fix for https://github.com/jtesta/ssh-audit/issues/280

* changed json format to min. the damage for a change
 2024-07-05 10:49:16 -04:00
Joe Testa
87e22ae26b Added IPv6 support for DHEat and connection rate tests. (#269) 2024-06-29 19:05:20 -04:00
Joe Testa
8190fe59d0 Added implementation for DHEat denial-of-service attack (CVE-2002-20001). (#211, #217) 2024-04-18 13:58:13 -04:00
Joe Testa
db5104ecb8 Built-in policy change logs no longer printed within quotes. 2024-03-14 18:13:53 -04:00
Joe Testa
15078aaea9 Built-in policies now include a change log. 2024-03-14 17:58:16 -04:00
Joe Testa
cb0f6b63d7 Fixed new pylint warnings. 2024-03-12 20:46:39 -04:00
Joe Testa
20fbb706b0 The built-in man page (, ) is now available on Docker, PyPI, and Snap builds, in addition to the Windows build. (#231) 2024-02-16 22:40:53 -05:00
Joe Testa
f326d58068 Disable color when the NO_COLOR environment variable is set. (#234) 2024-01-28 18:17:49 -05:00
Joe Testa
b72f6a420f Added note regarding general OpenSSH policies failing against platforms with back-ported features. (#236) 2024-01-28 17:37:21 -05:00
Joe Testa
44393c56b3 Expanded filter of CBC ciphers to flag for the Terrapin vulnerability. 2023-12-21 15:30:43 -05:00
Joe Testa
bef8c6c0f7 Updated notes on fixing Terrapin vulnerability. 2023-12-20 12:11:55 -05:00
Joe Testa
75dbc03a77 Added 'additional_notes' field to JSON output. 2023-12-19 18:03:07 -05:00
Joe Testa
a0f99942a2 Don't recommend enabling the chacha & CBC ciphers, nor ETM MACs in case the user disabled them to address the Terrapin vulnerability. (#229) 2023-12-19 17:16:58 -05:00
Joe Testa
c259a83782 Added note that when a target is properly configured against the Terrapin vulnerability that unpatched peers may still create vulnerable connections. Updated Ubuntu Server & Client 20.04 & 22.04 policies to include new key exchange markers related to Terrapin counter-measures. 2023-12-19 14:03:28 -05:00
Joe Testa
8e972c5e94 Added test for the Terrapin vulnerability (CVE-2023-48795) (#227). 2023-12-18 18:24:49 -05:00
Joe Testa
f8e29674a3 Refined JSON notes output. Fixed Docker & Tox tests. 2023-09-05 16:36:54 -04:00
Bareq
d3dd5a9cac
Improved JSON output (#185) 2023-09-05 16:16:23 -04:00
Joe Testa
38f9c21760 The color of all notes will be printed in green when the related algorithm is rated good. 2023-09-03 19:14:25 -04:00
Joe Testa
199e75f6cd Refined GEX testing against OpenSSH servers: when the fallback mechanism is suspected of being triggered, perform an additional test to obtain more accurate results. 2023-09-03 16:13:00 -04:00
thecliguy
83f9e48271
Recommendation output now respects level (#196) 2023-06-20 16:09:37 -04:00
Joe Testa
639f11a5e5 Results from concurrent scans against multiple hosts are no longer improperly combined (#190). 2023-06-19 14:13:32 -04:00
Joe Testa
0074fcc1af Rolled back Windows multithreading crash fix, as upgrading from Python v3.9 to v3.11 may have fixed the root cause. (#152) 2023-04-26 21:55:40 -04:00
Joe Testa
05f159a152 Fixed Windows-specific crash when multiple threads are used (#152). 2023-04-25 10:18:45 -04:00
Joe Testa
263267c5ad Added support for mixed host key/CA key types (i.e.: RSA host keys signed by ED25519 CAs) (#120). 2023-04-25 09:17:32 -04:00
Joe Testa
dc083de87e Added recommendations and CVE information to JSON output (#122). 2023-03-24 18:48:36 -04:00
Joe Testa
7d5eb37a0f Updated colorama initialization. 2023-03-24 16:43:38 -04:00
Joe Testa
992aa1b961 Added support for kex GSS wildcards (#143). 2023-03-21 22:17:23 -04:00
Joe Testa
71feaa191e Add note regarding OpenSSH's 2048-bit GEX fallback, and suppress the related recommendation since the user cannot control it (partly related to #168). 2023-03-21 11:44:45 -04:00
thecliguy
e4d864c6c1
usage now respects no color (#162) 
* usage now respects no color

* Removed superfluous parens after 'not'
 2023-02-06 18:20:34 -05:00
Joe Testa
c9dc9a9c10 Now issues a warning when 2048-bit moduli are encountered. 2023-02-06 16:27:30 -05:00
Joe Testa
32ff04c2cc Added Tox testing for Python 3.11. Fixed flake8 & pylint errors. 2023-02-01 17:56:54 -05:00
thecliguy
e50ac5c84d
Gex test usage text (#158) 
* Reformatted Usage Text for --gex-test in README.md

* Reformatted Usage Text for --gex-test in ssh_audit.py

Reformatted to adhere to a max line length of 80 characters.
 2022-10-27 10:11:05 -04:00
Joe Testa
11905ed44a Fixed pylint errors, consolidated error checking for granular GEX tests, renamed functions for better readability. 2022-03-24 10:53:47 -04:00
Adam Russell
19f192d21f Corrected accidental text update and a minor typo. 2022-03-24 10:53:47 -04:00
Adam Russell
5ac0ffa8f1 DH GEX Modulus Size Testing 2022-03-24 10:53:47 -04:00
Joe Testa
4ace52a190 Now prints a more user-friendly error message when installed as a Snap package and permission errors are encountered. Updated the Snap build process as well. 2021-10-14 23:56:03 -04:00
tomatohater1337
1f0b3acff2
Complete "target" in the JSON output with the port (#123) 
* Complete "target" in JSON output with the port

The JSON output was not showing the port of the target which was scanned. This could be problematic when scanning a host with more than one ssh service running.

* Docker tests completet with the port of the scan target in the JSON output
 2021-10-13 23:44:55 -04:00
a1346054
597b500eba
Minor cleanups (#116) 
* docker_test.sh: fix shellcheck warnings

* docker_test.sh: unify style

No changes in functionality.

* docker_test.sh: whitespace fixes

* stop mixing tabs and spaces
* remove trailing whitespace

* invoke bash using /usr/bin/env

* build_windows_executable.sh: fix variable assignment

* update_windows_man_page.sh: unify style

No changes in functionality.

* whitespace fixes

* stop mixing tabs and spaces
* remove trailing whitespace

* fix spelling

* remove trailing whitespace
 2021-08-27 11:19:18 -04:00
Joe Testa
e7d320f602 Fixed new pylint warnings. 2021-08-25 13:28:30 -04:00
Joe Testa
aa21df29e7 Now handles exceptions during server KEX parsing more gracefully. 2021-05-24 19:50:25 -04:00