{ "info": { "author": "Joe Testa", "author_email": "jtesta@positronsecurity.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Information Technology", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", "Programming Language :: Python :: 3", "Topic :: Security", "Topic :: Security :: Cryptography" ], "description": "# ssh-audit\n\n**ssh-audit** is a tool for ssh server auditing. \n\n## Features\n- SSH1 and SSH2 protocol server support;\n- grab banner, recognize device or software and operating system, detect compression;\n- gather key-exchange, host-key, encryption and message authentication code algorithms;\n- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);\n- output algorithm recommendations (append or remove based on recognized software version);\n- output security information (related issues, assigned CVE list, etc);\n- analyze SSH version compatibility based on algorithm information;\n- historical information from OpenSSH, Dropbear SSH and libssh;\n- no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;\n\n## Usage\n```\nusage: ssh-audit.py [-1246pbnvlt] \n\n -1, --ssh1 force ssh version 1 only\n -2, --ssh2 force ssh version 2 only\n -4, --ipv4 enable IPv4 (order of precedence)\n -6, --ipv6 enable IPv6 (order of precedence)\n -p, --port= port to connect\n -b, --batch batch output\n -n, --no-colors disable colors\n -v, --verbose verbose output\n -l, --level= minimum output level (info|warn|fail)\n -t, --timeout= timeout (in seconds) for connection and reading\n (default: 5)\n```\n* if both IPv4 and IPv6 are used, order of precedence can be set by using either `-46` or `-64`. \n* batch flag `-b` will output sections without header and without empty lines (implies verbose flag). \n* verbose flag `-v` will prefix each line with section type and algorithm name. \n\n### Example\n![screenshot](https://user-images.githubusercontent.com/2982011/63970414-104bdb00-ca72-11e9-832f-3e535be32811.png)\n\n## ChangeLog\n### v2.0.0 (2019-08-29)\n - Forked from https://github.com/arthepsy/ssh-audit (development was stalled, and developer went MIA).\n - Added RSA host key length test.\n - Added RSA certificate key length test.\n - Added Diffie-Hellman modulus size test.\n - Now outputs host key fingerprints for RSA and ED25519.\n - Added 5 new key exchanges: `sntrup4591761x25519-sha512@tinyssh.org`, `diffie-hellman-group-exchange-sha256@ssh.com`, `diffie-hellman-group-exchange-sha512@ssh.com`, `diffie-hellman-group16-sha256`, `diffie-hellman-group17-sha512`.\n - Added 3 new encryption algorithms: `des-cbc-ssh1`, `blowfish-ctr`, `twofish-ctr`.\n - Added 10 new MACs: `hmac-sha2-56`, `hmac-sha2-224`, `hmac-sha2-384`, `hmac-sha3-256`, `hmac-sha3-384`, `hmac-sha3-512`, `hmac-sha256`, `hmac-sha256@ssh.com`, `hmac-sha512`, `hmac-512@ssh.com`.\n - Added command line argument (-t / --timeout) for connection & reading timeouts.\n - Updated CVEs for libssh & Dropbear.\n\n### v1.7.0 (2016-10-26)\n - implement options to allow specify IPv4/IPv6 usage and order of precedence\n - implement option to specify remote port (old behavior kept for compatibility)\n - add colors support for Microsoft Windows via optional colorama dependency\n - fix encoding and decoding issues, add tests, do not crash on encoding errors\n - use mypy-lang for static type checking and verify all code\n\n### v1.6.0 (2016-10-14)\n - implement algorithm recommendations section (based on recognized software)\n - implement full libssh support (version history, algorithms, security, etc)\n - fix SSH-1.99 banner recognition and version comparison functionality\n - do not output empty algorithms (happens for misconfigured servers)\n - make consistent output for Python 3.x versions\n - add a lot more tests (conf, banner, software, SSH1/SSH2, output, etc)\n - use Travis CI to test for multiple Python versions (2.6-3.5, pypy, pypy3)\n\n### v1.5.0 (2016-09-20)\n - create security section for related security information\n - match and output assigned CVE list and security issues for Dropbear SSH\n - implement full SSH1 support with fingerprint information\n - automatically fallback to SSH1 on protocol mismatch\n - add new options to force SSH1 or SSH2 (both allowed by default)\n - parse banner information and convert it to specific software and OS version\n - do not use padding in batch mode\n - several fixes (Cisco sshd, rare hangs, error handling, etc)\n\n### v1.0.20160902\n - implement batch output option\n - implement minimum output level option\n - fix compatibility with Python 2.6\n\n### v1.0.20160812\n - implement SSH version compatibility feature\n - fix wrong mac algorithm warning\n - fix Dropbear SSH version typo\n - parse pre-banner header\n - better errors handling\n\n### v1.0.20160803\n - use OpenSSH 7.3 banner\n - add new key-exchange algorithms\n\n### v1.0.20160207\n - use OpenSSH 7.2 banner\n - additional warnings for OpenSSH 7.2 \n - fix OpenSSH 7.0 failure messages\n - add rijndael-cbc failure message from OpenSSH 6.7\n\n### v1.0.20160105\n - multiple additional warnings\n - support for none algorithm\n - better compression handling \n - ensure reading enough data (fixes few Linux SSH) \n\n### v1.0.20151230\n - Dropbear SSH support \n\n### v1.0.20151223\n - initial version \n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/jtesta/ssh-audit", "keywords": "", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "ssh-audit", "package_url": "https://pypi.org/project/ssh-audit/", "platform": "", "project_url": "https://pypi.org/project/ssh-audit/", "project_urls": { "Homepage": "https://github.com/jtesta/ssh-audit" }, "release_url": "https://pypi.org/project/ssh-audit/2.0.0/", "requires_dist": null, "requires_python": "", "summary": "An SSH server configuration security auditing tool", "version": "2.0.0" }, "last_serial": 5782883, "releases": { "2.0.0": [ { "comment_text": "", "digests": { "md5": "9f062f6af322c4056c4bbf418b7e6fdd", "sha256": "7a7c717f8a8b3f65874010b21cba7a88a3399aa5da7c3f0d8ffbcd553ce7c4a6" }, "downloads": -1, "filename": "ssh_audit-2.0.0-py3-none-any.whl", "has_sig": false, "md5_digest": "9f062f6af322c4056c4bbf418b7e6fdd", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 34525, "upload_time": "2019-09-04T18:48:29", "url": "https://files.pythonhosted.org/packages/15/a8/ab696dcc367b23462b7fddabb1b3ef66f7af38c6095157166a6a1a2cc373/ssh_audit-2.0.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "d056420c4e14d94ac26e7050e2e46070", "sha256": "ab180192c781105ad95230158cf599709667256634cf44b573dbcbfcd64a5221" }, "downloads": -1, "filename": "ssh-audit-2.0.0.tar.gz", "has_sig": false, "md5_digest": "d056420c4e14d94ac26e7050e2e46070", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36265, "upload_time": "2019-09-04T18:48:31", "url": "https://files.pythonhosted.org/packages/2e/8f/f9833634c9092e25a5bd1a73d3a2a72d6cd7f4480a3c4b37c17ea3f2bcda/ssh-audit-2.0.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "9f062f6af322c4056c4bbf418b7e6fdd", "sha256": "7a7c717f8a8b3f65874010b21cba7a88a3399aa5da7c3f0d8ffbcd553ce7c4a6" }, "downloads": -1, "filename": "ssh_audit-2.0.0-py3-none-any.whl", "has_sig": false, "md5_digest": "9f062f6af322c4056c4bbf418b7e6fdd", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": null, "size": 34525, "upload_time": "2019-09-04T18:48:29", "url": "https://files.pythonhosted.org/packages/15/a8/ab696dcc367b23462b7fddabb1b3ef66f7af38c6095157166a6a1a2cc373/ssh_audit-2.0.0-py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "d056420c4e14d94ac26e7050e2e46070", "sha256": "ab180192c781105ad95230158cf599709667256634cf44b573dbcbfcd64a5221" }, "downloads": -1, "filename": "ssh-audit-2.0.0.tar.gz", "has_sig": false, "md5_digest": "d056420c4e14d94ac26e7050e2e46070", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 36265, "upload_time": "2019-09-04T18:48:31", "url": "https://files.pythonhosted.org/packages/2e/8f/f9833634c9092e25a5bd1a73d3a2a72d6cd7f4480a3c4b37c17ea3f2bcda/ssh-audit-2.0.0.tar.gz" } ] }