network-utility 1.1.62 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b52e37176f28650bea03c4d996018c516d5c780775725db49a3fde963f4a0e5f
-  data.tar.gz: 8f138c019e14c0bf9f24b24e50108dac4eea7cab22e7274d83babad0dbaec96e
+  metadata.gz: c8d6c9de02a10fbfb742fe2ec10d5b98fab8ce8398f635012c53ccb5a3e12a58
+  data.tar.gz: d869326b07a6023b9bbecd4ea14866e6e92201ac566d100a45d4eaa6fe7b9ce4
 SHA512:
-  metadata.gz: d04392372b1e23d4c9157c9ab5ff47799c1ffbb1b3dcc045b3062629632d5b5fb0af13005d63e6ed42bfb28ec35cc300daf9046d18bb80621955c21359ff2e2e
-  data.tar.gz: abed1d881a283f5f722b5ed0f3b19324bdc805008b3e3fe050cdc5e36e40681e679a6d8aef044268d5961b254fb2bf97deb875eb8556ce84bbb51ab36086f6a0
+  metadata.gz: 97930037e680adcf70a59706305e1f71c5a9633095c094080e28a7bd26e8b837fb5a9040d4f0f143fe32201e090192401df905780851d9d854979168490558e3
+  data.tar.gz: 85108233ddc36ca6ad171c6560e12c4595261f97495d0fab4aa35471cbef25cdb4d3416a5714b2c28b8cba990a8d1f2950df69e9d68aed83427b91371fbebdac

data/application/ssh-detect

@@ -0,0 +1,30 @@
+#!/usr/bin/env ruby
+# SSH协议检测器 (简化实用版)
+# 功能: 检测SSH服务器支持的KEX/Cipher/MAC/HostKey算法
+# 协议: 实现SSH-TRANS传输层协议 (RFC 4253)
+require 'cc'
+require 'network'
+
+if :main
+  if ARGV.empty?
+    puts "SSH协议检测器 (Ruby实现)"
+    puts "=" * 50
+    puts "用法: ruby ssh_detector.rb <主机> [端口]"
+    puts ""
+    puts "示例:"
+    puts "  ruby ssh_detector.rb github.com"
+    puts "  ruby ssh_detector.rb 192.168.1.100 2222"
+    puts ""
+    puts "说明:"
+    puts "  • 实现SSH-TRANS传输层协议 (RFC 4253)"
+    puts "  • 探测KEX/Cipher/MAC/HostKey算法支持"
+    puts "  • 识别弱算法和安全风险"
+    puts "  • 无需外部gem依赖"
+    exit 1
+  end
+
+  host = ARGV[0]
+  port = (ARGV[1] || 22).to_i
+
+  SSHDetector.new(host, port).detect
+end

data/network.rb

@@ -11,7 +11,10 @@
 ].each{|mod|require "utility/#{mod}"}
 
 [
-  'snmp'
+  'ssh/2310/detector/ssh_native_detector',
+  'ssh/2310/detector/ssh_detector_final',
+  'ssh/2310/detector/ssh_detector',
+  'snmp/snmp'
 ].each{|mod|require "support/#{mod}"}
 
 [
@@ -23,5 +26,5 @@
 ].each{|mod|require mod}
 
 module Network
-  VERSION = '1.1.62'
+  VERSION = '2.0.0'
 end

data/support/ssh/2310/detector/ssh_detector.rb

@@ -0,0 +1,259 @@
+#!/usr/bin/env ruby
+# SSH协议检测器 - 探测对端支持的算法套件
+# 依赖: gem install net-ssh
+
+require 'net/ssh'
+require 'net/ssh/transport/session'
+require 'socket'
+require 'timeout'
+
+class SSHProtocolDetector
+  attr_reader :host, :port, :results
+
+  # 已知的算法分类
+  KEX_ALGORITHMS = [
+    "curve25519-sha256", "curve25519-sha256@libssh.org",
+    "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521",
+    "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512",
+    "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256",
+    "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1",
+    "kex-strict-s-v00@openssh.com"
+  ].freeze
+
+  CIPHER_ALGORITHMS = [
+    "chacha20-poly1305@openssh.com",
+    "aes256-gcm@openssh.com", "aes128-gcm@openssh.com",
+    "aes256-ctr", "aes192-ctr", "aes128-ctr",
+    "aes256-cbc", "aes192-cbc", "aes128-cbc",
+    "3des-cbc", "blowfish-cbc", "cast128-cbc",
+    "arcfour", "arcfour128", "arcfour256"
+  ].freeze
+
+  MAC_ALGORITHMS = [
+    "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com",
+    "hmac-sha1-etm@openssh.com",
+    "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1",
+    "hmac-md5", "hmac-md5-96", "hmac-sha1-96",
+    "umac-64-etm@openssh.com", "umac-128-etm@openssh.com",
+    "umac-64@openssh.com", "umac-128@openssh.com"
+  ].freeze
+
+  HOST_KEY_ALGORITHMS = [
+    "ssh-ed25519", "ssh-ed25519-cert-v01@openssh.com",
+    "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521",
+    "rsa-sha2-512", "rsa-sha2-256",
+    "ssh-rsa", "ssh-dss"
+  ].freeze
+
+  COMPRESSION_ALGORITHMS = [
+    "none", "zlib@openssh.com", "zlib"
+  ].freeze
+
+  def initialize(host, port = 22, timeout = 10)
+    @host = host
+    @port = port
+    @timeout = timeout
+    @results = {}
+  end
+
+  # 主检测方法
+  def detect
+    puts "🔍 正在检测 SSH 协议支持: #{@host}:#{@port}"
+    puts "=" * 60
+
+    # 1. 基础连通性检测
+    return false unless check_connectivity
+
+    # 2. 获取Banner信息
+    fetch_banner
+
+    # 3. 使用Net::SSH探测算法
+    probe_algorithms
+
+    # 4. 详细握手分析
+    analyze_handshake
+
+    display_results
+    true
+  rescue => e
+    puts "❌ 检测失败: #{e.message}"
+    false
+  end
+
+  private
+
+  # 检查TCP连通性
+  def check_connectivity
+    Timeout::timeout(@timeout) do
+      TCPSocket.new(@host, @port).close
+    end
+    puts "✅ TCP连接正常"
+    true
+  rescue => e
+    puts "❌ 无法连接到 #{@host}:#{@port} - #{e.message}"
+    false
+  end
+
+  # 获取SSH Banner
+  def fetch_banner
+    socket = TCPSocket.new(@host, @port)
+    banner = socket.gets&.chomp
+    socket.close
+
+    @results[:banner] = banner
+    puts "📢 SSH Banner: #{banner}"
+
+    # 解析版本
+    if banner =~ /SSH-(\d+\.\d+)-(.+)/
+      @results[:protocol_version] = $1
+      @results[:software_version] = $2
+    end
+  rescue => e
+    puts "⚠️  获取Banner失败: #{e.message}"
+  end
+
+  # 探测支持的算法
+  def probe_algorithms
+    puts "\n🔬 正在探测算法支持..."
+
+    begin
+      # 创建临时SSH会话获取算法列表
+      session = Net::SSH::Transport::Session.new(
+        @host,
+        port: @port,
+        timeout: @timeout,
+        # 提供所有可能的算法进行协商
+        kex: KEX_ALGORITHMS,
+        host_key: HOST_KEY_ALGORITHMS,
+        encryption: CIPHER_ALGORITHMS,
+        hmac: MAC_ALGORITHMS,
+        compression: COMPRESSION_ALGORITHMS,
+        # 不验证主机密钥，仅探测
+        paranoid: false,
+        verify_host_key: :never,
+        # 使用空认证，仅完成KEX
+        auth_methods: ['none']
+      )
+
+      # 获取协商后的算法
+      algorithms = session.algorithms
+
+      @results[:negotiated] = {
+        kex: algorithms.kex,
+        host_key: algorithms.host_key,
+        encryption_client: algorithms.encryption[:client],
+        encryption_server: algorithms.encryption[:server],
+        mac_client: algorithms.hmac[:client],
+        mac_server: algorithms.hmac[:server],
+        compression_client: algorithms.compression[:client],
+        compression_server: algorithms.compression[:server]
+      }
+
+      session.close
+    rescue Net::SSH::AuthenticationFailed
+      # 认证失败是正常的，说明KEX已完成
+      puts "✅ 密钥交换成功 (认证阶段被拒绝)"
+    rescue => e
+      puts "⚠️  算法探测警告: #{e.message}"
+    end
+  end
+
+  # 深度握手分析
+  def analyze_handshake
+    puts "\n🔍 分析密钥交换详情..."
+
+    socket = TCPSocket.new(@host, @port)
+
+    # 发送我们的Banner
+    socket.write("SSH-2.0-RubyDetector_1.0\r\n")
+
+    # 读取服务器Banner
+    banner = socket.gets
+    puts "   服务器回应: #{banner&.chomp}"
+
+    socket.close
+  rescue => e
+    puts "⚠️  握手分析受限: #{e.message}"
+  end
+
+  # 显示结果
+  def display_results
+    puts "\n" + "=" * 60
+    puts "📊 检测结果汇总"
+    puts "=" * 60
+
+    if @results[:protocol_version]
+      puts "\n🌐 协议版本: SSH-#{@results[:protocol_version]}"
+      puts "🖥️  软件版本: #{@results[:software_version]}"
+    end
+
+    if @results[:negotiated]
+      neg = @results[:negotiated]
+      puts "\n🤝 协商成功的算法组合:"
+      puts "   密钥交换: #{neg[:kex]}"
+      puts "   主机密钥: #{neg[:host_key]}"
+      puts "   加密算法(客户端→服务端): #{neg[:encryption_client]}"
+      puts "   加密算法(服务端→客户端): #{neg[:encryption_server]}"
+      puts "   MAC算法(客户端→服务端): #{neg[:mac_client]}"
+      puts "   MAC算法(服务端→客户端): #{neg[:mac_server]}"
+      puts "   压缩(客户端→服务端): #{neg[:compression_client]}"
+      puts "   压缩(服务端→客户端): #{neg[:compression_server]}"
+    end
+
+    puts "\n🔐 安全建议:"
+    check_security
+  end
+
+  # 安全检查
+  def check_security
+    neg = @results[:negotiated]
+    return unless neg
+
+    # 检查弱算法
+    weak_kex = ["diffie-hellman-group1-sha1", "diffie-hellman-group14-sha1"]
+    weak_cipher = ["3des-cbc", "blowfish-cbc", "cast128-cbc", "arcfour", "arcfour128", "arcfour256", "aes256-cbc", "aes192-cbc", "aes128-cbc"]
+    weak_mac = ["hmac-md5", "hmac-md5-96", "hmac-sha1-96"]
+
+    warnings = []
+
+    if weak_kex.include?(neg[:kex])
+      warnings << "⚠️  使用弱密钥交换算法: #{neg[:kex]}"
+    end
+
+    if weak_cipher.include?(neg[:encryption_client]) || weak_cipher.include?(neg[:encryption_server])
+      warnings << "⚠️  使用弱加密算法"
+    end
+
+    if weak_mac.include?(neg[:mac_client]) || weak_mac.include?(neg[:mac_server])
+      warnings << "⚠️  使用弱MAC算法"
+    end
+
+    if warnings.empty?
+      puts "   ✅ 算法配置安全"
+    else
+      warnings.each { |w| puts "   #{w}" }
+    end
+
+    # 推荐配置
+    puts "\n💡 推荐算法:"
+    puts "   KEX: curve25519-sha256, ecdh-sha2-nistp521"
+    puts "   Cipher: chacha20-poly1305@openssh.com, aes256-gcm@openssh.com"
+    puts "   MAC: hmac-sha2-256-etm@openssh.com"
+  end
+end
+
+# 命令行接口
+if __FILE__ == $0
+  if ARGV.empty?
+    puts "用法: ruby ssh_detector.rb <host> [port]"
+    puts "示例: ruby ssh_detector.rb github.com"
+    puts "       ruby ssh_detector.rb 192.168.1.1 2222"
+    exit 1
+  end
+
+  host = ARGV[0]
+  port = (ARGV[1] || 22).to_i
+
+  detector = SSHProtocolDetector.new(host, port)
+  detector.detect
+end

data/support/ssh/2310/detector/ssh_detector_final.rb

@@ -0,0 +1,273 @@
+#!/usr/bin/env ruby
+# SSH协议检测器 (简化实用版)
+# 功能: 检测SSH服务器支持的KEX/Cipher/MAC/HostKey算法
+# 协议: 实现SSH-TRANS传输层协议 (RFC 4253)
+
+require 'socket'
+require 'timeout'
+
+class SSHDetector
+  # SSH消息类型
+  SSH_MSG_KEXINIT = 20
+
+  # 测试用的算法列表
+  TEST_ALGORITHMS = {
+    kex: "curve25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512",
+    host_key: "ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-512,rsa-sha2-256,ssh-rsa",
+    cipher: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr",
+    mac: "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512",
+    compression: "none,zlib@openssh.com"
+  }
+
+  def initialize(host, port = 22)
+    @host = host
+    @port = port
+    @socket = nil
+  end
+
+  def detect
+    puts "\n🔍 SSH协议检测: #{@host}:#{@port}"
+    puts "=" * 60
+
+    connect
+    banner = exchange_banner
+    kex_data = perform_kex_init
+
+    if kex_data
+      display_results(banner, kex_data)
+    else
+      puts "❌ 无法完成密钥交换"
+    end
+  rescue => e
+    puts "❌ 错误: #{e.message}"
+  ensure
+    @socket&.close
+  end
+
+  private
+
+  def connect
+    @socket = TCPSocket.new(@host, @port)
+    puts "✅ TCP连接成功"
+  end
+
+  def exchange_banner
+    # 发送客户端Banner
+    @socket.write("SSH-2.0-RubyDetector_1.0\r\n")
+
+    # 读取服务器Banner
+    banner = @socket.gets&.chomp
+    puts "📢 服务器Banner: #{banner}"
+
+    # 检查版本
+    if banner =~ /SSH-(\d+\.\d+)-(.+)/
+      version = $1
+      software = $2
+      puts "   协议版本: SSH-#{version}"
+      puts "   软件版本: #{software}"
+
+      if version.start_with?("1.")
+        puts "⚠️  警告: 服务器支持SSH v1（不安全）"
+      end
+    end
+
+    banner
+  end
+
+  def perform_kex_init
+    puts "\n🔬 执行密钥交换探测..."
+
+    # 构造KEX_INIT包
+    send_kex_init
+
+    # 接收服务器KEX_INIT
+    payload = recv_packet
+    return nil unless payload
+
+    # 解析算法列表
+    parse_kex_init(payload)
+  end
+
+  def send_kex_init
+    # 构造KEXINIT payload
+    payload = [SSH_MSG_KEXINIT].pack("C")  # 消息类型
+    payload += "\x00" * 16  # cookie (16字节随机，这里简化)
+
+    # 添加算法列表 (name-list: uint32长度 + 字符串)
+    TEST_ALGORITHMS.each do |_, algos|
+      payload += [algos.length].pack("N") + algos
+    end
+
+    # 语言列表 (空)
+    payload += [0].pack("N")  # languages_client_to_server
+    payload += [0].pack("N")  # languages_server_to_client
+    payload += [0].pack("C")  # first_kex_packet_follows = false
+    payload += [0].pack("N")  # 保留
+
+    # 包装成SSH包
+    send_packet(payload)
+  end
+
+  def send_packet(payload)
+    block_size = 8
+    min_padding = 4
+
+    payload_len = payload.length
+    padding_len = block_size - ((payload_len + 5) % block_size)
+    padding_len += block_size if padding_len < min_padding
+
+    packet_len = payload_len + padding_len + 1
+    packet = [packet_len].pack("N")
+    packet += [padding_len].pack("C")
+    packet += payload
+    packet += "\x00" * padding_len
+
+    @socket.write(packet)
+  end
+
+  def recv_packet
+    # 读取包长度
+    len_bytes = @socket.read(4)
+    return nil unless len_bytes && len_bytes.length == 4
+
+    packet_len = len_bytes.unpack1("N")
+    return nil if packet_len > 35000
+
+    # 读取包内容
+    packet = @socket.read(packet_len)
+    return nil unless packet && packet.length == packet_len
+
+    # 解析: padding_len(1) + payload + padding
+    padding_len = packet[0].unpack1("C")
+    packet[1..-(padding_len+1)]
+  end
+
+  def parse_kex_init(payload)
+    return nil if payload.nil? || payload.empty?
+
+    msg_type = payload[0].unpack1("C")
+    return nil unless msg_type == SSH_MSG_KEXINIT
+
+    # 跳过16字节cookie
+    offset = 17
+
+    # 读取name-list的辅助函数
+    read_list = lambda {
+      return nil if offset + 4 > payload.length
+      len = payload[offset, 4].unpack1("N")
+      offset += 4
+      return nil if offset + len > payload.length
+      str = payload[offset, len]
+      offset += len
+      str.split(",")
+    }
+
+    {
+      kex: read_list.call,
+      host_key: read_list.call,
+      cipher_c2s: read_list.call,
+      cipher_s2c: read_list.call,
+      mac_c2s: read_list.call,
+      mac_s2c: read_list.call,
+      compress_c2s: read_list.call,
+      compress_s2c: read_list.call
+    }
+  end
+
+  def display_results(banner, data)
+    puts "\n" + "=" * 60
+    puts "📊 检测结果"
+    puts "=" * 60
+
+    puts "\n🔑 密钥交换算法 (KEX) - #{data[:kex]&.length || 0}种:"
+    data[:kex]&.each_slice(4) { |slice| puts "   • #{slice.join(' • ')}" }
+
+    puts "\n🔐 主机密钥算法 (Host Key) - #{data[:host_key]&.length || 0}种:"
+    data[:host_key]&.each_slice(4) { |slice| puts "   • #{slice.join(' • ')}" }
+
+    puts "\n🔒 加密算法 (Cipher) - #{data[:cipher_c2s]&.length || 0}种:"
+    data[:cipher_c2s]&.each_slice(3) { |slice| puts "   • #{slice.join(' • ')}" }
+
+    puts "\n📝 MAC算法 - #{data[:mac_c2s]&.length || 0}种:"
+    data[:mac_c2s]&.each_slice(3) { |slice| puts "   • #{slice.join(' • ')}" }
+
+    puts "\n📦 压缩算法 - #{data[:compress_c2s]&.length || 0}种:"
+    puts "   • #{data[:compress_c2s]&.join(' • ')}"
+
+    # 安全分析
+    analyze_security(data)
+
+    puts "\n📋 SSH协议栈结构:"
+    puts "   ┌─────────────────────────────────────┐"
+    puts "   │  SSH-CONN (连接层) - 端口转发/会话   │"
+    puts "   ├─────────────────────────────────────┤"
+    puts "   │  SSH-AUTH (认证层) - 用户认证         │"
+    puts "   ├─────────────────────────────────────┤"
+    puts "   │  SSH-TRANS (传输层)                  │"
+    puts "   │  ├── KEX: #{data[:kex]&.first || 'N/A'}"[0..50]
+    puts "   │  ├── Cipher: #{data[:cipher_c2s]&.first || 'N/A'}"[0..50]
+    puts "   │  ├── MAC: #{data[:mac_c2s]&.first || 'N/A'}"[0..50]
+    puts "   │  └── Compression: #{data[:compress_c2s]&.first || 'none'}"[0..50]
+    puts "   └─────────────────────────────────────┘"
+  end
+
+  def analyze_security(data)
+    puts "\n🔐 安全分析:"
+
+    weak_algos = {
+      "diffie-hellman-group1-sha1" => "使用SHA1的DH组1（非常弱）",
+      "diffie-hellman-group14-sha1" => "使用SHA1的DH组14",
+      "3des-cbc" => "3DES加密（慢且不安全）",
+      "blowfish-cbc" => "Blowfish（已废弃）",
+      "arcfour" => "RC4（严重不安全）",
+      "hmac-md5" => "MD5哈希（不安全）",
+      "hmac-sha1" => "SHA1（考虑升级）"
+    }
+
+    issues = []
+    all_algos = (data[:kex] || []) + (data[:cipher_c2s] || []) + (data[:mac_c2s] || [])
+
+    weak_algos.each do |algo, desc|
+      if all_algos.any? { |a| a.include?(algo) }
+        issues << "⚠️  发现弱算法 #{algo}: #{desc}"
+      end
+    end
+
+    if issues.empty?
+      puts "   ✅ 未发现明显的弱算法"
+    else
+      issues.each { |i| puts "   #{i}" }
+    end
+
+    # 推荐
+    puts "\n💡 推荐配置:"
+    puts "   KEX: curve25519-sha256, ecdh-sha2-nistp521"
+    puts "   Cipher: chacha20-poly1305@openssh.com, aes256-gcm@openssh.com"
+    puts "   MAC: hmac-sha2-256-etm@openssh.com"
+  end
+end
+
+# 命令行入口
+if __FILE__ == $0
+  if ARGV.empty?
+    puts "SSH协议检测器 (Ruby实现)"
+    puts "=" * 50
+    puts "用法: ruby ssh_detector.rb <主机> [端口]"
+    puts ""
+    puts "示例:"
+    puts "  ruby ssh_detector.rb github.com"
+    puts "  ruby ssh_detector.rb 192.168.1.100 2222"
+    puts ""
+    puts "说明:"
+    puts "  • 实现SSH-TRANS传输层协议 (RFC 4253)"
+    puts "  • 探测KEX/Cipher/MAC/HostKey算法支持"
+    puts "  • 识别弱算法和安全风险"
+    puts "  • 无需外部gem依赖"
+    exit 1
+  end
+
+  host = ARGV[0]
+  port = (ARGV[1] || 22).to_i
+
+  SSHDetector.new(host, port).detect
+end

data/support/ssh/2310/detector/ssh_native_detector.rb

@@ -0,0 +1,348 @@
+#!/usr/bin/env ruby
+# SSH协议检测器 - 原生实现（无需外部gem）
+# 实现SSH传输层协议RFC 4253，直接解析二进制协议
+
+require 'socket'
+require 'timeout'
+require 'digest'
+
+class SSHNativeDetector
+  SSH_MSG_KEXINIT = 20
+  SSH_MSG_NEWKEYS = 21
+
+  # 常用算法列表
+  ALGORITHMS = {
+    kex: [
+      "curve25519-sha256", "curve25519-sha256@libssh.org",
+      "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521",
+      "diffie-hellman-group-exchange-sha256", "diffie-hellman-group16-sha512",
+      "diffie-hellman-group18-sha512", "diffie-hellman-group14-sha256",
+      "diffie-hellman-group-exchange-sha1", "diffie-hellman-group14-sha1",
+      "diffie-hellman-group1-sha1"
+    ],
+    host_key: [
+      "ssh-ed25519", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384", 
+      "ecdsa-sha2-nistp521", "rsa-sha2-512", "rsa-sha2-256", "ssh-rsa", "ssh-dss"
+    ],
+    cipher: [
+      "chacha20-poly1305@openssh.com",
+      "aes256-gcm@openssh.com", "aes128-gcm@openssh.com",
+      "aes256-ctr", "aes192-ctr", "aes128-ctr",
+      "aes256-cbc", "aes192-cbc", "aes128-cbc",
+      "3des-cbc", "blowfish-cbc", "cast128-cbc"
+    ],
+    mac: [
+      "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com",
+      "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1",
+      "hmac-md5", "umac-64@openssh.com", "umac-128@openssh.com"
+    ],
+    compression: ["none", "zlib@openssh.com", "zlib"]
+  }
+
+  def initialize(host, port = 22, timeout = 10)
+    @host = host
+    @port = port
+    @timeout = timeout
+    @results = {}
+    @socket = nil
+  end
+
+  def detect
+    puts "🔍 SSH协议深度检测: #{@host}:#{@port}"
+    puts "=" * 70
+
+    begin
+      connect
+      exchange_banner
+      perform_kex_init
+      analyze_security
+      display_report
+    rescue => e
+      puts "❌ 错误: #{e.message}"
+      puts e.backtrace.first(3).join("\n")
+    ensure
+      @socket&.close
+    end
+  end
+
+  private
+
+  def connect
+    @socket = Timeout::timeout(@timeout) { TCPSocket.new(@host, @port) }
+    puts "✅ TCP连接建立成功"
+  end
+
+  def exchange_banner
+    # 发送客户端Banner
+    @socket.write("SSH-2.0-RubyDetector_1.0\r\n")
+
+    # 读取服务器Banner
+    server_banner = @socket.gets&.chomp
+    raise "未收到SSH Banner" unless server_banner
+
+    @results[:server_banner] = server_banner
+    puts "📢 服务器Banner: #{server_banner}"
+
+    # 解析版本
+    if server_banner =~ /SSH-(\d+\.\d+)-(.+)/
+      @results[:ssh_version] = $1
+      @results[:software] = $2
+    else
+      raise "无效的SSH Banner格式"
+    end
+
+    # 检查旧版本
+    if @results[:ssh_version] == "1.99" || @results[:ssh_version]&.start_with?("1.")
+      puts "⚠️  警告: 服务器支持SSH v1（不安全）"
+    end
+  end
+
+  def perform_kex_init
+    puts "\n🔬 执行密钥交换初始化..."
+
+    # 构造KEX_INIT包
+    kex_packet = build_kex_init_packet
+    send_packet(kex_packet)
+
+    # 接收服务器的KEX_INIT
+    server_packet = recv_packet
+    raise "未收到KEX_INIT" unless server_packet
+
+    # 解析服务器的算法列表
+    parse_server_kex(server_packet)
+
+    puts "✅ 密钥交换初始化完成"
+  end
+
+  def build_kex_init_packet
+    # SSH KEX_INIT 包结构:
+    # byte      SSH_MSG_KEXINIT (20)
+    # byte[16]  cookie (随机)
+    # name-list kex_algorithms
+    # name-list server_host_key_algorithms
+    # name-list encryption_algorithms_client_to_server
+    # name-list encryption_algorithms_server_to_client
+    # name-list mac_algorithms_client_to_server
+    # name-list mac_algorithms_server_to_client
+    # name-list compression_algorithms_client_to_server
+    # name-list compression_algorithms_server_to_client
+    # name-list languages_client_to_server (空)
+    # name-list languages_server_to_client (空)
+    # boolean   first_kex_packet_follows (false)
+    # uint32    0 (保留)
+
+    payload = [SSH_MSG_KEXINIT].pack("C")  # 消息类型
+    payload += SecureRandom.random_bytes(16) if defined?(SecureRandom) # cookie
+    payload += "0" * 16 unless defined?(SecureRandom)  # 简化cookie
+
+    # 添加算法列表（name-list格式: uint32长度 + 逗号分隔字符串）
+    payload += encode_name_list(ALGORITHMS[:kex])
+    payload += encode_name_list(ALGORITHMS[:host_key])
+    payload += encode_name_list(ALGORITHMS[:cipher])
+    payload += encode_name_list(ALGORITHMS[:cipher])  # 服务器到客户端
+    payload += encode_name_list(ALGORITHMS[:mac])
+    payload += encode_name_list(ALGORITHMS[:mac])
+    payload += encode_name_list(ALGORITHMS[:compression])
+    payload += encode_name_list(ALGORITHMS[:compression])
+    payload += encode_name_list([])  # languages
+    payload += encode_name_list([])
+    payload += [0].pack("C")  # first_kex_packet_follows = false
+    payload += [0].pack("N")  # 保留
+
+    wrap_packet(payload)
+  end
+
+  def encode_name_list(list)
+    str = list.join(",")
+    [str.length].pack("N") + str
+  end
+
+  def wrap_packet(payload)
+    # SSH包格式: uint32长度 + byte填充长度 + payload + 随机填充
+    block_size = 8
+    min_padding = 4
+
+    payload_len = payload.length
+    padding_len = block_size - ((payload_len + 5) % block_size)
+    padding_len += block_size if padding_len < min_padding
+
+    packet_len = payload_len + padding_len + 1
+    packet = [packet_len].pack("N")
+    packet += [padding_len].pack("C")
+    packet += payload
+    packet += "\x00" * padding_len  # 简化填充
+
+    packet
+  end
+
+  def send_packet(data)
+    @socket.write(data)
+  end
+
+  def recv_packet
+    # 读取包长度
+    len_bytes = @socket.read(4)
+    return nil unless len_bytes && len_bytes.length == 4
+
+    packet_len = len_bytes.unpack1("N")
+    return nil if packet_len > 35000  # 安全检查
+
+    # 读取剩余数据
+    packet = @socket.read(packet_len)
+    return nil unless packet && packet.length == packet_len
+
+    # 解析: padding_len(1) + payload + padding
+    padding_len = packet[0].unpack1("C")
+    payload = packet[1..-(padding_len+1)]
+
+    payload
+  end
+
+  def parse_server_kex(payload)
+    return if payload.nil? || payload.empty?
+
+    msg_type = payload[0].unpack1("C")
+    return unless msg_type == SSH_MSG_KEXINIT
+
+    # 跳过cookie(16字节)，开始解析name-lists
+    offset = 17
+
+    # 辅助方法：读取name-list
+    read_list = ->() {
+      return nil if offset + 4 > payload.length
+      len = payload[offset, 4].unpack1("N")
+      offset += 4
+      return nil if offset + len > payload.length
+      str = payload[offset, len]
+      offset += len
+      str.split(",")
+    }
+
+    @results[:server_kex] = read_list.call
+    @results[:server_host_key] = read_list.call
+    @results[:server_cipher_c2s] = read_list.call
+    @results[:server_cipher_s2c] = read_list.call
+    @results[:server_mac_c2s] = read_list.call
+    @results[:server_mac_s2c] = read_list.call
+    @results[:server_compress_c2s] = read_list.call
+    @results[:server_compress_s2c] = read_list.call
+
+    # 计算协商结果（取交集的第一个）
+    @results[:negotiated_kex] = negotiate(ALGORITHMS[:kex], @results[:server_kex])
+    @results[:negotiated_cipher] = negotiate(ALGORITHMS[:cipher], @results[:server_cipher_c2s])
+    @results[:negotiated_mac] = negotiate(ALGORITHMS[:mac], @results[:server_mac_c2s])
+  end
+
+  def negotiate(client_prefs, server_list)
+    return nil unless server_list
+    server_set = server_list.to_set
+    client_prefs.find { |alg| server_set.include?(alg) }
+  end
+
+  def analyze_security
+    puts "\n🔐 安全分析..."
+
+    @results[:security_issues] = []
+
+    # 检查弱算法
+    weak_algorithms = {
+      "diffie-hellman-group1-sha1" => "使用SHA1的DH组1（非常弱）",
+      "diffie-hellman-group14-sha1" => "使用SHA1的DH组14",
+      "3des-cbc" => "3DES加密（慢且不安全）",
+      "blowfish-cbc" => "Blowfish（已废弃）",
+      "cast128-cbc" => "CAST128（已废弃）",
+      "arcfour" => "RC4（严重不安全）",
+      "hmac-md5" => "MD5哈希（不安全）",
+      "hmac-sha1-96" => "截断的SHA1"
+    }
+
+    [@results[:negotiated_kex], @results[:negotiated_cipher], @results[:negotiated_mac]].compact.each do |alg|
+      if weak_algorithms[alg]
+        @results[:security_issues] << "⚠️  #{alg}: #{weak_algorithms[alg]}"
+      end
+    end
+
+    if @results[:security_issues].empty?
+      puts "✅ 未检测到明显的弱算法"
+    else
+      @results[:security_issues].each { |issue| puts "   #{issue}" }
+    end
+  end
+
+  def display_report
+    puts "\n" + "=" * 70
+    puts "📊 SSH协议检测报告"
+    puts "=" * 70
+
+    puts "\n🌐 基本信息:"
+    puts "   目标: #{@host}:#{@port}"
+    puts "   协议版本: SSH-#{@results[:ssh_version]}"
+    puts "   软件版本: #{@results[:software]}"
+
+    puts "\n🔑 密钥交换算法 (KEX):"
+    puts "   协商结果: #{@results[:negotiated_kex] || 'N/A'}"
+    puts "   服务器支持 (#{@results[:server_kex]&.length || 0}种):"
+    display_list(@results[:server_kex], 5)
+
+    puts "\n🔐 加密算法 (Cipher):"
+    puts "   协商结果: #{@results[:negotiated_cipher] || 'N/A'}"
+    puts "   服务器支持 (#{@results[:server_cipher_c2s]&.length || 0}种):"
+    display_list(@results[:server_cipher_c2s], 5)
+
+    puts "\n📝 MAC算法:"
+    puts "   协商结果: #{@results[:negotiated_mac] || 'N/A'}"
+    puts "   服务器支持 (#{@results[:server_mac_c2s]&.length || 0}种):"
+    display_list(@results[:server_mac_c2s], 5)
+
+    puts "\n📦 压缩算法:"
+    puts "   服务器支持: #{@results[:server_compress_c2s]&.join(', ') || 'N/A'}"
+
+    puts "\n💡 安全建议:"
+    if @results[:security_issues]&.any?
+      puts "   发现 #{@results[:security_issues].length} 个安全问题，建议升级服务器配置"
+    else
+      puts "   ✅ 算法配置良好"
+    end
+
+    puts "\n📋 协议栈总结:"
+    puts "   SSH-TRANS (传输层): 版本 #{@results[:ssh_version]}"
+    puts "   ├── 密钥交换: #{@results[:negotiated_kex]}"
+    puts "   ├── 加密: #{@results[:negotiated_cipher]}"
+    puts "   ├── 完整性: #{@results[:negotiated_mac]}"
+    puts "   └── 压缩: #{@results[:server_compress_c2s]&.first || 'none'}"
+  end
+
+  def display_list(list, per_line)
+    return unless list
+    list.each_slice(per_line) do |slice|
+      puts "      • #{slice.join(' • ')}"
+    end
+  end
+end
+
+# 命令行入口
+if __FILE__ == $0
+  if ARGV.empty?
+    puts "SSH协议检测器 - 原生Ruby实现"
+    puts "=" * 50
+    puts "用法: ruby ssh_native_detector.rb <主机> [端口]"
+    puts ""
+    puts "示例:"
+    puts "  ruby ssh_native_detector.rb github.com"
+    puts "  ruby ssh_native_detector.rb 192.168.1.100 2222"
+    puts ""
+    puts "功能:"
+    puts "  • 检测SSH协议版本和软件版本"
+    puts "  • 获取服务器支持的所有算法"
+    puts "  • 分析密钥交换、加密、MAC算法"
+    puts "  • 识别弱算法和安全风险"
+    puts "  • 无需外部依赖（纯Ruby实现）"
+    exit 1
+  end
+
+  host = ARGV[0]
+  port = (ARGV[1] || 22).to_i
+
+  detector = SSHNativeDetector.new(host, port)
+  detector.detect
+end

metadata

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: network-utility
 version: !ruby/object:Gem::Version
-  version: 1.1.62
+  version: 2.0.0
 platform: ruby
 authors:
 - Matt
-bindir: bin
+bindir: application
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
@@ -41,13 +41,15 @@ description: network-core
 email:
 - matthrewchains@gmail.com
 - 18995691365@189.cn
-executables: []
+executables:
+- ssh-detect
 extensions: []
 extra_rdoc_files: []
 files:
 - GEMFILE
 - LICENSE
 - README.md
+- application/ssh-detect
 - document/acl-CR16010H-F.md
 - document/acl-CR16018-F.md
 - document/acl-CR19000-20.md
@@ -272,7 +274,10 @@ files:
 - document/vpn-ZXCTN9000-18EA.md
 - document/vpn-ZXCTN9000-8EA.md
 - network.rb
-- support/snmp.rb
+- support/snmp/snmp.rb
+- support/ssh/2310/detector/ssh_detector.rb
+- support/ssh/2310/detector/ssh_detector_final.rb
+- support/ssh/2310/detector/ssh_native_detector.rb
 - utility/asnum.rb
 - utility/ipv4_address.rb
 - utility/ipv6_address.rb
@@ -298,7 +303,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.8
+rubygems_version: 4.0.10
 specification_version: 4
 summary: core
 test_files: []