ssh_scan 0.0.15 → 0.0.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Rakefile +136 -0
- data/bin/ssh_scan +22 -5
- data/bin/ssh_scan_api +36 -0
- data/lib/ssh_scan.rb +1 -0
- data/lib/ssh_scan/api.rb +124 -0
- data/lib/ssh_scan/banner.rb +20 -2
- data/lib/ssh_scan/os.rb +1 -0
- data/lib/ssh_scan/os/raspbian.rb +39 -0
- data/lib/ssh_scan/os/ubuntu.rb +1 -1
- data/lib/ssh_scan/ssh_lib.rb +8 -0
- data/lib/ssh_scan/ssh_lib/cryptlib.rb +17 -0
- data/lib/ssh_scan/ssh_lib/dropbear.rb +1 -2
- data/lib/ssh_scan/ssh_lib/flowssh.rb +34 -0
- data/lib/ssh_scan/ssh_lib/ipssh.rb +34 -0
- data/lib/ssh_scan/ssh_lib/mpssh.rb +34 -0
- data/lib/ssh_scan/ssh_lib/nosssh.rb +34 -0
- data/lib/ssh_scan/ssh_lib/pgp.rb +17 -0
- data/lib/ssh_scan/ssh_lib/romsshell.rb +34 -0
- data/lib/ssh_scan/ssh_lib/sentryssh.rb +17 -0
- data/lib/ssh_scan/update.rb +10 -1
- data/lib/ssh_scan/version.rb +2 -1
- data/ssh_scan.gemspec +5 -0
- metadata +85 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4ee64bc0510d0062484755cc9258e947ddd53575
|
4
|
+
data.tar.gz: abc430f6465b494019aa648d358c25224d49f4ce
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e0b5318192b079acc3c8a7d4232f56029dcaa8ad48d5dc40e1abc64bea229ef40b29ef4f24e9a42bb989e09b589c9f3f604e1f89bb164c4da7837e97e7300c40
|
7
|
+
data.tar.gz: 5c6d3cbaea3d77c7d3394dcf20fdca6a90f8b5bc14973c971d88bc84ee8220fb4332f182c3f5621c9414544ca8d376432bfccc54a5855d6777fcb0840c689f60
|
data/Rakefile
CHANGED
@@ -4,6 +4,8 @@ require 'rubygems/package_task'
|
|
4
4
|
require 'rspec'
|
5
5
|
require 'rspec/core'
|
6
6
|
require 'rspec/core/rake_task'
|
7
|
+
require 'bundler/setup'
|
8
|
+
require 'ssh_scan/version'
|
7
9
|
|
8
10
|
$:.unshift File.join(File.dirname(__FILE__), "lib")
|
9
11
|
|
@@ -13,3 +15,137 @@ task :default => :spec
|
|
13
15
|
|
14
16
|
desc "Run all specs in spec directory"
|
15
17
|
RSpec::Core::RakeTask.new(:spec)
|
18
|
+
|
19
|
+
PACKAGE_NAME = "ssh_scan"
|
20
|
+
VERSION = SSHScan::VERSION
|
21
|
+
TRAVELING_RUBY_VERSION = "20150210-2.1.5"
|
22
|
+
SQLITE3_VERSION = "1.3.9" # Must match Gemfile
|
23
|
+
|
24
|
+
desc "Package your app"
|
25
|
+
task :package => ['package:linux:x86', 'package:linux:x86_64', 'package:osx', 'package:win32']
|
26
|
+
|
27
|
+
namespace :package do
|
28
|
+
namespace :linux do
|
29
|
+
desc "Package your app for Linux x86"
|
30
|
+
task :x86 => [:bundle_install,
|
31
|
+
"packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86.tar.gz",
|
32
|
+
"packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86-sqlite3-#{SQLITE3_VERSION}.tar.gz"
|
33
|
+
] do
|
34
|
+
create_package("linux-x86")
|
35
|
+
end
|
36
|
+
|
37
|
+
desc "Package your app for Linux x86_64"
|
38
|
+
task :x86_64 => [:bundle_install,
|
39
|
+
"packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64.tar.gz",
|
40
|
+
"packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64-sqlite3-#{SQLITE3_VERSION}.tar.gz"
|
41
|
+
] do
|
42
|
+
create_package("linux-x86_64")
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
desc "Package your app for OS X"
|
47
|
+
task :osx => [:bundle_install,
|
48
|
+
"packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx.tar.gz",
|
49
|
+
"packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx-sqlite3-#{SQLITE3_VERSION}.tar.gz"
|
50
|
+
] do
|
51
|
+
create_package("osx")
|
52
|
+
end
|
53
|
+
|
54
|
+
desc "Package your app for Windows x86"
|
55
|
+
task :win32 => [:bundle_install, "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-win32.tar.gz"] do
|
56
|
+
create_package("win32", :windows)
|
57
|
+
end
|
58
|
+
|
59
|
+
desc "Install gems to local directory"
|
60
|
+
task :bundle_install do
|
61
|
+
if RUBY_VERSION !~ /^2\.3\./
|
62
|
+
abort "You can only 'bundle install' using Ruby 2.3, because that's what Traveling Ruby uses."
|
63
|
+
end
|
64
|
+
sh "rm -rf packaging/tmp"
|
65
|
+
sh "mkdir packaging/tmp"
|
66
|
+
sh "mkdir packaging/tmp/lib"
|
67
|
+
sh "mkdir packaging/tmp/bin"
|
68
|
+
sh "cp -R lib/* packaging/tmp/lib"
|
69
|
+
sh "cp -R bin/* packaging/tmp/bin"
|
70
|
+
sh "cp Gemfile Gemfile.lock #{PACKAGE_NAME}.gemspec packaging/tmp/"
|
71
|
+
Bundler.with_clean_env do
|
72
|
+
sh "cd packaging/tmp && env BUNDLE_IGNORE_CONFIG=1 bundle install --path ../vendor --without development"
|
73
|
+
end
|
74
|
+
sh "rm -rf packaging/tmp"
|
75
|
+
sh "rm -f packaging/vendor/*/*/cache/*"
|
76
|
+
sh "rm -rf packaging/vendor/ruby/*/extensions"
|
77
|
+
sh "find packaging/vendor/ruby/*/gems -name '*.so' | xargs rm -f"
|
78
|
+
sh "find packaging/vendor/ruby/*/gems -name '*.bundle' | xargs rm -f"
|
79
|
+
sh "find packaging/vendor/ruby/*/gems -name '*.o' | xargs rm -f"
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86.tar.gz" do
|
84
|
+
download_runtime("linux-x86")
|
85
|
+
end
|
86
|
+
|
87
|
+
file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64.tar.gz" do
|
88
|
+
download_runtime("linux-x86_64")
|
89
|
+
end
|
90
|
+
|
91
|
+
file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx.tar.gz" do
|
92
|
+
download_runtime("osx")
|
93
|
+
end
|
94
|
+
|
95
|
+
file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-win32.tar.gz" do
|
96
|
+
download_runtime("win32")
|
97
|
+
end
|
98
|
+
|
99
|
+
file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86-sqlite3-#{SQLITE3_VERSION}.tar.gz" do
|
100
|
+
download_native_extension("linux-x86", "sqlite3-#{SQLITE3_VERSION}")
|
101
|
+
end
|
102
|
+
|
103
|
+
file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-linux-x86_64-sqlite3-#{SQLITE3_VERSION}.tar.gz" do
|
104
|
+
download_native_extension("linux-x86_64", "sqlite3-#{SQLITE3_VERSION}")
|
105
|
+
end
|
106
|
+
|
107
|
+
file "packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-osx-sqlite3-#{SQLITE3_VERSION}.tar.gz" do
|
108
|
+
download_native_extension("osx", "sqlite3-#{SQLITE3_VERSION}")
|
109
|
+
end
|
110
|
+
|
111
|
+
def create_package(target, os_type = :unix)
|
112
|
+
package_dir = "#{PACKAGE_NAME}-#{VERSION}-#{target}"
|
113
|
+
sh "rm -rf #{package_dir}"
|
114
|
+
sh "mkdir #{package_dir}"
|
115
|
+
sh "mkdir -p #{package_dir}/lib/app"
|
116
|
+
sh "cp bin/#{PACKAGE_NAME} #{package_dir}/lib/app/"
|
117
|
+
sh "mkdir #{package_dir}/lib/ruby"
|
118
|
+
sh "tar -xzf packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}.tar.gz -C #{package_dir}/lib/ruby"
|
119
|
+
if os_type == :unix
|
120
|
+
sh "cp packaging/wrapper.sh #{package_dir}/#{PACKAGE_NAME}"
|
121
|
+
else
|
122
|
+
sh "cp packaging/wrapper.bat #{package_dir}/#{PACKAGE_NAME}.bat"
|
123
|
+
end
|
124
|
+
|
125
|
+
sh "cp -R lib/* #{package_dir}/lib/"
|
126
|
+
sh "cp -pR packaging/vendor #{package_dir}/lib/"
|
127
|
+
sh "cp Gemfile Gemfile.lock #{PACKAGE_NAME}.gemspec #{package_dir}/lib/vendor/"
|
128
|
+
sh "mkdir #{package_dir}/lib/vendor/.bundle"
|
129
|
+
sh "cp packaging/bundler-config #{package_dir}/lib/vendor/.bundle/config"
|
130
|
+
sh "tar -xzf packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}-sqlite3-#{SQLITE3_VERSION}.tar.gz " +
|
131
|
+
"-C #{package_dir}/lib/vendor/ruby"
|
132
|
+
if !ENV['DIR_ONLY']
|
133
|
+
if os_type == :unix
|
134
|
+
sh "tar -czf #{package_dir}.tar.gz #{package_dir}"
|
135
|
+
else
|
136
|
+
sh "zip -9r #{package_dir}.zip #{package_dir}"
|
137
|
+
end
|
138
|
+
|
139
|
+
sh "rm -rf #{package_dir}"
|
140
|
+
end
|
141
|
+
end
|
142
|
+
|
143
|
+
def download_runtime(target)
|
144
|
+
sh "cd packaging && curl -L -O --fail " +
|
145
|
+
"https://d6r77u77i8pq3.cloudfront.net/releases/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}.tar.gz"
|
146
|
+
end
|
147
|
+
|
148
|
+
def download_native_extension(target, gem_name_and_version)
|
149
|
+
sh "curl -L --fail -o packaging/traveling-ruby-#{TRAVELING_RUBY_VERSION}-#{target}-#{gem_name_and_version}.tar.gz " +
|
150
|
+
"https://d6r77u77i8pq3.cloudfront.net/releases/traveling-ruby-gems-#{TRAVELING_RUBY_VERSION}-#{target}/#{gem_name_and_version}.tar.gz"
|
151
|
+
end
|
data/bin/ssh_scan
CHANGED
@@ -113,6 +113,10 @@ opt_parser = OptionParser.new do |opts|
|
|
113
113
|
options[:fingerprint_database] = fingerprint_db
|
114
114
|
end
|
115
115
|
|
116
|
+
opts.on("--suppress-update-status", "Do not check for updates") do
|
117
|
+
options[:suppress_update_status] = true
|
118
|
+
end
|
119
|
+
|
116
120
|
opts.on("-u", "--unit-test [FILE]",
|
117
121
|
"Throw appropriate exit codes based on compliance status") do
|
118
122
|
options[:unit_test] = true
|
@@ -138,6 +142,11 @@ opt_parser = OptionParser.new do |opts|
|
|
138
142
|
exit
|
139
143
|
end
|
140
144
|
|
145
|
+
opts.on("-l", "--listen", "Listen and serve API requests") do
|
146
|
+
SSHScan::API.run!
|
147
|
+
exit
|
148
|
+
end
|
149
|
+
|
141
150
|
opts.on_tail("-h", "--help", "Show this message") do
|
142
151
|
puts opts
|
143
152
|
puts "\nExamples:"
|
@@ -190,11 +199,19 @@ unless File.exists?(options[:policy])
|
|
190
199
|
end
|
191
200
|
|
192
201
|
# Check to see if we're running the latest released version
|
193
|
-
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
202
|
+
if !options[:suppress_update_status]
|
203
|
+
update = SSHScan::Update.new
|
204
|
+
if update.newer_gem_available?
|
205
|
+
options[:logger].warn("You're NOT using the latest version of ssh_scan, try 'gem update ssh_scan' to get the latest")
|
206
|
+
else
|
207
|
+
if update.errors.size > 0
|
208
|
+
update.errors.each do |error|
|
209
|
+
options[:logger].error(error)
|
210
|
+
end
|
211
|
+
else
|
212
|
+
options[:logger].info("You're using the latest version of ssh_scan #{SSHScan::VERSION}")
|
213
|
+
end
|
214
|
+
end
|
198
215
|
end
|
199
216
|
|
200
217
|
options[:policy_file] = SSHScan::Policy.from_file(options[:policy])
|
data/bin/ssh_scan_api
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
$:.unshift File.join(File.dirname(__FILE__), "../lib")
|
4
|
+
|
5
|
+
require 'optparse'
|
6
|
+
require 'ssh_scan'
|
7
|
+
|
8
|
+
options = {
|
9
|
+
:port => 8000,
|
10
|
+
}
|
11
|
+
|
12
|
+
opt_parser = OptionParser.new do |opts|
|
13
|
+
opts.banner = "ssh_scan_api v#{SSHScan::API_VERSION} (https://github.com/mozilla/ssh_scan)\n\n" +
|
14
|
+
"Usage: ssh_scan [options]"
|
15
|
+
|
16
|
+
opts.on("-p", "--port [PORT]", "Listen and serve API requests on this port (Default: 8000)") do |port|
|
17
|
+
options[:port] = port.to_i
|
18
|
+
end
|
19
|
+
|
20
|
+
opts.on("-v", "--version", "Show ssh_scan API version") do
|
21
|
+
puts SSHScan::API_VERSION
|
22
|
+
exit
|
23
|
+
end
|
24
|
+
|
25
|
+
opts.on_tail("-h", "--help", "Show help") do
|
26
|
+
puts opts
|
27
|
+
puts "\nExamples:\n"
|
28
|
+
puts " ssh_scan_api -p 4567"
|
29
|
+
puts ""
|
30
|
+
exit
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
opt_parser.parse!
|
35
|
+
|
36
|
+
SSHScan::API.run!(:port => options[:port])
|
data/lib/ssh_scan.rb
CHANGED
data/lib/ssh_scan/api.rb
ADDED
@@ -0,0 +1,124 @@
|
|
1
|
+
require 'sinatra/base'
|
2
|
+
require 'sinatra/namespace'
|
3
|
+
require 'ssh_scan/version'
|
4
|
+
require 'ssh_scan/policy'
|
5
|
+
require 'ssh_scan/scan_engine'
|
6
|
+
require 'json'
|
7
|
+
require 'haml'
|
8
|
+
require 'secure_headers'
|
9
|
+
|
10
|
+
module SSHScan
|
11
|
+
class API < Sinatra::Base
|
12
|
+
use SecureHeaders::Middleware
|
13
|
+
|
14
|
+
SecureHeaders::Configuration.default do |config|
|
15
|
+
config.cookies = {
|
16
|
+
secure: true, # mark all cookies as "Secure"
|
17
|
+
httponly: true, # mark all cookies as "HttpOnly"
|
18
|
+
}
|
19
|
+
config.hsts = "max-age=31536000; includeSubdomains; preload"
|
20
|
+
config.x_frame_options = "DENY"
|
21
|
+
config.x_content_type_options = "nosniff"
|
22
|
+
config.x_xss_protection = "1; mode=block"
|
23
|
+
config.x_download_options = "noopen"
|
24
|
+
config.x_permitted_cross_domain_policies = "none"
|
25
|
+
config.referrer_policy = "origin-when-cross-origin"
|
26
|
+
config.csp = {
|
27
|
+
default_src: %w('none'),
|
28
|
+
frame_ancestors: %w('none'),
|
29
|
+
upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
|
30
|
+
}
|
31
|
+
end
|
32
|
+
|
33
|
+
class NullLogger < Logger
|
34
|
+
def initialize(*args)
|
35
|
+
end
|
36
|
+
|
37
|
+
def add(*args, &block)
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
register Sinatra::Namespace
|
42
|
+
|
43
|
+
before do
|
44
|
+
headers "Server" => "ssh_scan_api"
|
45
|
+
end
|
46
|
+
|
47
|
+
# Custom 404 handling
|
48
|
+
not_found do
|
49
|
+
content_type "text/plain"
|
50
|
+
'Invalid request, see API documentation here: https://github.com/mozilla/ssh_scan/wiki/ssh_scan-Web-API'
|
51
|
+
end
|
52
|
+
|
53
|
+
get '/robots.txt' do
|
54
|
+
content_type "text/plain"
|
55
|
+
"User-agent: *\nDisallow: /\n"
|
56
|
+
end
|
57
|
+
|
58
|
+
get '/contribute.json' do
|
59
|
+
content_type :json
|
60
|
+
{
|
61
|
+
:name => "ssh_scan api",
|
62
|
+
:description => "An api for performing ssh compliance and policy scanning",
|
63
|
+
:repository => {
|
64
|
+
:url => "https://github.com/mozilla/ssh_scan",
|
65
|
+
:tests => "https://travis-ci.org/mozilla/ssh_scan",
|
66
|
+
},
|
67
|
+
:participate => {
|
68
|
+
:home => "https://github.com/mozilla/ssh_scan",
|
69
|
+
:docs => "https://github.com/mozilla/ssh_scan",
|
70
|
+
:irc => "irc://irc.mozilla.org/#infosec",
|
71
|
+
:irc_contacts => [
|
72
|
+
"claudijd",
|
73
|
+
"pwnbus",
|
74
|
+
"kang",
|
75
|
+
],
|
76
|
+
:glitter => "https://gitter.im/mozilla-ssh_scan/Lobby",
|
77
|
+
:glitter_contacts => [
|
78
|
+
"claudijd",
|
79
|
+
"pwnbus",
|
80
|
+
"kang",
|
81
|
+
"jinankjain",
|
82
|
+
"agaurav77"
|
83
|
+
],
|
84
|
+
},
|
85
|
+
:bugs => {
|
86
|
+
:list => "https://github.com/mozilla/ssh_scan/issues",
|
87
|
+
},
|
88
|
+
:keywords => [
|
89
|
+
"ruby",
|
90
|
+
"sinatra",
|
91
|
+
],
|
92
|
+
}.to_json
|
93
|
+
end
|
94
|
+
|
95
|
+
|
96
|
+
namespace "/api/v#{SSHScan::API_VERSION}" do
|
97
|
+
before do
|
98
|
+
content_type :json
|
99
|
+
end
|
100
|
+
|
101
|
+
post '/scan' do
|
102
|
+
options = {
|
103
|
+
:sockets => [],
|
104
|
+
:policy => File.expand_path("../../../policies/mozilla_modern.yml", __FILE__),
|
105
|
+
:timeout => 2,
|
106
|
+
:verbosity => nil,
|
107
|
+
:logger => NullLogger.new,
|
108
|
+
:fingerprint_database => "fingerprints.db",
|
109
|
+
}
|
110
|
+
options[:sockets] << "#{params[:target]}:#{params[:port] ? params[:port] : "22"}"
|
111
|
+
options[:policy_file] = SSHScan::Policy.from_file(options[:policy])
|
112
|
+
scan_engine = SSHScan::ScanEngine.new()
|
113
|
+
scan_engine.scan(options).to_json
|
114
|
+
end
|
115
|
+
|
116
|
+
get '/__version__' do
|
117
|
+
{
|
118
|
+
:ssh_scan_version => SSHScan::VERSION,
|
119
|
+
:api_version => SSHScan::API_VERSION,
|
120
|
+
}.to_json
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
data/lib/ssh_scan/banner.rb
CHANGED
@@ -25,14 +25,30 @@ module SSHScan
|
|
25
25
|
return SSHScan::SSHLib::OpenSSH.new(@string)
|
26
26
|
when /LibSSH/i
|
27
27
|
return SSHScan::SSHLib::LibSSH.new()
|
28
|
+
when /ipssh/i
|
29
|
+
return SSHScan::SSHLib::IpSsh.new(@string)
|
28
30
|
when /Cisco/i
|
29
31
|
return SSHScan::SSHLib::CiscoSSH.new()
|
30
|
-
when /ROS/
|
32
|
+
when /ROS/
|
31
33
|
return SSHScan::SSHLib::ROSSSH.new()
|
32
34
|
when /DOPRASSH/i
|
33
35
|
return SSHScan::SSHLib::DOPRASSH.new()
|
36
|
+
when /cryptlib/i
|
37
|
+
return SSHScan::SSHLib::Cryptlib.new()
|
38
|
+
when /NOS-SSH/i
|
39
|
+
return SSHScan::SSHLib::NosSSH.new(@string)
|
40
|
+
when /pgp/i
|
41
|
+
return SSHScan::SSHLib::PGP.new()
|
42
|
+
when /ServerTech_SSH|Mocana SSH/i
|
43
|
+
return SSHScan::SSHLib::SentrySSH.new()
|
44
|
+
when /mpssh/i
|
45
|
+
return SSHScan::SSHLib::Mpssh.new(@string)
|
34
46
|
when /dropbear/i
|
35
47
|
return SSHScan::SSHLib::Dropbear.new(@string)
|
48
|
+
when /RomSShell/i
|
49
|
+
return SSHScan::SSHLib::RomSShell.new(@string)
|
50
|
+
when /Flowssh/i
|
51
|
+
return SSHScan::SSHLib::FlowSsh.new(@string)
|
36
52
|
else
|
37
53
|
return SSHScan::SSHLib::Unknown.new()
|
38
54
|
end
|
@@ -52,10 +68,12 @@ module SSHScan
|
|
52
68
|
return SSHScan::OS::FreeBSD.new
|
53
69
|
when /Debian/i
|
54
70
|
return SSHScan::OS::Debian.new
|
55
|
-
when /Windows/i
|
71
|
+
when /Windows|Microsoft/i
|
56
72
|
return SSHScan::OS::Windows.new
|
57
73
|
when /Cisco/i
|
58
74
|
return SSHScan::OS::Cisco.new
|
75
|
+
when /Raspbian/i
|
76
|
+
return SSHScan::OS::Raspbian.new(@string)
|
59
77
|
when /ROS/i
|
60
78
|
return SSHScan::OS::ROS.new
|
61
79
|
when /DOPRA/i
|
data/lib/ssh_scan/os.rb
CHANGED
@@ -0,0 +1,39 @@
|
|
1
|
+
module SSHScan
|
2
|
+
module OS
|
3
|
+
class Raspbian
|
4
|
+
class Version
|
5
|
+
def initialize(version_string)
|
6
|
+
@version_string = version_string
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
@version_string
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def initialize(banner)
|
15
|
+
@banner = banner
|
16
|
+
@version = Raspbian::Version.new(raspbian_version_guess)
|
17
|
+
end
|
18
|
+
|
19
|
+
def raspbian_version_guess
|
20
|
+
return nil if @banner.nil?
|
21
|
+
match = @banner.match(/SSH-2.0-Raspbian-(\d+)/)
|
22
|
+
return nil if match.nil?
|
23
|
+
return match[1]
|
24
|
+
end
|
25
|
+
|
26
|
+
def common
|
27
|
+
"raspbian"
|
28
|
+
end
|
29
|
+
|
30
|
+
def cpe
|
31
|
+
"o:raspbian:raspbian"
|
32
|
+
end
|
33
|
+
|
34
|
+
def version
|
35
|
+
@version
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
data/lib/ssh_scan/os/ubuntu.rb
CHANGED
data/lib/ssh_scan/ssh_lib.rb
CHANGED
@@ -4,4 +4,12 @@ require 'ssh_scan/ssh_lib/ciscossh'
|
|
4
4
|
require 'ssh_scan/ssh_lib/rosssh'
|
5
5
|
require 'ssh_scan/ssh_lib/doprassh'
|
6
6
|
require 'ssh_scan/ssh_lib/dropbear'
|
7
|
+
require 'ssh_scan/ssh_lib/romsshell'
|
8
|
+
require 'ssh_scan/ssh_lib/flowssh'
|
9
|
+
require 'ssh_scan/ssh_lib/cryptlib'
|
10
|
+
require 'ssh_scan/ssh_lib/mpssh'
|
11
|
+
require 'ssh_scan/ssh_lib/sentryssh'
|
12
|
+
require 'ssh_scan/ssh_lib/ipssh'
|
13
|
+
require 'ssh_scan/ssh_lib/pgp'
|
14
|
+
require 'ssh_scan/ssh_lib/nosssh'
|
7
15
|
require 'ssh_scan/ssh_lib/unknown'
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module SSHScan
|
2
|
+
module SSHLib
|
3
|
+
class FlowSsh
|
4
|
+
class Version
|
5
|
+
def initialize(version_string)
|
6
|
+
@version_string = version_string
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
@version_string
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def initialize(banner = nil)
|
15
|
+
@banner = banner
|
16
|
+
end
|
17
|
+
|
18
|
+
def version()
|
19
|
+
return nil if @banner.nil?
|
20
|
+
match = @banner.match(/(\d+[\.\d+]+(p)?(\d+)?) FlowSsh/)
|
21
|
+
return nil if match.nil?
|
22
|
+
return FlowSsh::Version.new(match[1])
|
23
|
+
end
|
24
|
+
|
25
|
+
def common
|
26
|
+
"flowssh"
|
27
|
+
end
|
28
|
+
|
29
|
+
def cpe
|
30
|
+
"a:bitvise:flowssh" << (":" + version.to_s) unless version.nil?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module SSHScan
|
2
|
+
module SSHLib
|
3
|
+
class IpSsh
|
4
|
+
class Version
|
5
|
+
def initialize(version_string)
|
6
|
+
@version_string = version_string
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
@version_string
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def initialize(banner = nil)
|
15
|
+
@banner = banner
|
16
|
+
end
|
17
|
+
|
18
|
+
def version()
|
19
|
+
return nil if @banner.nil?
|
20
|
+
match = @banner.match(/IPSSH-(\d+[\.\d+]+(p)?(\d+)?)/)
|
21
|
+
return nil if match.nil?
|
22
|
+
return IpSsh::Version.new(match[1])
|
23
|
+
end
|
24
|
+
|
25
|
+
def common
|
26
|
+
"ipssh"
|
27
|
+
end
|
28
|
+
|
29
|
+
def cpe
|
30
|
+
"a:ipssh:ipssh" << (":" + version.to_s) unless version.nil?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module SSHScan
|
2
|
+
module SSHLib
|
3
|
+
class Mpssh
|
4
|
+
class Version
|
5
|
+
def initialize(version_string)
|
6
|
+
@version_string = version_string
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
@version_string
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def initialize(banner = nil)
|
15
|
+
@banner = banner
|
16
|
+
end
|
17
|
+
|
18
|
+
def version()
|
19
|
+
return nil if @banner.nil?
|
20
|
+
match = @banner.match(/mpSSH_(\d+[\.\d+]+(p)?(\d+)?)/i)
|
21
|
+
return nil if match.nil?
|
22
|
+
return Mpssh::Version.new(match[1])
|
23
|
+
end
|
24
|
+
|
25
|
+
def common
|
26
|
+
"mpssh"
|
27
|
+
end
|
28
|
+
|
29
|
+
def cpe
|
30
|
+
"a:mpssh:mpssh" << (":" + version.to_s) unless version.nil?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module SSHScan
|
2
|
+
module SSHLib
|
3
|
+
class NosSSH
|
4
|
+
class Version
|
5
|
+
def initialize(version_string)
|
6
|
+
@version_string = version_string
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
@version_string
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def initialize(banner = nil)
|
15
|
+
@banner = banner
|
16
|
+
end
|
17
|
+
|
18
|
+
def version()
|
19
|
+
return nil if @banner.nil?
|
20
|
+
match = @banner.match(/NOS-SSH_(\d+[\.\d+]+)/)
|
21
|
+
return nil if match.nil?
|
22
|
+
return NosSSH::Version.new(match[1])
|
23
|
+
end
|
24
|
+
|
25
|
+
def common
|
26
|
+
"nosssh"
|
27
|
+
end
|
28
|
+
|
29
|
+
def cpe
|
30
|
+
"a:nosssh:nosssh" << (":" + version.to_s) unless version.nil?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module SSHScan
|
2
|
+
module SSHLib
|
3
|
+
class RomSShell
|
4
|
+
class Version
|
5
|
+
def initialize(version_string)
|
6
|
+
@version_string = version_string
|
7
|
+
end
|
8
|
+
|
9
|
+
def to_s
|
10
|
+
@version_string
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def initialize(banner = nil)
|
15
|
+
@banner = banner
|
16
|
+
end
|
17
|
+
|
18
|
+
def version()
|
19
|
+
return nil if @banner.nil?
|
20
|
+
match = @banner.match(/RomSShell_(\d+[\.\d+]+(p)?(\d+)?)/)
|
21
|
+
return nil if match.nil?
|
22
|
+
return RomSShell::Version.new(match[1])
|
23
|
+
end
|
24
|
+
|
25
|
+
def common
|
26
|
+
"romsshell"
|
27
|
+
end
|
28
|
+
|
29
|
+
def cpe
|
30
|
+
"a:allegrosoft:romsshell" << (":" + version.to_s) unless version.nil?
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
data/lib/ssh_scan/update.rb
CHANGED
@@ -5,6 +5,10 @@ require 'net/http'
|
|
5
5
|
|
6
6
|
module SSHScan
|
7
7
|
class Update
|
8
|
+
def initialize
|
9
|
+
@errors = []
|
10
|
+
end
|
11
|
+
|
8
12
|
def next_patch_version(version = SSHScan::VERSION)
|
9
13
|
major, minor, patch = version.split(".")
|
10
14
|
patch_num = patch.to_i
|
@@ -34,7 +38,8 @@ module SSHScan
|
|
34
38
|
|
35
39
|
begin
|
36
40
|
res = Net::HTTP.get_response(uri)
|
37
|
-
rescue
|
41
|
+
rescue Exception => e
|
42
|
+
@errors << e.message
|
38
43
|
return false
|
39
44
|
end
|
40
45
|
|
@@ -45,6 +50,10 @@ module SSHScan
|
|
45
50
|
end
|
46
51
|
end
|
47
52
|
|
53
|
+
def errors
|
54
|
+
@errors.uniq
|
55
|
+
end
|
56
|
+
|
48
57
|
def newer_gem_available?(version = SSHScan::VERSION)
|
49
58
|
if gem_exists?(next_patch_version(version))
|
50
59
|
return true
|
data/lib/ssh_scan/version.rb
CHANGED
data/ssh_scan.gemspec
CHANGED
@@ -30,6 +30,11 @@ Gem::Specification.new do |s|
|
|
30
30
|
s.add_dependency('netaddr')
|
31
31
|
s.add_dependency('net-ssh')
|
32
32
|
s.add_dependency('sqlite3')
|
33
|
+
s.add_dependency('sinatra')
|
34
|
+
s.add_dependency('sinatra-contrib')
|
35
|
+
s.add_dependency('haml')
|
36
|
+
s.add_dependency('secure_headers')
|
37
|
+
s.add_development_dependency('rack-test')
|
33
38
|
s.add_development_dependency('pry')
|
34
39
|
s.add_development_dependency('rspec', '~> 3.0')
|
35
40
|
s.add_development_dependency('rspec-its', '~> 1.2')
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ssh_scan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.16
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathan Claudius
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-
|
12
|
+
date: 2016-10-19 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bindata
|
@@ -67,6 +67,76 @@ dependencies:
|
|
67
67
|
- - ">="
|
68
68
|
- !ruby/object:Gem::Version
|
69
69
|
version: '0'
|
70
|
+
- !ruby/object:Gem::Dependency
|
71
|
+
name: sinatra
|
72
|
+
requirement: !ruby/object:Gem::Requirement
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
version: '0'
|
77
|
+
type: :runtime
|
78
|
+
prerelease: false
|
79
|
+
version_requirements: !ruby/object:Gem::Requirement
|
80
|
+
requirements:
|
81
|
+
- - ">="
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '0'
|
84
|
+
- !ruby/object:Gem::Dependency
|
85
|
+
name: sinatra-contrib
|
86
|
+
requirement: !ruby/object:Gem::Requirement
|
87
|
+
requirements:
|
88
|
+
- - ">="
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
version: '0'
|
91
|
+
type: :runtime
|
92
|
+
prerelease: false
|
93
|
+
version_requirements: !ruby/object:Gem::Requirement
|
94
|
+
requirements:
|
95
|
+
- - ">="
|
96
|
+
- !ruby/object:Gem::Version
|
97
|
+
version: '0'
|
98
|
+
- !ruby/object:Gem::Dependency
|
99
|
+
name: haml
|
100
|
+
requirement: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
102
|
+
- - ">="
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '0'
|
105
|
+
type: :runtime
|
106
|
+
prerelease: false
|
107
|
+
version_requirements: !ruby/object:Gem::Requirement
|
108
|
+
requirements:
|
109
|
+
- - ">="
|
110
|
+
- !ruby/object:Gem::Version
|
111
|
+
version: '0'
|
112
|
+
- !ruby/object:Gem::Dependency
|
113
|
+
name: secure_headers
|
114
|
+
requirement: !ruby/object:Gem::Requirement
|
115
|
+
requirements:
|
116
|
+
- - ">="
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
type: :runtime
|
120
|
+
prerelease: false
|
121
|
+
version_requirements: !ruby/object:Gem::Requirement
|
122
|
+
requirements:
|
123
|
+
- - ">="
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: '0'
|
126
|
+
- !ruby/object:Gem::Dependency
|
127
|
+
name: rack-test
|
128
|
+
requirement: !ruby/object:Gem::Requirement
|
129
|
+
requirements:
|
130
|
+
- - ">="
|
131
|
+
- !ruby/object:Gem::Version
|
132
|
+
version: '0'
|
133
|
+
type: :development
|
134
|
+
prerelease: false
|
135
|
+
version_requirements: !ruby/object:Gem::Requirement
|
136
|
+
requirements:
|
137
|
+
- - ">="
|
138
|
+
- !ruby/object:Gem::Version
|
139
|
+
version: '0'
|
70
140
|
- !ruby/object:Gem::Dependency
|
71
141
|
name: pry
|
72
142
|
requirement: !ruby/object:Gem::Requirement
|
@@ -127,6 +197,7 @@ description: A Ruby-based SSH scanner for configuration and policy scanning
|
|
127
197
|
email: claudijd@yahoo.com
|
128
198
|
executables:
|
129
199
|
- ssh_scan
|
200
|
+
- ssh_scan_api
|
130
201
|
extensions: []
|
131
202
|
extra_rdoc_files: []
|
132
203
|
files:
|
@@ -138,7 +209,9 @@ files:
|
|
138
209
|
- README.md
|
139
210
|
- Rakefile
|
140
211
|
- bin/ssh_scan
|
212
|
+
- bin/ssh_scan_api
|
141
213
|
- lib/ssh_scan.rb
|
214
|
+
- lib/ssh_scan/api.rb
|
142
215
|
- lib/ssh_scan/banner.rb
|
143
216
|
- lib/ssh_scan/client.rb
|
144
217
|
- lib/ssh_scan/constants.rb
|
@@ -157,6 +230,7 @@ files:
|
|
157
230
|
- lib/ssh_scan/os/debian.rb
|
158
231
|
- lib/ssh_scan/os/dopra.rb
|
159
232
|
- lib/ssh_scan/os/freebsd.rb
|
233
|
+
- lib/ssh_scan/os/raspbian.rb
|
160
234
|
- lib/ssh_scan/os/redhat.rb
|
161
235
|
- lib/ssh_scan/os/ros.rb
|
162
236
|
- lib/ssh_scan/os/ubuntu.rb
|
@@ -168,11 +242,19 @@ files:
|
|
168
242
|
- lib/ssh_scan/scan_engine.rb
|
169
243
|
- lib/ssh_scan/ssh_lib.rb
|
170
244
|
- lib/ssh_scan/ssh_lib/ciscossh.rb
|
245
|
+
- lib/ssh_scan/ssh_lib/cryptlib.rb
|
171
246
|
- lib/ssh_scan/ssh_lib/doprassh.rb
|
172
247
|
- lib/ssh_scan/ssh_lib/dropbear.rb
|
248
|
+
- lib/ssh_scan/ssh_lib/flowssh.rb
|
249
|
+
- lib/ssh_scan/ssh_lib/ipssh.rb
|
173
250
|
- lib/ssh_scan/ssh_lib/libssh.rb
|
251
|
+
- lib/ssh_scan/ssh_lib/mpssh.rb
|
252
|
+
- lib/ssh_scan/ssh_lib/nosssh.rb
|
174
253
|
- lib/ssh_scan/ssh_lib/openssh.rb
|
254
|
+
- lib/ssh_scan/ssh_lib/pgp.rb
|
255
|
+
- lib/ssh_scan/ssh_lib/romsshell.rb
|
175
256
|
- lib/ssh_scan/ssh_lib/rosssh.rb
|
257
|
+
- lib/ssh_scan/ssh_lib/sentryssh.rb
|
176
258
|
- lib/ssh_scan/ssh_lib/unknown.rb
|
177
259
|
- lib/ssh_scan/target_parser.rb
|
178
260
|
- lib/ssh_scan/update.rb
|
@@ -201,7 +283,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
201
283
|
version: '0'
|
202
284
|
requirements: []
|
203
285
|
rubyforge_project:
|
204
|
-
rubygems_version: 2.
|
286
|
+
rubygems_version: 2.5.1
|
205
287
|
signing_key:
|
206
288
|
specification_version: 4
|
207
289
|
summary: Ruby-based SSH Scanner
|