ssh_scan 0.0.16 → 0.0.17.pre

data/lib/ssh_scan/ssh_lib/dropbear.rb

@@ -1,6 +1,8 @@
 module SSHScan
   module SSHLib
     class Dropbear
+      attr_reader :version
+
       class Version
         def initialize(version_string)
           if version_string == nil
@@ -33,10 +35,6 @@ module SSHScan
       def cpe
         "a:dropbear:dropbear" << (":" + version.to_s) unless version.nil?
       end
-
-      def version
-        @version
-      end
     end
   end
 end

data/lib/ssh_scan/target_parser.rb

@@ -19,7 +19,7 @@ module SSHScan
           upper = NetAddr::CIDR.create(octets.join('.') + "." + range[1])
           ip_array = NetAddr.range(lower, upper,:Inclusive => true)
           if !port.nil?
-            ip_array.map! { |ip| ip.concat(":").concat(port.to_s) }
+            ip_array.map! { |i| i.concat(":").concat(port.to_s) }
           end
           return ip_array
         elsif ip.include? "/"
@@ -28,7 +28,7 @@ module SSHScan
           ip_array.delete(cidr.network)
           ip_array.delete(cidr.last)
           if !port.nil?
-            ip_array.map! { |ip| ip.concat(":").concat(port.to_s) }
+            ip_array.map! { |i| i.concat(":").concat(port.to_s) }
           end
           return ip_array
         else
@@ -42,4 +42,4 @@ module SSHScan
       end
     end
   end
-end
+end

data/lib/ssh_scan/update.rb

@@ -18,7 +18,7 @@ module SSHScan
     end
 
     def next_minor_version(version = SSHScan::VERSION)
-      major, minor, patch = version.split(".")
+      major, minor = version.split(".")[0, 2]
       minor_num = minor.to_i
       minor_num += 1
 
@@ -26,7 +26,7 @@ module SSHScan
     end
 
     def next_major_version(version = SSHScan::VERSION)
-      major, minor, patch = version.split(".")
+      major = version.split(".")[0]
       major_num = major.to_i
       major_num += 1
 
@@ -38,7 +38,7 @@ module SSHScan
 
       begin
         res = Net::HTTP.get_response(uri)
-      rescue Exception => e
+      rescue SocketError => e
         @errors << e.message
         return false
       end

data/lib/ssh_scan/version.rb

@@ -1,4 +1,3 @@
 module SSHScan
-  VERSION = '0.0.16'
-  API_VERSION = '0.0.1'
+  VERSION = '0.0.17.pre'
 end

data/lib/ssh_scan/worker.rb

@@ -0,0 +1,119 @@
+require 'ssh_scan/scan_engine'
+require 'openssl'
+require 'net/https'
+
+module SSHScan
+  class Worker
+    def initialize(opts = {})
+      @server = opts["server"] || "127.0.0.1"
+      @scheme = opts["scheme"] || "http"
+      @verify = opts["verify"] || "false"
+      @port = opts["port"] || 8000
+      @logger = setup_logger(opts["logger"])
+      @poll_interval = 5 # seconds
+      @worker_id = SecureRandom.uuid
+      @verify_ssl = false
+      @auth_token = opts["auth_token"] || nil
+    end
+
+    def setup_logger(logger)
+      case logger
+      when Logger
+        return logger
+      when String
+        return Logger.new(logger)
+      end
+
+      return Logger.new(STDOUT)
+    end
+
+    def self.from_config_file(file_string)
+      opts = YAML.load_file(file_string)
+      SSHScan::Worker.new(opts)
+    end
+
+    def run!
+      loop do
+        begin
+          response = retrieve_work
+          if response["work"]
+            job = response["work"]
+            results = perform_work(job)
+            post_results(results, job)
+          else
+            @logger.info("No jobs available (waiting 5 seconds)")
+            sleep 5
+            next
+          end
+        rescue Errno::ECONNREFUSED
+          @logger.error("Cannot reach API endpoint, waiting 5 seconds")
+          sleep 5
+        rescue RuntimeError => e
+          @logger.error(e.inspect)
+        end
+      end
+    end
+
+    def retrieve_work
+      (Net::HTTP::SSL_IVNAMES << :@ssl_options).uniq!
+      (Net::HTTP::SSL_ATTRIBUTES << :options).uniq!
+
+      Net::HTTP.class_eval do
+        attr_accessor :ssl_options
+      end
+
+      uri = URI(
+        "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
+work?worker_id=#{@worker_id}"
+      )
+      http = Net::HTTP.new(uri.host, uri.port)
+
+      if @scheme == "https"
+        http.use_ssl = true
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
+        options_mask =
+          OpenSSL::SSL::OP_NO_SSLv2 +
+          OpenSSL::SSL::OP_NO_SSLv3 +
+          OpenSSL::SSL::OP_NO_COMPRESSION
+        http.ssl_options = options_mask
+      end
+
+      request = Net::HTTP::Get.new(uri.path)
+      request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
+      response = http.request(request)
+      JSON.parse(response.body)
+    end
+
+    def perform_work(job)
+      @logger.info("Started job: #{job["uuid"]}")
+      scan_engine = SSHScan::ScanEngine.new
+      results = scan_engine.scan(job)
+      @logger.info("Completed job: #{job["uuid"]}")
+      return results
+    end
+
+    def post_results(results, job)
+      uri = URI(
+        "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
+work/results/#{@worker_id}/#{job["uuid"]}"
+      )
+      http = Net::HTTP.new(uri.host, uri.port)
+
+      if @scheme == "https"
+        http.use_ssl = true
+        http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
+        options_mask =
+          OpenSSL::SSL::OP_NO_SSLv2 +
+          OpenSSL::SSL::OP_NO_SSLv3 +
+          OpenSSL::SSL::OP_NO_COMPRESSION
+        http.ssl_options = options_mask
+      end
+
+      request = Net::HTTP::Post.new(uri.path)
+      request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
+      request.body = results.to_json
+      http.request(request)
+      @logger.info("Posted job: #{job["uuid"]}")
+    end
+  end
+end

data/lib/string_ext.rb

@@ -16,7 +16,8 @@ class String
     begin
       IPAddr.new(self)
 
-    # Using ArgumentError instead of IPAddr::InvalidAddressError for 1.9.3 backward compatability
+    # Using ArgumentError instead of IPAddr::InvalidAddressError
+    # for 1.9.3 backward compatability
     rescue ArgumentError
       return false
     end

data/ssh_scan.gemspec

@@ -1,12 +1,13 @@
 $: << "lib"
 require 'ssh_scan/version'
+require 'date'
 
 Gem::Specification.new do |s|
   s.name = 'ssh_scan'
   s.version = SSHScan::VERSION
-  s.authors = ["Jonathan Claudius", "Jinank Jain"]
+  s.authors = ["Jonathan Claudius", "Jinank Jain", "Harsh Vardhan", "Rishabh Saxena", "Ashish Gaurav"]
   s.date = Date.today.to_s
-  s.email = 'claudijd@yahoo.com'
+  s.email = 'jclaudius@mozilla.com'
   s.platform = Gem::Platform::RUBY
   s.files = Dir.glob("lib/**/*") +
             Dir.glob("bin/**/*") +
@@ -29,14 +30,9 @@ Gem::Specification.new do |s|
   s.add_dependency('bindata', '~> 2.0')
   s.add_dependency('netaddr')
   s.add_dependency('net-ssh')
-  s.add_dependency('sqlite3')
-  s.add_dependency('sinatra')
-  s.add_dependency('sinatra-contrib')
-  s.add_dependency('haml')
-  s.add_dependency('secure_headers')
-  s.add_development_dependency('rack-test')
   s.add_development_dependency('pry')
   s.add_development_dependency('rspec', '~> 3.0')
   s.add_development_dependency('rspec-its', '~> 1.2')
   s.add_development_dependency('rake', '~> 10.3')
+  s.add_development_dependency('rubocop')
 end

metadata

@@ -1,15 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: ssh_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.16
+  version: 0.0.17.pre
 platform: ruby
 authors:
 - Jonathan Claudius
 - Jinank Jain
+- Harsh Vardhan
+- Rishabh Saxena
+- Ashish Gaurav
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-10-19 00:00:00.000000000 Z
+date: 2017-03-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -53,90 +56,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sinatra
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: sinatra-contrib
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: haml
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: secure_headers
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rack-test
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -193,11 +112,26 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '10.3'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A Ruby-based SSH scanner for configuration and policy scanning
-email: claudijd@yahoo.com
+email: jclaudius@mozilla.com
 executables:
 - ssh_scan
-- ssh_scan_api
+- ssh_scan_worker
+- ssh_scan_worker_example_config.yml
 extensions: []
 extra_rdoc_files: []
 files:
@@ -209,9 +143,9 @@ files:
 - README.md
 - Rakefile
 - bin/ssh_scan
-- bin/ssh_scan_api
+- bin/ssh_scan_worker
+- bin/ssh_scan_worker_example_config.yml
 - lib/ssh_scan.rb
-- lib/ssh_scan/api.rb
 - lib/ssh_scan/banner.rb
 - lib/ssh_scan/client.rb
 - lib/ssh_scan/constants.rb
@@ -223,7 +157,6 @@ files:
 - lib/ssh_scan/error/disconnected.rb
 - lib/ssh_scan/error/no_banner.rb
 - lib/ssh_scan/error/no_kex_response.rb
-- lib/ssh_scan/fingerprint_database.rb
 - lib/ssh_scan/os.rb
 - lib/ssh_scan/os/centos.rb
 - lib/ssh_scan/os/cisco.rb
@@ -259,9 +192,8 @@ files:
 - lib/ssh_scan/target_parser.rb
 - lib/ssh_scan/update.rb
 - lib/ssh_scan/version.rb
+- lib/ssh_scan/worker.rb
 - lib/string_ext.rb
-- policies/mozilla_intermediate.yml
-- policies/mozilla_modern.yml
 - ssh_scan.gemspec
 homepage: http://rubygems.org/gems/ssh_scan
 licenses:
@@ -278,12 +210,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.1
+rubygems_version: 2.6.2
 signing_key: 
 specification_version: 4
 summary: Ruby-based SSH Scanner

data/bin/ssh_scan_api

@@ -1,36 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift File.join(File.dirname(__FILE__), "../lib")
-
-require 'optparse'
-require 'ssh_scan'
-
-options = {
-  :port => 8000,
-}
-
-opt_parser = OptionParser.new do |opts|
-  opts.banner = "ssh_scan_api v#{SSHScan::API_VERSION} (https://github.com/mozilla/ssh_scan)\n\n" +
-                "Usage: ssh_scan [options]"
-
-  opts.on("-p", "--port [PORT]", "Listen and serve API requests on this port (Default: 8000)") do |port|
-    options[:port] = port.to_i
-  end
-
-  opts.on("-v", "--version", "Show ssh_scan API version") do
-    puts SSHScan::API_VERSION
-    exit
-  end
-
-  opts.on_tail("-h", "--help", "Show help") do
-    puts opts
-    puts "\nExamples:\n"
-    puts "  ssh_scan_api -p 4567"
-    puts ""
-    exit
-  end
-end
-
-opt_parser.parse!
-
-SSHScan::API.run!(:port => options[:port])