ssh_scan 0.0.16 → 0.0.17.pre

data/lib/ssh_scan/api.rb

@@ -1,124 +0,0 @@
-require 'sinatra/base'
-require 'sinatra/namespace'
-require 'ssh_scan/version'
-require 'ssh_scan/policy'
-require 'ssh_scan/scan_engine'
-require 'json'
-require 'haml'
-require 'secure_headers'
-
-module SSHScan
-  class API < Sinatra::Base
-    use SecureHeaders::Middleware
-
-    SecureHeaders::Configuration.default do |config|
-      config.cookies = {
-        secure: true, # mark all cookies as "Secure"
-        httponly: true, # mark all cookies as "HttpOnly"
-      }
-      config.hsts = "max-age=31536000; includeSubdomains; preload"
-      config.x_frame_options = "DENY"
-      config.x_content_type_options = "nosniff"
-      config.x_xss_protection = "1; mode=block"
-      config.x_download_options = "noopen"
-      config.x_permitted_cross_domain_policies = "none"
-      config.referrer_policy = "origin-when-cross-origin"
-      config.csp = {
-        default_src: %w('none'),
-        frame_ancestors: %w('none'),
-        upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
-      }
-    end
-
-    class NullLogger < Logger
-      def initialize(*args)
-      end
-
-      def add(*args, &block)
-      end
-    end
-
-    register Sinatra::Namespace
-
-    before do
-      headers "Server" => "ssh_scan_api"
-    end
-
-    # Custom 404 handling
-    not_found do
-      content_type "text/plain"
-      'Invalid request, see API documentation here: https://github.com/mozilla/ssh_scan/wiki/ssh_scan-Web-API'
-    end
-
-    get '/robots.txt' do
-      content_type "text/plain"
-      "User-agent: *\nDisallow: /\n"
-    end
-
-    get '/contribute.json' do
-      content_type :json
-      {
-        :name => "ssh_scan api",
-        :description => "An api for performing ssh compliance and policy scanning",
-        :repository => {
-          :url => "https://github.com/mozilla/ssh_scan",
-          :tests => "https://travis-ci.org/mozilla/ssh_scan",
-        },
-        :participate => {
-          :home => "https://github.com/mozilla/ssh_scan",
-          :docs => "https://github.com/mozilla/ssh_scan",
-          :irc => "irc://irc.mozilla.org/#infosec",
-          :irc_contacts => [
-            "claudijd",
-            "pwnbus",
-            "kang",
-          ],
-          :glitter => "https://gitter.im/mozilla-ssh_scan/Lobby",
-          :glitter_contacts => [
-            "claudijd",
-            "pwnbus",
-            "kang",
-            "jinankjain",
-            "agaurav77"
-          ],
-        },
-        :bugs => {
-          :list => "https://github.com/mozilla/ssh_scan/issues",
-        },
-        :keywords => [
-          "ruby",
-          "sinatra",
-        ],
-      }.to_json
-    end
-
-
-    namespace "/api/v#{SSHScan::API_VERSION}" do
-      before do
-        content_type :json
-      end
-
-      post '/scan' do
-        options = {
-          :sockets => [],
-          :policy => File.expand_path("../../../policies/mozilla_modern.yml", __FILE__),
-          :timeout => 2,
-          :verbosity => nil,
-          :logger => NullLogger.new,
-          :fingerprint_database => "fingerprints.db",
-        }
-        options[:sockets] << "#{params[:target]}:#{params[:port] ? params[:port] : "22"}"
-        options[:policy_file] = SSHScan::Policy.from_file(options[:policy])
-        scan_engine = SSHScan::ScanEngine.new()
-        scan_engine.scan(options).to_json
-      end
-
-      get '/__version__' do
-        {
-          :ssh_scan_version => SSHScan::VERSION,
-          :api_version => SSHScan::API_VERSION,
-        }.to_json
-      end
-    end
-  end
-end

data/lib/ssh_scan/fingerprint_database.rb

@@ -1,39 +0,0 @@
-require 'sqlite3'
-
-module SSHScan
-  class FingerprintDatabase
-    def initialize(database_name)
-      if File.exists?(database_name)
-        @db = ::SQLite3::Database.open(database_name)
-      else
-        @db = ::SQLite3::Database.new(database_name)
-        self.create_schema
-      end
-    end
-
-    def create_schema
-      @db.execute <<-SQL
-        create table fingerprints (
-          fingerprint varchar(100),
-          ip varchar(100)
-        );
-      SQL
-    end
-
-    def clear_fingerprints(ip)
-      @db.execute "delete from fingerprints where ip like ( ? )", [ip]
-    end
-
-    def add_fingerprint(fingerprint, ip)
-      @db.execute "insert into fingerprints values ( ?, ? )", [fingerprint, ip]
-    end
-
-    def find_fingerprints(fingerprint)
-      ips = []
-      @db.execute( "select * from fingerprints where fingerprint like ( ? )", [fingerprint] ) do |row|
-        ips << row[1]
-      end
-      return ips
-    end
-  end
-end

data/policies/mozilla_intermediate.yml

@@ -1,19 +0,0 @@
----
-name: Mozilla Intermediate
-ssh_version: 2.0
-auth_methods:
-- publickey
-kex:
-- diffie-hellman-group-exchange-sha256
-encryption:
-- aes256-ctr
-- aes192-ctr
-- aes128-ctr
-macs:
-- hmac-sha2-512
-- hmac-sha2-256
-compression:
-- none
-- zlib@openssh.com
-references:
-- https://wiki.mozilla.org/Security/Guidelines/OpenSSH

data/policies/mozilla_modern.yml

@@ -1,30 +0,0 @@
----
-name: Mozilla Modern
-ssh_version: 2.0
-auth_methods:
-- publickey
-kex:
-- curve25519-sha256@libssh.org
-- ecdh-sha2-nistp521
-- ecdh-sha2-nistp384
-- ecdh-sha2-nistp256
-- diffie-hellman-group-exchange-sha256
-encryption:
-- chacha20-poly1305@openssh.com
-- aes256-gcm@openssh.com
-- aes128-gcm@openssh.com
-- aes256-ctr
-- aes192-ctr
-- aes128-ctr
-macs:
-- hmac-sha2-512-etm@openssh.com
-- hmac-sha2-256-etm@openssh.com
-- umac-128-etm@openssh.com
-- hmac-sha2-512
-- hmac-sha2-256
-- umac-128@openssh.com
-compression:
-- none
-- zlib@openssh.com
-references:
-- https://wiki.mozilla.org/Security/Guidelines/OpenSSH