ssh_scan 0.0.16 → 0.0.17.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,124 +0,0 @@
1
- require 'sinatra/base'
2
- require 'sinatra/namespace'
3
- require 'ssh_scan/version'
4
- require 'ssh_scan/policy'
5
- require 'ssh_scan/scan_engine'
6
- require 'json'
7
- require 'haml'
8
- require 'secure_headers'
9
-
10
- module SSHScan
11
- class API < Sinatra::Base
12
- use SecureHeaders::Middleware
13
-
14
- SecureHeaders::Configuration.default do |config|
15
- config.cookies = {
16
- secure: true, # mark all cookies as "Secure"
17
- httponly: true, # mark all cookies as "HttpOnly"
18
- }
19
- config.hsts = "max-age=31536000; includeSubdomains; preload"
20
- config.x_frame_options = "DENY"
21
- config.x_content_type_options = "nosniff"
22
- config.x_xss_protection = "1; mode=block"
23
- config.x_download_options = "noopen"
24
- config.x_permitted_cross_domain_policies = "none"
25
- config.referrer_policy = "origin-when-cross-origin"
26
- config.csp = {
27
- default_src: %w('none'),
28
- frame_ancestors: %w('none'),
29
- upgrade_insecure_requests: true, # see https://www.w3.org/TR/upgrade-insecure-requests/
30
- }
31
- end
32
-
33
- class NullLogger < Logger
34
- def initialize(*args)
35
- end
36
-
37
- def add(*args, &block)
38
- end
39
- end
40
-
41
- register Sinatra::Namespace
42
-
43
- before do
44
- headers "Server" => "ssh_scan_api"
45
- end
46
-
47
- # Custom 404 handling
48
- not_found do
49
- content_type "text/plain"
50
- 'Invalid request, see API documentation here: https://github.com/mozilla/ssh_scan/wiki/ssh_scan-Web-API'
51
- end
52
-
53
- get '/robots.txt' do
54
- content_type "text/plain"
55
- "User-agent: *\nDisallow: /\n"
56
- end
57
-
58
- get '/contribute.json' do
59
- content_type :json
60
- {
61
- :name => "ssh_scan api",
62
- :description => "An api for performing ssh compliance and policy scanning",
63
- :repository => {
64
- :url => "https://github.com/mozilla/ssh_scan",
65
- :tests => "https://travis-ci.org/mozilla/ssh_scan",
66
- },
67
- :participate => {
68
- :home => "https://github.com/mozilla/ssh_scan",
69
- :docs => "https://github.com/mozilla/ssh_scan",
70
- :irc => "irc://irc.mozilla.org/#infosec",
71
- :irc_contacts => [
72
- "claudijd",
73
- "pwnbus",
74
- "kang",
75
- ],
76
- :glitter => "https://gitter.im/mozilla-ssh_scan/Lobby",
77
- :glitter_contacts => [
78
- "claudijd",
79
- "pwnbus",
80
- "kang",
81
- "jinankjain",
82
- "agaurav77"
83
- ],
84
- },
85
- :bugs => {
86
- :list => "https://github.com/mozilla/ssh_scan/issues",
87
- },
88
- :keywords => [
89
- "ruby",
90
- "sinatra",
91
- ],
92
- }.to_json
93
- end
94
-
95
-
96
- namespace "/api/v#{SSHScan::API_VERSION}" do
97
- before do
98
- content_type :json
99
- end
100
-
101
- post '/scan' do
102
- options = {
103
- :sockets => [],
104
- :policy => File.expand_path("../../../policies/mozilla_modern.yml", __FILE__),
105
- :timeout => 2,
106
- :verbosity => nil,
107
- :logger => NullLogger.new,
108
- :fingerprint_database => "fingerprints.db",
109
- }
110
- options[:sockets] << "#{params[:target]}:#{params[:port] ? params[:port] : "22"}"
111
- options[:policy_file] = SSHScan::Policy.from_file(options[:policy])
112
- scan_engine = SSHScan::ScanEngine.new()
113
- scan_engine.scan(options).to_json
114
- end
115
-
116
- get '/__version__' do
117
- {
118
- :ssh_scan_version => SSHScan::VERSION,
119
- :api_version => SSHScan::API_VERSION,
120
- }.to_json
121
- end
122
- end
123
- end
124
- end
@@ -1,39 +0,0 @@
1
- require 'sqlite3'
2
-
3
- module SSHScan
4
- class FingerprintDatabase
5
- def initialize(database_name)
6
- if File.exists?(database_name)
7
- @db = ::SQLite3::Database.open(database_name)
8
- else
9
- @db = ::SQLite3::Database.new(database_name)
10
- self.create_schema
11
- end
12
- end
13
-
14
- def create_schema
15
- @db.execute <<-SQL
16
- create table fingerprints (
17
- fingerprint varchar(100),
18
- ip varchar(100)
19
- );
20
- SQL
21
- end
22
-
23
- def clear_fingerprints(ip)
24
- @db.execute "delete from fingerprints where ip like ( ? )", [ip]
25
- end
26
-
27
- def add_fingerprint(fingerprint, ip)
28
- @db.execute "insert into fingerprints values ( ?, ? )", [fingerprint, ip]
29
- end
30
-
31
- def find_fingerprints(fingerprint)
32
- ips = []
33
- @db.execute( "select * from fingerprints where fingerprint like ( ? )", [fingerprint] ) do |row|
34
- ips << row[1]
35
- end
36
- return ips
37
- end
38
- end
39
- end
@@ -1,19 +0,0 @@
1
- ---
2
- name: Mozilla Intermediate
3
- ssh_version: 2.0
4
- auth_methods:
5
- - publickey
6
- kex:
7
- - diffie-hellman-group-exchange-sha256
8
- encryption:
9
- - aes256-ctr
10
- - aes192-ctr
11
- - aes128-ctr
12
- macs:
13
- - hmac-sha2-512
14
- - hmac-sha2-256
15
- compression:
16
- - none
17
- - zlib@openssh.com
18
- references:
19
- - https://wiki.mozilla.org/Security/Guidelines/OpenSSH
@@ -1,30 +0,0 @@
1
- ---
2
- name: Mozilla Modern
3
- ssh_version: 2.0
4
- auth_methods:
5
- - publickey
6
- kex:
7
- - curve25519-sha256@libssh.org
8
- - ecdh-sha2-nistp521
9
- - ecdh-sha2-nistp384
10
- - ecdh-sha2-nistp256
11
- - diffie-hellman-group-exchange-sha256
12
- encryption:
13
- - chacha20-poly1305@openssh.com
14
- - aes256-gcm@openssh.com
15
- - aes128-gcm@openssh.com
16
- - aes256-ctr
17
- - aes192-ctr
18
- - aes128-ctr
19
- macs:
20
- - hmac-sha2-512-etm@openssh.com
21
- - hmac-sha2-256-etm@openssh.com
22
- - umac-128-etm@openssh.com
23
- - hmac-sha2-512
24
- - hmac-sha2-256
25
- - umac-128@openssh.com
26
- compression:
27
- - none
28
- - zlib@openssh.com
29
- references:
30
- - https://wiki.mozilla.org/Security/Guidelines/OpenSSH