ssh_scan 0.0.19 → 0.0.20

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +3 -6
  3. data/bin/ssh_scan +19 -19
  4. data/lib/ssh_scan/version.rb +1 -1
  5. metadata +2 -8
  6. data/bin/ssh_scan_worker +0 -14
  7. data/config/worker/config.yml +0 -22
  8. data/lib/ssh_scan/worker.rb +0 -119
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d1f38d061727ec16f24abe9fa799d74d928764ca
4
- data.tar.gz: 1c6e40fa5041aaa45dbaa3fc7a1586ffb19a63f1
3
+ metadata.gz: 7ed1c774b96d1bb34de978e7c39e82d2206e340f
4
+ data.tar.gz: 873692c2cd13f0aac4e1bc7842deb2cc6858af7e
5
5
  SHA512:
6
- metadata.gz: 6504a3a993c90eafdad3be8bd6d63cc11d1dae76260e38e9608939d2525ea6602d7ef24eda0ee43f762bfcf48a08a2b2bdead68f083d946a71f6f234283d93fc
7
- data.tar.gz: b21c3e244f176cee08ea1d817e842dbb7cb5effeda59136777b81f0364478d30e2b8e8b209e9b68cd66a334ac1043b062808cd183e3c765997d7819692dd9efc
6
+ metadata.gz: 25227d81b0b50a3576b8be8266a76fb70e7cac3d72b5c0ac3a764e57b0532fa2541e025e2322139517a1e4661dc049c26af6b6629090402783cf58819a7dcf4d
7
+ data.tar.gz: fb790b5ddccedcc27d781b9795b5c49b3ad51546fbb9e68b7d434239f5d58047d97e0e02a7c59a15a5f536b32aad7d92d8b981bf97b02e4886321f97566aa509
data/.travis.yml CHANGED
@@ -11,16 +11,13 @@ matrix:
11
11
  - LABEL=unit_tests
12
12
  after_success:
13
13
  - coveralls
14
- - rvm: 2.3.0
15
- env:
16
- - LABEL=unit_tests
17
- - rvm: 2.2.0
14
+ - rvm: 2.4.1
18
15
  env:
19
16
  - LABEL=unit_tests
20
- - rvm: 2.1.3
17
+ - rvm: 2.3.0
21
18
  env:
22
19
  - LABEL=unit_tests
23
- - rvm: 2.0.0
20
+ - rvm: 2.2.0
24
21
  env:
25
22
  - LABEL=unit_tests
26
23
  - rvm: 2.3.0
data/bin/ssh_scan CHANGED
@@ -226,25 +226,25 @@ unless File.exist?(options["policy"])
226
226
  end
227
227
 
228
228
  # Check to see if we're running the latest released version
229
- if !options["suppress_update_status"]
230
- update = SSHScan::Update.new
231
- if update.newer_gem_available?
232
- options["logger"].warn(
233
- "You're NOT using the latest version of ssh_scan, try 'gem update \
234
- ssh_scan' to get the latest"
235
- )
236
- else
237
- if update.errors.any?
238
- update.errors.each do |error|
239
- options["logger"].error(error)
240
- end
241
- else
242
- options["logger"].info(
243
- "You're using the latest version of ssh_scan #{SSHScan::VERSION}"
244
- )
245
- end
246
- end
247
- end
229
+ #if !options["suppress_update_status"]
230
+ # update = SSHScan::Update.new
231
+ # if update.newer_gem_available?
232
+ # options["logger"].warn(
233
+ # "You're NOT using the latest version of ssh_scan, try 'gem update \
234
+ #ssh_scan' to get the latest"
235
+ # )
236
+ # else
237
+ # if update.errors.any?
238
+ # update.errors.each do |error|
239
+ # options["logger"].error(error)
240
+ # end
241
+ # else
242
+ # options["logger"].info(
243
+ # "You're using the latest version of ssh_scan #{SSHScan::VERSION}"
244
+ # )
245
+ # end
246
+ # end
247
+ #end
248
248
 
249
249
  # Limit scope of fingerprints DB to (per scan)
250
250
  if options["fingerprint_database"] && File.exists?(options["fingerprint_database"])
data/lib/ssh_scan/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SSHScan
2
- VERSION = '0.0.19'
2
+ VERSION = '0.0.20'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssh_scan
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.19
4
+ version: 0.0.20
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Claudius
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2017-04-18 00:00:00.000000000 Z
15
+ date: 2017-05-12 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: bindata
@@ -144,8 +144,6 @@ description: A Ruby-based SSH scanner for configuration and policy scanning
144
144
  email: jclaudius@mozilla.com
145
145
  executables:
146
146
  - ssh_scan
147
- - ssh_scan_worker
148
- - ssh_scan_worker_example_config.yml
149
147
  extensions: []
150
148
  extra_rdoc_files: []
151
149
  files:
@@ -157,11 +155,8 @@ files:
157
155
  - README.md
158
156
  - Rakefile
159
157
  - bin/ssh_scan
160
- - bin/ssh_scan_worker
161
- - bin/ssh_scan_worker_example_config.yml
162
158
  - config/policies/mozilla_intermediate.yml
163
159
  - config/policies/mozilla_modern.yml
164
- - config/worker/config.yml
165
160
  - data/README
166
161
  - data/ssh-badkeys/LICENSE
167
162
  - data/ssh-badkeys/README.md
@@ -391,7 +386,6 @@ files:
391
386
  - lib/ssh_scan/target_parser.rb
392
387
  - lib/ssh_scan/update.rb
393
388
  - lib/ssh_scan/version.rb
394
- - lib/ssh_scan/worker.rb
395
389
  - lib/string_ext.rb
396
390
  - ssh_scan.gemspec
397
391
  homepage: http://rubygems.org/gems/ssh_scan
data/bin/ssh_scan_worker DELETED
@@ -1,14 +0,0 @@
1
- #!/usr/bin/env ruby
2
- $:.unshift File.join(File.dirname(__FILE__), "../lib")
3
-
4
- require 'ssh_scan'
5
-
6
- # Get the worker config from command-line or via an example location
7
- config_file = ARGV[0] ||
8
- File.join(
9
- File.dirname(__FILE__),
10
- "../config/worker/config.yml"
11
- )
12
-
13
- worker = SSHScan::Worker.from_config_file(config_file)
14
- worker.run!
data/config/worker/config.yml DELETED
@@ -1,22 +0,0 @@
1
- # The location of the API server
2
- server: 127.0.0.1
3
-
4
- # The port of the API server
5
- port: 8000
6
-
7
- # Scheme (http/https)
8
- # http - useful for development
9
- # https - recommended for production
10
- scheme: http
11
-
12
- # SSL/TLS verify - has no effect is scheme is not set to https
13
- # false - don't verify SSL/TLS (useful for development)
14
- # true - verify SSL/TLS (recommended for production)
15
- verify: false
16
-
17
- # Where to send worker logs to (default: STDOUT)
18
- #logger: ./bin/ssh_scan_worker.log
19
-
20
- # Authentication - if using authentication on the API, you'll
21
- # need to have an auth token with matches in the API configuration
22
- # auth_token: INSERT_WORKER_TOKEN
data/lib/ssh_scan/worker.rb DELETED
@@ -1,119 +0,0 @@
1
- require 'ssh_scan/scan_engine'
2
- require 'openssl'
3
- require 'net/https'
4
-
5
- module SSHScan
6
- class Worker
7
- def initialize(opts = {})
8
- @server = opts["server"] || "127.0.0.1"
9
- @scheme = opts["scheme"] || "http"
10
- @verify = opts["verify"] || "false"
11
- @port = opts["port"] || 8000
12
- @logger = setup_logger(opts["logger"])
13
- @poll_interval = 5 # seconds
14
- @worker_id = SecureRandom.uuid
15
- @verify_ssl = false
16
- @auth_token = opts["auth_token"] || nil
17
- end
18
-
19
- def setup_logger(logger)
20
- case logger
21
- when Logger
22
- return logger
23
- when String
24
- return Logger.new(logger)
25
- end
26
-
27
- return Logger.new(STDOUT)
28
- end
29
-
30
- def self.from_config_file(file_string)
31
- opts = YAML.load_file(file_string)
32
- SSHScan::Worker.new(opts)
33
- end
34
-
35
- def run!
36
- loop do
37
- begin
38
- response = retrieve_work
39
- if response["work"]
40
- job = response["work"]
41
- results = perform_work(job)
42
- post_results(results, job)
43
- else
44
- @logger.info("No jobs available (waiting 5 seconds)")
45
- sleep 5
46
- next
47
- end
48
- rescue Errno::ECONNREFUSED
49
- @logger.error("Cannot reach API endpoint, waiting 5 seconds")
50
- sleep 5
51
- rescue RuntimeError => e
52
- @logger.error(e.inspect)
53
- end
54
- end
55
- end
56
-
57
- def retrieve_work
58
- (Net::HTTP::SSL_IVNAMES << :@ssl_options).uniq!
59
- (Net::HTTP::SSL_ATTRIBUTES << :options).uniq!
60
-
61
- Net::HTTP.class_eval do
62
- attr_accessor :ssl_options
63
- end
64
-
65
- uri = URI(
66
- "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
67
- work?worker_id=#{@worker_id}"
68
- )
69
- http = Net::HTTP.new(uri.host, uri.port)
70
-
71
- if @scheme == "https"
72
- http.use_ssl = true
73
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
74
- options_mask =
75
- OpenSSL::SSL::OP_NO_SSLv2 +
76
- OpenSSL::SSL::OP_NO_SSLv3 +
77
- OpenSSL::SSL::OP_NO_COMPRESSION
78
- http.ssl_options = options_mask
79
- end
80
-
81
- request = Net::HTTP::Get.new(uri.path)
82
- request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
83
- response = http.request(request)
84
- JSON.parse(response.body)
85
- end
86
-
87
- def perform_work(job)
88
- @logger.info("Started job: #{job["uuid"]}")
89
- scan_engine = SSHScan::ScanEngine.new
90
- results = scan_engine.scan(job)
91
- @logger.info("Completed job: #{job["uuid"]}")
92
- return results
93
- end
94
-
95
- def post_results(results, job)
96
- uri = URI(
97
- "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
98
- work/results/#{@worker_id}/#{job["uuid"]}"
99
- )
100
- http = Net::HTTP.new(uri.host, uri.port)
101
-
102
- if @scheme == "https"
103
- http.use_ssl = true
104
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
105
- options_mask =
106
- OpenSSL::SSL::OP_NO_SSLv2 +
107
- OpenSSL::SSL::OP_NO_SSLv3 +
108
- OpenSSL::SSL::OP_NO_COMPRESSION
109
- http.ssl_options = options_mask
110
- end
111
-
112
- request = Net::HTTP::Post.new(uri.path)
113
- request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
114
- request.body = results.to_json
115
- http.request(request)
116
- @logger.info("Posted job: #{job["uuid"]}")
117
- end
118
- end
119
- end