ssh_scan 0.0.19 → 0.0.20
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +3 -6
- data/bin/ssh_scan +19 -19
- data/lib/ssh_scan/version.rb +1 -1
- metadata +2 -8
- data/bin/ssh_scan_worker +0 -14
- data/config/worker/config.yml +0 -22
- data/lib/ssh_scan/worker.rb +0 -119
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7ed1c774b96d1bb34de978e7c39e82d2206e340f
|
4
|
+
data.tar.gz: 873692c2cd13f0aac4e1bc7842deb2cc6858af7e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 25227d81b0b50a3576b8be8266a76fb70e7cac3d72b5c0ac3a764e57b0532fa2541e025e2322139517a1e4661dc049c26af6b6629090402783cf58819a7dcf4d
|
7
|
+
data.tar.gz: fb790b5ddccedcc27d781b9795b5c49b3ad51546fbb9e68b7d434239f5d58047d97e0e02a7c59a15a5f536b32aad7d92d8b981bf97b02e4886321f97566aa509
|
data/.travis.yml
CHANGED
@@ -11,16 +11,13 @@ matrix:
|
|
11
11
|
- LABEL=unit_tests
|
12
12
|
after_success:
|
13
13
|
- coveralls
|
14
|
-
- rvm: 2.
|
15
|
-
env:
|
16
|
-
- LABEL=unit_tests
|
17
|
-
- rvm: 2.2.0
|
14
|
+
- rvm: 2.4.1
|
18
15
|
env:
|
19
16
|
- LABEL=unit_tests
|
20
|
-
- rvm: 2.
|
17
|
+
- rvm: 2.3.0
|
21
18
|
env:
|
22
19
|
- LABEL=unit_tests
|
23
|
-
- rvm: 2.
|
20
|
+
- rvm: 2.2.0
|
24
21
|
env:
|
25
22
|
- LABEL=unit_tests
|
26
23
|
- rvm: 2.3.0
|
data/bin/ssh_scan
CHANGED
@@ -226,25 +226,25 @@ unless File.exist?(options["policy"])
|
|
226
226
|
end
|
227
227
|
|
228
228
|
# Check to see if we're running the latest released version
|
229
|
-
if !options["suppress_update_status"]
|
230
|
-
update = SSHScan::Update.new
|
231
|
-
if update.newer_gem_available?
|
232
|
-
options["logger"].warn(
|
233
|
-
"You're NOT using the latest version of ssh_scan, try 'gem update \
|
234
|
-
ssh_scan' to get the latest"
|
235
|
-
)
|
236
|
-
else
|
237
|
-
if update.errors.any?
|
238
|
-
update.errors.each do |error|
|
239
|
-
options["logger"].error(error)
|
240
|
-
end
|
241
|
-
else
|
242
|
-
options["logger"].info(
|
243
|
-
"You're using the latest version of ssh_scan #{SSHScan::VERSION}"
|
244
|
-
)
|
245
|
-
end
|
246
|
-
end
|
247
|
-
end
|
229
|
+
#if !options["suppress_update_status"]
|
230
|
+
# update = SSHScan::Update.new
|
231
|
+
# if update.newer_gem_available?
|
232
|
+
# options["logger"].warn(
|
233
|
+
# "You're NOT using the latest version of ssh_scan, try 'gem update \
|
234
|
+
#ssh_scan' to get the latest"
|
235
|
+
# )
|
236
|
+
# else
|
237
|
+
# if update.errors.any?
|
238
|
+
# update.errors.each do |error|
|
239
|
+
# options["logger"].error(error)
|
240
|
+
# end
|
241
|
+
# else
|
242
|
+
# options["logger"].info(
|
243
|
+
# "You're using the latest version of ssh_scan #{SSHScan::VERSION}"
|
244
|
+
# )
|
245
|
+
# end
|
246
|
+
# end
|
247
|
+
#end
|
248
248
|
|
249
249
|
# Limit scope of fingerprints DB to (per scan)
|
250
250
|
if options["fingerprint_database"] && File.exists?(options["fingerprint_database"])
|
data/lib/ssh_scan/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ssh_scan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.20
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathan Claudius
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2017-
|
15
|
+
date: 2017-05-12 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: bindata
|
@@ -144,8 +144,6 @@ description: A Ruby-based SSH scanner for configuration and policy scanning
|
|
144
144
|
email: jclaudius@mozilla.com
|
145
145
|
executables:
|
146
146
|
- ssh_scan
|
147
|
-
- ssh_scan_worker
|
148
|
-
- ssh_scan_worker_example_config.yml
|
149
147
|
extensions: []
|
150
148
|
extra_rdoc_files: []
|
151
149
|
files:
|
@@ -157,11 +155,8 @@ files:
|
|
157
155
|
- README.md
|
158
156
|
- Rakefile
|
159
157
|
- bin/ssh_scan
|
160
|
-
- bin/ssh_scan_worker
|
161
|
-
- bin/ssh_scan_worker_example_config.yml
|
162
158
|
- config/policies/mozilla_intermediate.yml
|
163
159
|
- config/policies/mozilla_modern.yml
|
164
|
-
- config/worker/config.yml
|
165
160
|
- data/README
|
166
161
|
- data/ssh-badkeys/LICENSE
|
167
162
|
- data/ssh-badkeys/README.md
|
@@ -391,7 +386,6 @@ files:
|
|
391
386
|
- lib/ssh_scan/target_parser.rb
|
392
387
|
- lib/ssh_scan/update.rb
|
393
388
|
- lib/ssh_scan/version.rb
|
394
|
-
- lib/ssh_scan/worker.rb
|
395
389
|
- lib/string_ext.rb
|
396
390
|
- ssh_scan.gemspec
|
397
391
|
homepage: http://rubygems.org/gems/ssh_scan
|
data/bin/ssh_scan_worker
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
$:.unshift File.join(File.dirname(__FILE__), "../lib")
|
3
|
-
|
4
|
-
require 'ssh_scan'
|
5
|
-
|
6
|
-
# Get the worker config from command-line or via an example location
|
7
|
-
config_file = ARGV[0] ||
|
8
|
-
File.join(
|
9
|
-
File.dirname(__FILE__),
|
10
|
-
"../config/worker/config.yml"
|
11
|
-
)
|
12
|
-
|
13
|
-
worker = SSHScan::Worker.from_config_file(config_file)
|
14
|
-
worker.run!
|
data/config/worker/config.yml
DELETED
@@ -1,22 +0,0 @@
|
|
1
|
-
# The location of the API server
|
2
|
-
server: 127.0.0.1
|
3
|
-
|
4
|
-
# The port of the API server
|
5
|
-
port: 8000
|
6
|
-
|
7
|
-
# Scheme (http/https)
|
8
|
-
# http - useful for development
|
9
|
-
# https - recommended for production
|
10
|
-
scheme: http
|
11
|
-
|
12
|
-
# SSL/TLS verify - has no effect is scheme is not set to https
|
13
|
-
# false - don't verify SSL/TLS (useful for development)
|
14
|
-
# true - verify SSL/TLS (recommended for production)
|
15
|
-
verify: false
|
16
|
-
|
17
|
-
# Where to send worker logs to (default: STDOUT)
|
18
|
-
#logger: ./bin/ssh_scan_worker.log
|
19
|
-
|
20
|
-
# Authentication - if using authentication on the API, you'll
|
21
|
-
# need to have an auth token with matches in the API configuration
|
22
|
-
# auth_token: INSERT_WORKER_TOKEN
|
data/lib/ssh_scan/worker.rb
DELETED
@@ -1,119 +0,0 @@
|
|
1
|
-
require 'ssh_scan/scan_engine'
|
2
|
-
require 'openssl'
|
3
|
-
require 'net/https'
|
4
|
-
|
5
|
-
module SSHScan
|
6
|
-
class Worker
|
7
|
-
def initialize(opts = {})
|
8
|
-
@server = opts["server"] || "127.0.0.1"
|
9
|
-
@scheme = opts["scheme"] || "http"
|
10
|
-
@verify = opts["verify"] || "false"
|
11
|
-
@port = opts["port"] || 8000
|
12
|
-
@logger = setup_logger(opts["logger"])
|
13
|
-
@poll_interval = 5 # seconds
|
14
|
-
@worker_id = SecureRandom.uuid
|
15
|
-
@verify_ssl = false
|
16
|
-
@auth_token = opts["auth_token"] || nil
|
17
|
-
end
|
18
|
-
|
19
|
-
def setup_logger(logger)
|
20
|
-
case logger
|
21
|
-
when Logger
|
22
|
-
return logger
|
23
|
-
when String
|
24
|
-
return Logger.new(logger)
|
25
|
-
end
|
26
|
-
|
27
|
-
return Logger.new(STDOUT)
|
28
|
-
end
|
29
|
-
|
30
|
-
def self.from_config_file(file_string)
|
31
|
-
opts = YAML.load_file(file_string)
|
32
|
-
SSHScan::Worker.new(opts)
|
33
|
-
end
|
34
|
-
|
35
|
-
def run!
|
36
|
-
loop do
|
37
|
-
begin
|
38
|
-
response = retrieve_work
|
39
|
-
if response["work"]
|
40
|
-
job = response["work"]
|
41
|
-
results = perform_work(job)
|
42
|
-
post_results(results, job)
|
43
|
-
else
|
44
|
-
@logger.info("No jobs available (waiting 5 seconds)")
|
45
|
-
sleep 5
|
46
|
-
next
|
47
|
-
end
|
48
|
-
rescue Errno::ECONNREFUSED
|
49
|
-
@logger.error("Cannot reach API endpoint, waiting 5 seconds")
|
50
|
-
sleep 5
|
51
|
-
rescue RuntimeError => e
|
52
|
-
@logger.error(e.inspect)
|
53
|
-
end
|
54
|
-
end
|
55
|
-
end
|
56
|
-
|
57
|
-
def retrieve_work
|
58
|
-
(Net::HTTP::SSL_IVNAMES << :@ssl_options).uniq!
|
59
|
-
(Net::HTTP::SSL_ATTRIBUTES << :options).uniq!
|
60
|
-
|
61
|
-
Net::HTTP.class_eval do
|
62
|
-
attr_accessor :ssl_options
|
63
|
-
end
|
64
|
-
|
65
|
-
uri = URI(
|
66
|
-
"#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
|
67
|
-
work?worker_id=#{@worker_id}"
|
68
|
-
)
|
69
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
70
|
-
|
71
|
-
if @scheme == "https"
|
72
|
-
http.use_ssl = true
|
73
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
|
74
|
-
options_mask =
|
75
|
-
OpenSSL::SSL::OP_NO_SSLv2 +
|
76
|
-
OpenSSL::SSL::OP_NO_SSLv3 +
|
77
|
-
OpenSSL::SSL::OP_NO_COMPRESSION
|
78
|
-
http.ssl_options = options_mask
|
79
|
-
end
|
80
|
-
|
81
|
-
request = Net::HTTP::Get.new(uri.path)
|
82
|
-
request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
|
83
|
-
response = http.request(request)
|
84
|
-
JSON.parse(response.body)
|
85
|
-
end
|
86
|
-
|
87
|
-
def perform_work(job)
|
88
|
-
@logger.info("Started job: #{job["uuid"]}")
|
89
|
-
scan_engine = SSHScan::ScanEngine.new
|
90
|
-
results = scan_engine.scan(job)
|
91
|
-
@logger.info("Completed job: #{job["uuid"]}")
|
92
|
-
return results
|
93
|
-
end
|
94
|
-
|
95
|
-
def post_results(results, job)
|
96
|
-
uri = URI(
|
97
|
-
"#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
|
98
|
-
work/results/#{@worker_id}/#{job["uuid"]}"
|
99
|
-
)
|
100
|
-
http = Net::HTTP.new(uri.host, uri.port)
|
101
|
-
|
102
|
-
if @scheme == "https"
|
103
|
-
http.use_ssl = true
|
104
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
|
105
|
-
options_mask =
|
106
|
-
OpenSSL::SSL::OP_NO_SSLv2 +
|
107
|
-
OpenSSL::SSL::OP_NO_SSLv3 +
|
108
|
-
OpenSSL::SSL::OP_NO_COMPRESSION
|
109
|
-
http.ssl_options = options_mask
|
110
|
-
end
|
111
|
-
|
112
|
-
request = Net::HTTP::Post.new(uri.path)
|
113
|
-
request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
|
114
|
-
request.body = results.to_json
|
115
|
-
http.request(request)
|
116
|
-
@logger.info("Posted job: #{job["uuid"]}")
|
117
|
-
end
|
118
|
-
end
|
119
|
-
end
|