ssh_scan 0.0.25 → 0.0.26
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/data/fingerprints.yml +4 -4
- data/lib/ssh_scan/attribute.rb +27 -0
- data/lib/ssh_scan/policy.rb +17 -0
- data/lib/ssh_scan/policy_manager.rb +10 -8
- data/lib/ssh_scan/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d24a75be619ed3b8567cce7be9e5ac20b0acd720
|
|
4
|
+
data.tar.gz: 65d64750b90635a8e146752fc74671150cbfddf0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 699dadeff7f4c746b64f08e9119bc19c2186f79a07843e202b98b7e05178ef10cea6b728e355dab134e2aa33f0c95cb2a4b229a0aa3fa3277f9dc0b1e969fc3b
|
|
7
|
+
data.tar.gz: 612f62c3345e61807a0fee2a021b3a7f8d83d3e2fb10ad32c7f2acee1929c91f8759e30c46c823c9ea91d9c2390e55e18b0d9989c269ee1b0a7ea3af62fd778c
|
data/data/fingerprints.yml
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
---
|
|
2
|
-
45.
|
|
3
|
-
-
|
|
4
|
-
-
|
|
5
|
-
-
|
|
2
|
+
45.55.176.164:
|
|
3
|
+
- 4f:17:6e:38:63:0c:af:1c:f4:97:4f:ab:04:b4:47:a0
|
|
4
|
+
- 8c:71:d0:85:e5:2e:4c:24:34:4b:97:0a:af:37:f4:09:41:8d:ae:6d
|
|
5
|
+
- b5:b1:f8:2f:99:4e:88:bc:9d:6c:81:2b:9f:1c:db:44:2d:dd:e5:66:cb:49:bf:7e:e1:1a:a2:5f:d1:39:d2:16
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
require 'yaml'
|
|
2
|
+
|
|
3
|
+
module SSHScan
|
|
4
|
+
# A helper to turn array of strings into arrays of attributes for quick comparison
|
|
5
|
+
def self.make_attributes(array)
|
|
6
|
+
array.map {|item| SSHScan::Attribute.new(item)}
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
# A class for making attribute comparison possible beyond simple string comparison
|
|
10
|
+
class Attribute
|
|
11
|
+
def initialize(attribute_string)
|
|
12
|
+
@attribute_string = attribute_string
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def to_s
|
|
16
|
+
@attribute_string
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def base
|
|
20
|
+
@attribute_string.split("@").first
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def ==(other)
|
|
24
|
+
self.base == other.base
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
data/lib/ssh_scan/policy.rb
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'yaml'
|
|
2
|
+
require 'ssh_scan/attribute'
|
|
2
3
|
|
|
3
4
|
module SSHScan
|
|
4
5
|
# Policy methods that deal with key exchange, macs, encryption methods,
|
|
@@ -27,6 +28,22 @@ module SSHScan
|
|
|
27
28
|
self.new(opts)
|
|
28
29
|
end
|
|
29
30
|
|
|
31
|
+
def kex_attributes
|
|
32
|
+
SSHScan.make_attributes(@kex)
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def mac_attributes
|
|
36
|
+
SSHScan.make_attributes(@macs)
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
def encryption_attributes
|
|
40
|
+
SSHScan.make_attributes(@encryption)
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
def compression_attributes
|
|
44
|
+
SSHScan.make_attributes(@compression)
|
|
45
|
+
end
|
|
46
|
+
|
|
30
47
|
# Generate a {SSHScan::Policy} object from YAML string.
|
|
31
48
|
# @param string [String] YAML string
|
|
32
49
|
# @return [SSHScan::Policy] new instance with parameters loaded
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require 'ssh_scan/attribute'
|
|
2
|
+
|
|
1
3
|
module SSHScan
|
|
2
4
|
# Policy management methods, compliance checking and recommendations.
|
|
3
5
|
class PolicyManager
|
|
@@ -13,7 +15,7 @@ module SSHScan
|
|
|
13
15
|
@result.encryption_algorithms_server_to_client
|
|
14
16
|
outliers = []
|
|
15
17
|
target_encryption.each do |target_enc|
|
|
16
|
-
outliers << target_enc unless @policy.
|
|
18
|
+
outliers << target_enc unless @policy.encryption_attributes.include?(SSHScan::Attribute.new(target_enc))
|
|
17
19
|
end
|
|
18
20
|
return outliers
|
|
19
21
|
end
|
|
@@ -25,7 +27,7 @@ module SSHScan
|
|
|
25
27
|
@result.encryption_algorithms_server_to_client
|
|
26
28
|
outliers = []
|
|
27
29
|
@policy.encryption.each do |encryption|
|
|
28
|
-
if target_encryption.include?(encryption) == false
|
|
30
|
+
if SSHScan.make_attributes(target_encryption).include?(SSHScan::Attribute.new(encryption)) == false
|
|
29
31
|
outliers << encryption
|
|
30
32
|
end
|
|
31
33
|
end
|
|
@@ -39,7 +41,7 @@ module SSHScan
|
|
|
39
41
|
@result.mac_algorithms_client_to_server
|
|
40
42
|
outliers = []
|
|
41
43
|
target_macs.each do |target_mac|
|
|
42
|
-
outliers << target_mac unless @policy.
|
|
44
|
+
outliers << target_mac unless @policy.mac_attributes.include?(SSHScan::Attribute.new(target_mac))
|
|
43
45
|
end
|
|
44
46
|
return outliers
|
|
45
47
|
end
|
|
@@ -52,7 +54,7 @@ module SSHScan
|
|
|
52
54
|
outliers = []
|
|
53
55
|
|
|
54
56
|
@policy.macs.each do |mac|
|
|
55
|
-
if target_macs.include?(mac) == false
|
|
57
|
+
if SSHScan.make_attributes(target_macs).include?(SSHScan::Attribute.new(mac)) == false
|
|
56
58
|
outliers << mac
|
|
57
59
|
end
|
|
58
60
|
end
|
|
@@ -64,7 +66,7 @@ module SSHScan
|
|
|
64
66
|
target_kexs = @result.key_algorithms
|
|
65
67
|
outliers = []
|
|
66
68
|
target_kexs.each do |target_kex|
|
|
67
|
-
outliers << target_kex unless @policy.
|
|
69
|
+
outliers << target_kex unless @policy.kex_attributes.include?(SSHScan::Attribute.new(target_kex))
|
|
68
70
|
end
|
|
69
71
|
return outliers
|
|
70
72
|
end
|
|
@@ -75,7 +77,7 @@ module SSHScan
|
|
|
75
77
|
outliers = []
|
|
76
78
|
|
|
77
79
|
@policy.kex.each do |kex|
|
|
78
|
-
if target_kex.include?(kex) == false
|
|
80
|
+
if SSHScan.make_attributes(target_kex).include?(SSHScan::Attribute.new(kex)) == false
|
|
79
81
|
outliers << kex
|
|
80
82
|
end
|
|
81
83
|
end
|
|
@@ -90,7 +92,7 @@ module SSHScan
|
|
|
90
92
|
outliers = []
|
|
91
93
|
target_compressions.each do |target_compression|
|
|
92
94
|
outliers << target_compression unless
|
|
93
|
-
@policy.
|
|
95
|
+
@policy.compression_attributes.include?(SSHScan::Attribute.new(target_compression))
|
|
94
96
|
end
|
|
95
97
|
return outliers
|
|
96
98
|
end
|
|
@@ -103,7 +105,7 @@ module SSHScan
|
|
|
103
105
|
outliers = []
|
|
104
106
|
|
|
105
107
|
@policy.compression.each do |compression|
|
|
106
|
-
if target_compressions.include?(compression) == false
|
|
108
|
+
if SSHScan.make_attributes(target_compressions).include?(SSHScan::Attribute.new(compression)) == false
|
|
107
109
|
outliers << compression
|
|
108
110
|
end
|
|
109
111
|
end
|
data/lib/ssh_scan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ssh_scan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.26
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jonathan Claudius
|
|
@@ -12,7 +12,7 @@ authors:
|
|
|
12
12
|
autorequire:
|
|
13
13
|
bindir: bin
|
|
14
14
|
cert_chain: []
|
|
15
|
-
date: 2017-07-
|
|
15
|
+
date: 2017-07-20 00:00:00.000000000 Z
|
|
16
16
|
dependencies:
|
|
17
17
|
- !ruby/object:Gem::Dependency
|
|
18
18
|
name: bindata
|
|
@@ -340,6 +340,7 @@ files:
|
|
|
340
340
|
- data/ssh-badkeys/host/zyxel-vmg1312_rsa.pub
|
|
341
341
|
- data/ssh-badkeys/host/zyxel-vmg1312_rsa.yml
|
|
342
342
|
- lib/ssh_scan.rb
|
|
343
|
+
- lib/ssh_scan/attribute.rb
|
|
343
344
|
- lib/ssh_scan/banner.rb
|
|
344
345
|
- lib/ssh_scan/client.rb
|
|
345
346
|
- lib/ssh_scan/constants.rb
|