ssh_scan 0.0.38 → 0.0.39

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2256af6879617ca3c773dfe970eb2614923210c5e12c4a0e0195b07de6bd5dd6
-  data.tar.gz: 33e2317b550a08fd59baf2a6d8f6472cef671422552aca00453a612b72c12bae
+  metadata.gz: 913c588395b88fe25aae08930d7ef15984f75eab0c6976ef868d9c6fbe062f1c
+  data.tar.gz: '0166380a16b6e1f380e4af64d610440bf668b6741985f320fbe6e1dc916cf55f'
 SHA512:
-  metadata.gz: aa9c2bcc2ba4a8b959a2518e74dc55851d6e631f260de76d711acc350e32ecd8e10746ea8792661276d10d40e8651b9203cea533a8ec02e241a39f8577c225e4
-  data.tar.gz: 9319c177d2cf3eaca666f54c29367293ff525be8d9e6f04d17529b9488905529a01994a6c9ef4c37901a918b8aec72b0d3f2675458fc786ad0b7a8ceac0f8cd9
+  metadata.gz: 072a07a4d37cf493a5f295e757cd6b330ceeae98b3dd989500a27df4faa6be29def8ff5e6f48ece3b0784e80571b4bfbb873b6fbdb4900c2f1deb66f7c9b5666
+  data.tar.gz: 7b8c97061c7a57b30c8d77544abe8626209196a55808a990f3dc28dc8e6f1fdf94fd1dad73853a0adc98a8b8cccfdd42d3303e3d3a92478fe9ff34eca186315f

data/lib/ssh_scan/public_key.rb

@@ -0,0 +1,59 @@
+require 'openssl'
+require 'sshkey'
+require 'base64'
+
+module SSHScan
+  # All cryptography related methods.
+  module Crypto
+    # House methods helpful in analysing SSH public keys.
+    class PublicKey
+      def initialize(key_string)
+        @key_string = key_string
+      end
+
+      def valid?
+        SSHKey.valid_ssh_public_key?(@key_string)
+      end
+
+      def type
+        if @key_string.start_with?("ssh-rsa")
+          return "rsa"
+        elsif @key_string.start_with?("ssh-dss")
+          return "dsa"
+        else
+          return "unknown"
+        end 
+      end
+
+      def length
+        SSHKey.ssh_public_key_bits(@key_string)
+      end
+
+      def fingerprint_md5
+        SSHKey.fingerprint(@key_string)
+      end
+
+      def fingerprint_sha1
+        SSHKey.sha1_fingerprint(@key_string)
+      end    
+
+      def fingerprint_sha256
+        SSHKey.sha256_fingerprint(@key_string)
+      end
+
+      def to_hash
+        {
+          self.type => {
+            "raw" => @key_string,
+            "length" => self.length,
+            "fingerprints" => {
+              "md5" => self.fingerprint_md5,
+              "sha1" => self.fingerprint_sha1,
+              "sha256" => self.fingerprint_sha256
+            }
+          }
+        }
+      end
+    end
+  end
+end

data/lib/ssh_scan/result.rb

@@ -8,7 +8,7 @@ module SSHScan
   class Result
     def initialize()
       @version = SSHScan::VERSION
-      @fingerprints = nil
+      @keys = nil
       @duplicate_host_key_ips = Set.new()
       @compliance = {}
     end
@@ -157,12 +157,12 @@ module SSHScan
       @auth_methods = auth_methods
     end
 
-    def fingerprints=(fingerprints)
-      @fingerprints = fingerprints
+    def keys=(keys)
+      @keys = keys
     end
 
-    def fingerprints
-      @fingerprints
+    def keys
+      @keys
     end
 
     def duplicate_host_key_ips=(duplicate_host_key_ips)
@@ -249,8 +249,8 @@ module SSHScan
       	"languages_client_to_server" => self.languages_client_to_server,
       	"languages_server_to_client" => self.languages_server_to_client,
       	"auth_methods" => self.auth_methods,
-        "fingerprints" => self.fingerprints,
-        "duplicate_host_key_ips" => self.duplicate_host_key_ips,
+        "keys" => self.keys,
+        "duplicate_host_key_ips" => self.duplicate_host_key_ips.uniq,
       	"compliance" => @compliance,
         "start_time" => self.start_time,
         "end_time" => self.end_time,

data/lib/ssh_scan/scan_engine.rb

@@ -1,6 +1,6 @@
 require 'socket'
 require 'ssh_scan/client'
-require 'ssh_scan/crypto'
+require 'ssh_scan/public_key'
 require 'ssh_scan/fingerprint_database'
 require 'ssh_scan/subprocess'
 require 'net/ssh'
@@ -119,7 +119,7 @@ module SSHScan
       end
 
       # Figure out what rsa or dsa fingerprints exist
-      fingerprints = {}
+      keys = {}
 
       output = ""
 
@@ -136,31 +136,17 @@ module SSHScan
 
       for i in 0..host_keys_len
         if host_keys[i].eql? "ssh-dss"
-          pkey = SSHScan::Crypto::PublicKey.new(host_keys[i + 1])
-          fingerprints.merge!({
-            "dsa" => {
-              "known_bad" => pkey.bad_key?.to_s,
-              "md5" => pkey.fingerprint_md5,
-              "sha1" => pkey.fingerprint_sha1,
-              "sha256" => pkey.fingerprint_sha256,
-            }
-          })
+          key = SSHScan::Crypto::PublicKey.new([host_keys[i], host_keys[i + 1]].join(" "))
+          keys.merge!(key.to_hash)
         end
 
         if host_keys[i].eql? "ssh-rsa"
-          pkey = SSHScan::Crypto::PublicKey.new(host_keys[i + 1])
-          fingerprints.merge!({
-            "rsa" => {
-              "known_bad" => pkey.bad_key?.to_s,
-              "md5" => pkey.fingerprint_md5,
-              "sha1" => pkey.fingerprint_sha1,
-              "sha256" => pkey.fingerprint_sha256,
-            }
-          })
+          key = SSHScan::Crypto::PublicKey.new([host_keys[i], host_keys[i + 1]].join(" "))
+          keys.merge!(key.to_hash)
         end
       end
 
-      result.fingerprints = fingerprints
+      result.keys = keys
       result.set_end_time
 
       return result
@@ -200,12 +186,10 @@ module SSHScan
       results.each do |result|
         fingerprint_db.clear_fingerprints(result.ip)
 
-        if result.fingerprints
-          result.fingerprints.values.each do |host_key_algo|
-            host_key_algo.each do |fingerprint|
-              key, value = fingerprint
-              next if key == "known_bad"
-              fingerprint_db.add_fingerprint(value, result.ip)
+        if result.keys
+          result.keys.values.each do |host_key_algo|
+            host_key_algo['fingerprints'].values.each do |fingerprint|
+              fingerprint_db.add_fingerprint(fingerprint, result.ip)
             end
           end
         end
@@ -213,20 +197,17 @@ module SSHScan
 
       # Decorate all the results with duplicate keys
       results.each do |result|
-        if result.fingerprints
+        if result.keys
           ip = result.ip
           result.duplicate_host_key_ips = []
-          result.fingerprints.values.each do |host_key_algo|
-            host_key_algo.each do |fingerprint|
-              key, value = fingerprint
-              next if key == "known_bad"
-              fingerprint_db.find_fingerprints(value).each do |other_ip|
+          result.keys.values.each do |host_key_algo|
+            host_key_algo["fingerprints"].values.each do |fingerprint|
+              fingerprint_db.find_fingerprints(fingerprint).each do |other_ip|
                 next if ip == other_ip
                 result.duplicate_host_key_ips << other_ip
               end
             end
           end
-          result.duplicate_host_key_ips
         end
       end
 

data/lib/ssh_scan/version.rb

@@ -1,3 +1,3 @@
 module SSHScan
-  VERSION = '0.0.38'
+  VERSION = '0.0.39'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssh_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.38
+  version: 0.0.39
 platform: ruby
 authors:
 - Jonathan Claudius
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-17 00:00:00.000000000 Z
+date: 2019-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -163,7 +163,6 @@ files:
 - lib/ssh_scan/banner.rb
 - lib/ssh_scan/client.rb
 - lib/ssh_scan/constants.rb
-- lib/ssh_scan/crypto.rb
 - lib/ssh_scan/error.rb
 - lib/ssh_scan/error/closed_connection.rb
 - lib/ssh_scan/error/connect_timeout.rb
@@ -188,6 +187,7 @@ files:
 - lib/ssh_scan/policy.rb
 - lib/ssh_scan/policy_manager.rb
 - lib/ssh_scan/protocol.rb
+- lib/ssh_scan/public_key.rb
 - lib/ssh_scan/result.rb
 - lib/ssh_scan/scan_engine.rb
 - lib/ssh_scan/ssh_lib.rb

data/lib/ssh_scan/crypto.rb

@@ -1,60 +0,0 @@
-require 'openssl'
-require 'sshkey'
-require 'base64'
-
-module SSHScan
-  # All cryptography related methods.
-  module Crypto
-    # House methods helpful in analysing SSH public keys.
-    class PublicKey
-      def initialize(key)
-        @key = key
-      end
-
-      # Is the current key known to be in our known bad key list
-      # @return [Boolean] true if this {SSHScan::Crypto::PublicKey}
-      #   instance's key is also in {SSHScan::Crypto}'s
-      #   bad_public_keys, otherwise false
-      def bad_key?
-        SSHScan::Crypto.bad_public_keys.each do |other_key|
-          if self.fingerprint_sha256 == other_key.fingerprint_sha256
-            return true
-          end
-        end
-
-        return false
-      end
-
-      # Generate MD5 fingerprint for this {SSHScan::Crypto::PublicKey} instance.
-      # @return [String] formatted MD5 fingerprint
-      def fingerprint_md5
-        OpenSSL::Digest::MD5.hexdigest(::Base64.decode64(@key)).scan(/../).join(':')
-      end
-
-      # Generate SHA1 fingerprint for this {SSHScan::Crypto::PublicKey} instance.
-      # @return [String] formatted SHA1 fingerprint
-      def fingerprint_sha1
-        OpenSSL::Digest::SHA1.hexdigest(::Base64.decode64(@key)).scan(/../).join(':')
-      end
-
-      # Generate SHA256 fingerprint for this {SSHScan::Crypto::PublicKey} instance.
-      # @return [String] formatted SHA256 fingerprint
-      def fingerprint_sha256
-        OpenSSL::Digest::SHA256.hexdigest(::Base64.decode64(@key)).scan(/../).join(':')
-      end
-    end
-
-    def self.bad_public_keys
-      bad_keys = []
-
-      Dir.glob("data/ssh-badkeys/host/*.key").each do |file_path|
-        file = File.read(File.expand_path(file_path))
-        key = SSHKey.new(file)
-        bad_keys << SSHScan::Crypto::PublicKey.new(key.ssh_public_key.split[1])
-      end
-
-      return bad_keys
-    end
-
-  end
-end