ssh_scan 0.0.10 → 0.0.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6403790d58c64fd35088e7052eb051074a153b48
-  data.tar.gz: 8ca8d5eaa79005c5479719672f55c44bbd806b58
+  metadata.gz: 0e403b742bae642fd06efb786e0a8d0e8dcbf273
+  data.tar.gz: 7cd2a0a4b78a5ad4cef03a380c713f853e1e7522
 SHA512:
-  metadata.gz: 9ea2a32f03d07f1435f2582ef49bef0cb3b89a7ae60cfc7597c09989d5fa5c6dbda3eb1dd136a6fbc30fb960ff9ccb234ab15a646cf845d7fc2ead316cd268d6
-  data.tar.gz: 67e6065dbccd032dd3db6356397d24179db910570d3662f024ca3587ac4c7951d4ec4f6651671cebc548b2fbdae93f13025386c911fc386fb203f3b15d618429
+  metadata.gz: 33fd2a7cdaef54565ad83ec4337e8631f2cef0b52bcf0e4c99651eab3356c635447b360b435f1ffccff9d1453916c6c05a9b401d9f97c7ff9576fef5ba7bcf2d
+  data.tar.gz: d3b172476eb920ae6cceb1fdeabbf143acf42693f6536f9cfac05f010b0da552d9f7836f2bc643a419e0abf0e68f8e6b03849e5af40a7b388743206400736ec7

data/README.md

@@ -64,6 +64,7 @@ Run `ssh_scan -h` to get this
         -f, --file [FilePath]            File Path of the file containing IP/Range/Hostnames to scan
         -T, --timeout [seconds]          Timeout per connect after which ssh_scan gives up on the host
         -o, --output [FilePath]          File to write JSON output to
+        -O, --from_json [FilePath]       File to read JSON output from
         -p, --port [PORT]                Port (Default: 22)
         -P, --policy [FILE]              Custom policy file (Default: Mozilla Modern)
             --threads [NUMBER]           Number of worker threads (Default: 5)
@@ -79,6 +80,7 @@ Run `ssh_scan -h` to get this
       ssh_scan -t ::1 -T 5
       ssh_scan -f hosts.txt
       ssh_scan -o output.json
+      ssh_scan -O output.json -o rescan_output.json
       ssh_scan -t 192.168.1.1 -p 22222
       ssh_scan -t 192.168.1.1 -P custom_policy.yml
       ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml

data/bin/ssh_scan

@@ -3,14 +3,14 @@
 # Path setting slight of hand
 $:.unshift File.join(File.dirname(__FILE__), "../lib")
 
-require 'ssh_scan'
-require 'optparse'
+require 'json'
 require 'netaddr'
+require 'optparse'
+require 'ssh_scan'
 
 #Default options
 options = {
-  :targets => [],
-  :port => 22,
+  :sockets => [],
   :policy => File.expand_path("../../policies/mozilla_modern.yml", __FILE__),
   :unit_test => false,
   :timeout => 2,
@@ -26,7 +26,7 @@ opt_parser = OptionParser.new do |opts|
   opts.on("-t", "--target [IP/Range/Hostname]", Array,
           "IP/Ranges/Hostname to scan") do |ips|
     ips.each do |ip|
-      options[:targets] += target_parser.enumerateIPRange(ip)
+      options[:sockets] += target_parser.enumerateIPRange(ip)
     end
   end
 
@@ -37,8 +37,10 @@ opt_parser = OptionParser.new do |opts|
       exit
     end
     File.open(file).each do |line|
-      line.chomp.split(',').each do |ip|
-        options[:targets] += target_parser.enumerateIPRange(ip)
+      line.chomp.split(',').each do |socket|
+        ip, port = socket.chomp.split(':')
+        port = port.nil? ? 22 : port
+        options[:sockets] += target_parser.enumerateIPRange(ip, port)
       end
     end
   end
@@ -48,6 +50,20 @@ opt_parser = OptionParser.new do |opts|
     options[:timeout] = timeout.to_i
   end
 
+  opts.on("-O", "--from_json [FilePath]",
+          "File to read JSON output from") do |file|
+    unless File.exists?(file)
+      puts "\nReason: Invalid file"
+      exit
+    end
+    file = open(file)
+    json = file.read
+    parsed_json = JSON.parse(json)
+    parsed_json.each do |host|
+      options[:sockets] += target_parser.enumerateIPRange(host['ip'], host['port'])
+    end
+  end
+
   opts.on("-o", "--output [FilePath]",
           "File to write JSON output to") do |file|
     $stdout.reopen(file, "w")
@@ -55,7 +71,9 @@ opt_parser = OptionParser.new do |opts|
 
   opts.on("-p", "--port [PORT]",
           "Port (Default: 22)") do |port|
-    options[:port] = port.to_i
+    socket = options[:sockets].shift
+    ip = socket.chomp.split(':').shift
+    options[:sockets] += target_parser.enumerateIPRange(ip, port)
   end
 
   opts.on("-P", "--policy [FILE]",
@@ -88,6 +106,7 @@ opt_parser = OptionParser.new do |opts|
     puts "  ssh_scan -t ::1 -T 5"
     puts "  ssh_scan -f hosts.txt"
     puts "  ssh_scan -o output.json"
+    puts "  ssh_scan -O output.json -o rescan_output.json"
     puts "  ssh_scan -t 192.168.1.1 -p 22222"
     puts "  ssh_scan -t 192.168.1.1 -P custom_policy.yml"
     puts "  ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml"
@@ -98,24 +117,28 @@ end
 
 opt_parser.parse!
 
-if options[:targets].nil?
+if options[:sockets].nil?
   puts opt_parser.help
   puts "\nReason: no target specified"
   exit 1
 end
 
-options[:targets].each do |target|
-  unless target.ip_addr? || target.fqdn?
+options[:sockets].each do |socket|
+  ip, port = socket.chomp.split(':')
+  unless ip.ip_addr? || ip.fqdn?
     puts opt_parser.help
-    puts "\nReason: #{options[:targets]} is not a valid target"
+    puts "\nReason: #{socket} is not a valid target"
     exit 1
   end
 end
 
-unless (0..65535).include?(options[:port])
-  puts opt_parser.help
-  puts "\nReason: port supplied is not within acceptable range"
-  exit 1
+options[:sockets].each do |socket|
+  ip, port = socket.chomp.split(':')
+  unless (0..65535).include?(port.to_i)
+    puts opt_parser.help
+    puts "\nReason: port supplied is not within acceptable range"
+    exit 1
+  end
 end
 
 unless File.exists?(options[:policy])

data/lib/ssh_scan/banner.rb

@@ -33,7 +33,7 @@ module SSHScan
     def os_guess()
       case @string
       when /Ubuntu/i
-        return SSHScan::OS::Ubuntu.new
+        return SSHScan::OS::Ubuntu.new(@string)
       when /CentOS/i
         return SSHScan::OS::CentOS.new
       when /RHEL|RedHat/i

data/lib/ssh_scan/client.rb

@@ -10,21 +10,15 @@ module SSHScan
       @target = target
       @timeout = timeout
 
-      if @target.ip_addr?
-        @ip = @target
-      else
-        @ip = @target.resolve_fqdn()
-      end
-
       @port = port
       @client_banner = SSHScan::Constants::DEFAULT_CLIENT_BANNER
       @server_banner = nil
-      @kex_init_raw = SSHScan::Constants::DEFAULT_KEY_INIT_RAW
+      @kex_init_raw = SSHScan::Constants::DEFAULT_KEY_INIT.to_binary_s
     end
 
     def connect()
       begin
-        @sock = Socket.tcp(@ip, @port, connect_timeout: @timeout)
+        @sock = Socket.tcp(@target, @port, connect_timeout: @timeout)
       rescue Errno::ETIMEDOUT => e
         @error = SSHScan::Error::ConnectTimeout.new(e.message)
         @sock = nil
@@ -42,8 +36,7 @@ module SSHScan
       # Common options for all cases
       result = {}
       result[:ssh_scan_version] = SSHScan::VERSION
-      result[:hostname] = @target.fqdn? ? @target : ""
-      result[:ip] = @ip
+      result[:ip] = @target
       result[:port] = @port
 
       if !@sock

data/lib/ssh_scan/constants.rb

@@ -1,23 +1,42 @@
 require 'string_ext'
 require 'ssh_scan/banner'
+require 'ssh_scan/protocol'
 
 module SSHScan
   module Constants
     DEFAULT_CLIENT_BANNER = SSHScan::Banner.new("SSH-2.0-ssh_scan")
     DEFAULT_SERVER_BANNER = SSHScan::Banner.new("SSH-2.0-server")
-    DEFAULT_KEY_INIT_RAW = ("d8eb97b11b6cacbc3285473f08004500019ceccf40004006663fc0a80a7c3ff" +
-                            "5db33cdfd0016982e6062988da97e801810154d2b00000101080a03a6399f3d" +
-                            "f735d6000001640414e33f813f8cdcc6b00a3d852ec1aea4980000001a64696" +
-                            "66669652d68656c6c6d616e2d67726f7570312d736861310000000f7373682d" +
-                            "6473732c7373682d727361000000576165733132382d6362632c336465732d6" +
-                            "362632c626c6f77666973682d6362632c6165733139322d6362632c61657332" +
-                            "35362d6362632c6165733132382d6374722c6165733139322d6374722c61657" +
-                            "33235362d637472000000576165733132382d6362632c336465732d6362632c" +
-                            "626c6f77666973682d6362632c6165733139322d6362632c6165733235362d6" +
-                            "362632c6165733132382d6374722c6165733139322d6374722c616573323536" +
-                            "2d63747200000021686d61632d6d64352c686d61632d736861312c686d61632" +
-                            "d726970656d6431363000000021686d61632d6d64352c686d61632d73686131" +
-                            "2c686d61632d726970656d64313630000000046e6f6e65000000046e6f6e650" +
-                            "00000000000000000000000006e05b3b4").unhexify
+
+    default_key_init_opts = {
+      :cookie => "e33f813f8cdcc6b00a3d852ec1aea498".unhexify,
+      :padding => "6e05b3b4".unhexify,
+      :key_algorithms => ["diffie-hellman-group1-sha1"],
+      :server_host_key_algorithms => ["ssh-dss","ssh-rsa"],
+      :encryption_algorithms_client_to_server => ["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],
+      :encryption_algorithms_server_to_client => ["aes128-cbc","3des-cbc","blowfish-cbc","aes192-cbc","aes256-cbc","aes128-ctr","aes192-ctr","aes256-ctr"],
+      :mac_algorithms_client_to_server => ["hmac-md5","hmac-sha1","hmac-ripemd160"],
+      :mac_algorithms_server_to_client => ["hmac-md5","hmac-sha1","hmac-ripemd160"],
+      :compression_algorithms_client_to_server => ["none"],
+      :compression_algorithms_server_to_client => ["none"],
+      :languages_client_to_server => [],
+      :languages_server_to_client => [],
+    }
+
+    DEFAULT_KEY_INIT = SSHScan::KeyExchangeInit.from_hash(default_key_init_opts)
+
+    DEFAULT_KEY_INIT_RAW = ("000001640414e33f813f8cdcc6b00a3d852ec1aea4980000001a6" +
+                            "469666669652d68656c6c6d616e2d67726f7570312d7368613100" +
+                            "00000f7373682d6473732c7373682d72736100000057616573313" +
+                            "2382d6362632c336465732d6362632c626c6f77666973682d6362" +
+                            "632c6165733139322d6362632c6165733235362d6362632c61657" +
+                            "33132382d6374722c6165733139322d6374722c6165733235362d" +
+                            "637472000000576165733132382d6362632c336465732d6362632" +
+                            "c626c6f77666973682d6362632c6165733139322d6362632c6165" +
+                            "733235362d6362632c6165733132382d6374722c6165733139322" +
+                            "d6374722c6165733235362d63747200000021686d61632d6d6435" +
+                            "2c686d61632d736861312c686d61632d726970656d64313630000" +
+                            "00021686d61632d6d64352c686d61632d736861312c686d61632d" +
+                            "726970656d64313630000000046e6f6e65000000046e6f6e65000" +
+                            "000000000000000000000006e05b3b4").unhexify
   end
 end

data/lib/ssh_scan/os/ubuntu.rb

@@ -1,12 +1,205 @@
 module SSHScan
   module OS
     class Ubuntu
+      class Version
+        def initialize(version_string)
+          @version_string = version_string
+        end
+        def to_s
+          @version_string
+        end
+      end
+
+      # Obtained from scraping ChangeLog on Launchpad
+      FINGERPRINTS = {
+       "4.10" => ["3.8.1p1-11ubuntu3.3", "3.8.1p1-11ubuntu3.2", "3.8.1p1-11ubuntu3"],
+       "5.04" =>
+        ["3.9p1-1ubuntu2.3",
+         "3.9p1-1ubuntu2.2",
+         "3.9p1-1ubuntu2.1",
+         "3.9p1-1ubuntu2"],
+       "5.10" => ["4.1p1-7ubuntu4.2", "4.1p1-7ubuntu4.1", "4.1p1-7ubuntu4"],
+       "6.04" =>
+        ["4.2p1-7ubuntu3.5",
+         "4.2p1-7ubuntu3.4",
+         "4.2p1-7ubuntu3.3",
+         "4.2p1-7ubuntu3.2",
+         "4.2p1-7ubuntu3.1",
+         "4.2p1-7ubuntu3",
+         "4.2p1-7ubuntu2",
+         "4.2p1-7ubuntu1",
+         "4.2p1-5ubuntu2",
+         "4.2p1-5ubuntu1"],
+       "6.10" =>
+        ["4.3p2-5ubuntu1.2",
+         "4.3p2-5ubuntu1.1",
+         "4.3p2-5ubuntu1",
+         "4.3p2-4ubuntu1",
+         "4.3p2-2ubuntu5",
+         "4.3p2-2ubuntu4",
+         "4.3p2-2ubuntu3",
+         "4.3p2-2ubuntu2",
+         "4.3p2-2ubuntu1"],
+       "7.04" => [],
+       "7.10" =>
+        ["4.6p1-5ubuntu0.6",
+         "4.6p1-5ubuntu0.5",
+         "4.6p1-5ubuntu0.4",
+         "4.6p1-5ubuntu0.3",
+         "4.6p1-5ubuntu0.2",
+         "4.6p1-5ubuntu0.1",
+         "4.6p1-5build1",
+         "4.3p2-10ubuntu1"],
+       "8.04" =>
+        ["4.7p1-8ubuntu3",
+         "4.7p1-8ubuntu2",
+         "4.7p1-8ubuntu1.2",
+         "4.7p1-8ubuntu1.1",
+         "4.7p1-8ubuntu1",
+         "4.7p1-7ubuntu1",
+         "4.7p1-6ubuntu1",
+         "4.7p1-5ubuntu1",
+         "4.7p1-4ubuntu1"],
+       "8.10" =>
+        ["5.1p1-3ubuntu1",
+         "5.1p1-1ubuntu2",
+         "5.1p1-1ubuntu1",
+         "4.7p1-12ubuntu4",
+         "4.7p1-12ubuntu3",
+         "4.7p1-12ubuntu2",
+         "4.7p1-12ubuntu1",
+         "4.7p1-10ubuntu1",
+         "4.7p1-9ubuntu1"],
+       "9.04" => ["5.1p1-5ubuntu1", "5.1p1-4ubuntu1"],
+       "9.10" => ["5.1p1-6ubuntu2", "5.1p1-6ubuntu1", "5.1p1-5ubuntu2"],
+       "10.04" =>
+        ["5.3p1-3ubuntu7.1",
+         "5.3p1-3ubuntu7",
+         "5.3p1-3ubuntu6",
+         "5.3p1-3ubuntu5",
+         "5.3p1-3ubuntu4",
+         "5.3p1-3ubuntu3",
+         "5.3p1-3ubuntu2",
+         "5.3p1-3ubuntu1",
+         "5.3p1-1ubuntu2",
+         "5.3p1-1ubuntu1",
+         "5.2p1-2ubuntu1",
+         "5.2p1-1ubuntu1",
+         "5.1p1-8ubuntu2",
+         "5.1p1-8ubuntu1"],
+       "10.10" =>
+        ["5.5p1-4ubuntu6",
+         "5.5p1-4ubuntu5",
+         "5.5p1-4ubuntu4",
+         "5.5p1-4ubuntu3",
+         "5.5p1-4ubuntu2",
+         "5.5p1-4ubuntu1",
+         "5.5p1-3ubuntu1"],
+       "11.04" =>
+        ["5.8p1-1ubuntu3",
+         "5.8p1-1ubuntu2",
+         "5.8p1-1ubuntu1",
+         "5.7p1-2ubuntu1",
+         "5.7p1-1ubuntu1",
+         "5.6p1-2ubuntu4",
+         "5.6p1-2ubuntu3",
+         "5.6p1-2ubuntu2",
+         "5.6p1-2ubuntu1",
+         "5.6p1-1ubuntu1"],
+       "11.10" => ["5.8p1-7ubuntu1", "5.8p1-4ubuntu2", "5.8p1-4ubuntu1"],
+       "12.04" =>
+        ["5.9p1-5ubuntu1.10",
+         "5.9p1-5ubuntu1.9",
+         "5.9p1-5ubuntu1.8",
+         "5.9p1-5ubuntu1.7",
+         "5.9p1-5ubuntu1.6",
+         "5.9p1-5ubuntu1.4",
+         "5.9p1-5ubuntu1.3",
+         "5.9p1-5ubuntu1.2",
+         "5.9p1-5ubuntu1.1",
+         "5.9p1-5ubuntu1",
+         "5.9p1-4ubuntu1",
+         "5.9p1-3ubuntu1",
+         "5.9p1-2ubuntu2",
+         "5.9p1-2ubuntu1",
+         "5.9p1-1ubuntu1"],
+       "12.10" =>
+        ["6.0p1-3ubuntu1.2",
+         "6.0p1-3ubuntu1.1",
+         "6.0p1-3ubuntu1",
+         "6.0p1-2ubuntu1",
+         "6.0p1-1ubuntu1"],
+       "13.04" => ["6.1p1-1ubuntu1"],
+       "13.10" =>
+        ["6.2p2-6ubuntu0.5",
+         "6.2p2-6ubuntu0.4",
+         "6.2p2-6ubuntu0.3",
+         "6.2p2-6ubuntu0.2",
+         "6.2p2-6ubuntu0.1"],
+       "14.04" =>
+        ["6.6p1-2ubuntu2.8",
+         "6.6p1-2ubuntu2.7",
+         "6.6p1-2ubuntu2.6",
+         "6.6p1-2ubuntu2.5",
+         "6.6p1-2ubuntu2.4",
+         "6.6p1-2ubuntu2.3",
+         "6.6p1-2ubuntu2.2",
+         "6.6p1-2ubuntu2",
+         "6.6p1-2ubuntu1",
+         "6.2p2-6ubuntu1"],
+       "14.10" => ["6.6p1-5build1"],
+       "15.04" =>
+        ["6.7p1-5ubuntu1.4",
+         "6.7p1-5ubuntu1.3",
+         "6.7p1-5ubuntu1.2",
+         "6.7p1-5ubuntu1"],
+       "15.10" =>
+        ["6.9p1-2ubuntu0.2", "6.9p1-2ubuntu0.1", "6.7p1-6ubuntu2", "6.7p1-6ubuntu1"],
+       "16.04" => ["7.2p2-4ubuntu2.1", "7.2p2-4ubuntu2", "7.2p2-4ubuntu1"],
+       "16.10" => []
+      }
+
+      def initialize(banner)
+        @banner = banner
+        @version = Ubuntu::Version.new(ubuntu_version_guess)
+      end
+
       def common
         "ubuntu"
       end
 
+      def fingerprints
+        OS::Ubuntu::FINGERPRINTS
+      end
+
+      def ubuntu_version
+        @version
+      end
+
+      def ubuntu_version_guess
+        possible_versions = []
+        OS::Ubuntu::FINGERPRINTS.keys.each do |ubuntu_version|
+          OS::Ubuntu::FINGERPRINTS[ubuntu_version].uniq.each do |banner|
+            openssh_ps, ubuntu_sig = banner.split("-")
+            openssh_version = openssh_ps
+            # If the version is like 6.6p1, deduce that
+            if openssh_ps.include?("p")
+              openssh_version = openssh_ps.split("p")[0]
+            end
+            if @banner.include?("OpenSSH_#{openssh_version}") and @banner.include?(ubuntu_sig)
+              possible_versions << ubuntu_version
+            end
+          end
+        end
+        possible_versions.uniq!
+        if possible_versions.length > 0
+          return possible_versions.join("|")
+        end
+        return nil
+      end
+
       def cpe
-        "o:canonical:ubuntu"
+        "o:canonical:ubuntu:#{@version}"
       end
     end
   end

data/lib/ssh_scan/protocol.rb

@@ -7,9 +7,9 @@ module SSHScan
   class KeyExchangeInit < BinData::Record
     endian :big
     uint32 :packet_length
-    uint8 :padding_length
-    uint8 :message_code
-    string :cookie, :length => 16
+    uint8 :padding_length, :initial_value => 4
+    uint8 :message_code, :initial_value => 20
+    string :cookie_string, :length => 16
     uint32 :kex_algorithms_length
     string :key_algorithms_string, :length => lambda { self.kex_algorithms_length }
     uint32 :server_host_key_algorithms_length
@@ -32,50 +32,155 @@ module SSHScan
     string :languages_server_to_client_string, :length => lambda { self.languages_server_to_client_length }
     uint8 :kex_first_packet_follows
     uint32 :reserved
+    string :padding_string, :read_length => lambda { self.padding_length }
+
+    def cookie
+      self.cookie_string
+    end
+
+    def cookie=(string)
+      self.cookie_string = string
+    end
+
+    def padding
+      self.padding_string
+    end
+
+    def padding=(string)
+      self.padding_string = string
+    end
 
     def key_algorithms
       self.key_algorithms_string.split(",")
     end
 
+    def parse_string_or_array(data)
+      case data
+      when String
+        string = data
+      when Array
+        string = data.join(",")
+      else
+        raise ArgumentError
+      end
+
+      return string
+    end
+
+    def key_algorithms=(data)
+      string = parse_string_or_array(data)
+      self.key_algorithms_string = string
+      self.kex_algorithms_length = string.size
+      recalc_packet_length
+    end
+
     def server_host_key_algorithms
       self.server_host_key_algorithms_string.split(",")
     end
 
+    def server_host_key_algorithms=(data)
+      string = parse_string_or_array(data)
+      self.server_host_key_algorithms_string = string
+      self.server_host_key_algorithms_length = string.size
+      recalc_packet_length
+    end
+
     def encryption_algorithms_client_to_server
       self.encryption_algorithms_client_to_server_string.split(",")
     end
 
+    def encryption_algorithms_client_to_server=(data)
+      string = parse_string_or_array(data)
+      self.encryption_algorithms_client_to_server_string = string
+      self.encryption_algorithms_client_to_server_length = string.size
+      recalc_packet_length
+    end
+
     def encryption_algorithms_server_to_client
       self.encryption_algorithms_server_to_client_string.split(",")
     end
 
+    def encryption_algorithms_server_to_client=(data)
+      string = parse_string_or_array(data)
+      self.encryption_algorithms_server_to_client_string = string
+      self.encryption_algorithms_server_to_client_length = string.size
+      recalc_packet_length
+    end
+
     def mac_algorithms_client_to_server
       self.mac_algorithms_client_to_server_string.split(",")
     end
 
+    def mac_algorithms_client_to_server=(data)
+      string = parse_string_or_array(data)
+      self.mac_algorithms_client_to_server_string = string
+      self.mac_algorithms_client_to_server_length = string.size
+      recalc_packet_length
+    end
+
     def mac_algorithms_server_to_client
       self.mac_algorithms_server_to_client_string.split(",")
     end
 
+    def mac_algorithms_server_to_client=(data)
+      string = parse_string_or_array(data)
+      self.mac_algorithms_server_to_client_string = string
+      self.mac_algorithms_server_to_client_length = string.size
+      recalc_packet_length
+    end
+
     def compression_algorithms_client_to_server
       self.compression_algorithms_client_to_server_string.split(",")
     end
 
+    def compression_algorithms_client_to_server=(data)
+      string = parse_string_or_array(data)
+      self.compression_algorithms_client_to_server_string = string
+      self.compression_algorithms_client_to_server_length = string.size
+      recalc_packet_length
+    end
+
     def compression_algorithms_server_to_client
-      self.compression_algorithms_client_to_server_string.split(",")
+      self.compression_algorithms_server_to_client_string.split(",")
+    end
+
+    def compression_algorithms_server_to_client=(data)
+      string = parse_string_or_array(data)
+      self.compression_algorithms_server_to_client_string = string
+      self.compression_algorithms_server_to_client_length = string.size
+      recalc_packet_length
     end
 
     def languages_client_to_server
       self.languages_client_to_server_string.split(",")
     end
 
+    def languages_client_to_server=(data)
+      string = parse_string_or_array(data)
+      self.languages_client_to_server_string = string
+      self.languages_client_to_server_length = string.size
+      recalc_packet_length
+    end
+
     def languages_server_to_client
       self.languages_server_to_client_string.split(",")
     end
 
+    def languages_server_to_client=(data)
+      string = parse_string_or_array(data)
+      self.languages_server_to_client_string = string
+      self.languages_server_to_client_length = string.size
+      recalc_packet_length
+    end
+
+    def recalc_packet_length
+      self.packet_length = self.to_binary_s.size - self.padding_length
+    end
+
     # Summarize as Hash
     def to_hash
       {
+        :cookie => self.cookie.hexify,
         :key_algorithms => key_algorithms,
         :server_host_key_algorithms => server_host_key_algorithms,
         :encryption_algorithms_client_to_server => encryption_algorithms_client_to_server,
@@ -89,6 +194,23 @@ module SSHScan
       }
     end
 
+    def self.from_hash(opts)
+      kex_init = SSHScan::KeyExchangeInit.new()
+      kex_init.cookie = opts[:cookie]
+      kex_init.padding = opts[:padding]
+      kex_init.key_algorithms = opts[:key_algorithms]
+      kex_init.server_host_key_algorithms = opts[:server_host_key_algorithms]
+      kex_init.encryption_algorithms_client_to_server = opts[:encryption_algorithms_client_to_server]
+      kex_init.encryption_algorithms_server_to_client = opts[:encryption_algorithms_server_to_client]
+      kex_init.mac_algorithms_client_to_server = opts[:mac_algorithms_client_to_server]
+      kex_init.mac_algorithms_server_to_client = opts[:mac_algorithms_server_to_client]
+      kex_init.compression_algorithms_client_to_server = opts[:compression_algorithms_client_to_server]
+      kex_init.compression_algorithms_server_to_client = opts[:compression_algorithms_server_to_client]
+      kex_init.languages_client_to_server = opts[:languages_client_to_server]
+      kex_init.languages_server_to_client = opts[:languages_server_to_client]
+      return kex_init
+    end
+
     # Summarize as JSON
     def to_json
       self.to_hash.to_json

data/lib/ssh_scan/scan_engine.rb

@@ -5,15 +5,38 @@ require 'net/ssh'
 module SSHScan
   class ScanEngine
 
-    def scan_target(target, opts)
-      port = opts[:port]
+    def scan_target(socket, opts)
+      target, port = socket.chomp.split(':')
       policy = opts[:policy_file]
       timeout = opts[:timeout]
+      result = []
 
-      client = SSHScan::Client.new(target, port, timeout)
-      client.connect()
-      result = client.get_kex_result()
-      return result if result.include?(:error)
+      if target.fqdn?
+        if target.resolve_fqdn_as_ipv6.nil?
+          client = SSHScan::Client.new(target.resolve_fqdn_as_ipv4.to_s, port, timeout)
+          client.connect()
+          result = client.get_kex_result()
+          result[:hostname] = target
+          return result if result.include?(:error)
+        else
+          client = SSHScan::Client.new(target.resolve_fqdn_as_ipv6.to_s, port, timeout)
+          client.connect()
+          result = client.get_kex_result()
+          if result.include?(:error)
+            client = SSHScan::Client.new(target.resolve_fqdn_as_ipv4.to_s, port, timeout)
+            client.connect()
+            result = client.get_kex_result()
+            result[:hostname] = target
+            return result if result.include?(:error)
+          end
+        end
+      else
+        client = SSHScan::Client.new(target, port, timeout)
+        client.connect()
+        result = client.get_kex_result()
+        result[:hostname] = ""
+        return result if result.include?(:error)
+      end
 
       # Connect and get results (Net-SSH)
       begin
@@ -81,18 +104,18 @@ module SSHScan
     end
 
     def scan(opts)
-      targets = opts[:targets]
+      sockets = opts[:sockets]
       threads = opts[:threads] || 5
 
       results = []
 
       work_queue = Queue.new
-      targets.each {|x| work_queue.push x }
+      sockets.each {|x| work_queue.push x }
       workers = (0...threads).map do |worker_num|
         Thread.new do
           begin
-            while target = work_queue.pop(true)
-              results << scan_target(target, opts)
+            while socket = work_queue.pop(true)
+              results << scan_target(socket, opts)
             end
           rescue ThreadError => e
             raise e unless e.to_s.match(/queue empty/)

data/lib/ssh_scan/target_parser.rb

@@ -3,9 +3,10 @@ require 'string_ext'
 
 module SSHScan
   class TargetParser
-    def enumerateIPRange(ip)
+    def enumerateIPRange(ip, port = "22")
       if ip.fqdn?
-        return [ip]
+        socket = ip.concat(":").concat(port.to_s)
+        return [socket]
       else
         if ip.include? "-"
           octets = ip.split('.')
@@ -13,15 +14,18 @@ module SSHScan
           lower = NetAddr::CIDR.create(octets.join('.') + "." + range[0])
           upper = NetAddr::CIDR.create(octets.join('.') + "." + range[1])
           ip_array = NetAddr.range(lower, upper,:Inclusive => true)
+          ip_array.map! { |ip| ip.concat(":").concat(port.to_s) }
           return ip_array
         elsif ip.include? "/"
           cidr = NetAddr::CIDR.create(ip)
           ip_array = cidr.enumerate
           ip_array.delete(cidr.network)
           ip_array.delete(cidr.last)
+          ip_array.map! { |ip| ip.concat(":").concat(port.to_s) }
           return ip_array
         else
-          return [ip]
+          socket = ip.concat(":").concat(port.to_s)
+          return [socket]
         end
       end
     end

data/lib/ssh_scan/version.rb

@@ -1,3 +1,3 @@
 module SSHScan
-  VERSION = '0.0.10'
+  VERSION = '0.0.11'
 end

data/lib/string_ext.rb

@@ -1,4 +1,5 @@
 require 'ipaddr'
+require 'resolv'
 
 # Extend string to include some helpful stuff
 class String
@@ -6,6 +7,10 @@ class String
     [self].pack("H*")
   end
 
+  def hexify
+    self.each_byte.map { |b| b.to_s(16).rjust(2,'0') }.join
+  end
+
   def ip_addr?
     begin
       IPAddr.new(self)
@@ -18,6 +23,22 @@ class String
     return true
   end
 
+  def resolve_fqdn_as_ipv6
+    Resolv::DNS.open do |dns|
+      ress = dns.getresources self, Resolv::DNS::Resource::IN::AAAA
+      temp = ress.map { |r| r.address  }
+      return temp[0]
+    end
+  end
+
+  def resolve_fqdn_as_ipv4
+    Resolv::DNS.open do |dns|
+      ress = dns.getresources self, Resolv::DNS::Resource::IN::A
+      temp = ress.map { |r| r.address  }
+      return temp[0]
+    end
+  end
+
   def resolve_fqdn
     @fqdn ||= TCPSocket.gethostbyname(self)[3]
   end

data/ssh_scan.gemspec

@@ -4,7 +4,7 @@ require 'ssh_scan/version'
 Gem::Specification.new do |s|
   s.name = 'ssh_scan'
   s.version = SSHScan::VERSION
-  s.authors = ["Jonathan Claudius"]
+  s.authors = ["Jonathan Claudius", "Jinank Jain"]
   s.date = Date.today.to_s
   s.email = 'claudijd@yahoo.com'
   s.platform = Gem::Platform::RUBY
@@ -30,6 +30,7 @@ Gem::Specification.new do |s|
   s.add_dependency('net-ssh')
   s.add_dependency('netaddr')
   s.add_dependency('timeout')
+  s.add_dependency('json')
   s.add_development_dependency('pry')
   s.add_development_dependency('rspec', '~> 3.0')
   s.add_development_dependency('rspec-its', '~> 1.2')

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: ssh_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.10
+  version: 0.0.11
 platform: ruby
 authors:
 - Jonathan Claudius
+- Jinank Jain
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-08-30 00:00:00.000000000 Z
+date: 2016-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -66,6 +67,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -139,7 +154,6 @@ files:
 - bin/ssh_scan
 - lib/ssh_scan.rb
 - lib/ssh_scan/banner.rb
-- lib/ssh_scan/basic_server.rb
 - lib/ssh_scan/client.rb
 - lib/ssh_scan/constants.rb
 - lib/ssh_scan/error.rb

data/lib/ssh_scan/basic_server.rb

@@ -1,15 +0,0 @@
-require 'sinatra'
-require 'ssh_scan'
-
-get '/api/v1/scan/:ip' do
-  if ip = params['ip']
-    policy = SSHScan::Policy.from_file(File.expand_path("../../policies/mozilla_intermediate.yml", __FILE__))
-    scan_engine = SSHScan::ScanEngine.new()
-    result = scan_engine.scan(ip, 22, policy)
-    content_type :json
-    return JSON.pretty_generate(result)
-  else
-    status 500
-    body "Error: did not supply a valid IP to be scanned"
-  end
-end