ssh_scan 0.0.18 → 0.0.19

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: c743d3b0c304f5452594f2f243125f0a73f8932f
-  data.tar.gz: b5abd73d7894d26347211e02801f77c4ade9d588
+  metadata.gz: d1f38d061727ec16f24abe9fa799d74d928764ca
+  data.tar.gz: 1c6e40fa5041aaa45dbaa3fc7a1586ffb19a63f1
 SHA512:
-  metadata.gz: 157aa640ebfeb5043bcc4d329c306eb6f57387f2052de6c4b72362af68a8d0002866e3a62b92002a0aa1ba96e43fe71e286f72f749c859ba1623fa82f2a37273
-  data.tar.gz: a4e0f52893efe9358e3c31269a16c73cb815194d3fcfc627b4e39b953c42bc0d1203f658e8804ab54a4706ba2ea8ef27cfda07cce89b8f7a87101b50a0fe13e8
+  metadata.gz: 6504a3a993c90eafdad3be8bd6d63cc11d1dae76260e38e9608939d2525ea6602d7ef24eda0ee43f762bfcf48a08a2b2bdead68f083d946a71f6f234283d93fc
+  data.tar.gz: b21c3e244f176cee08ea1d817e842dbb7cb5effeda59136777b81f0364478d30e2b8e8b209e9b68cd66a334ac1043b062808cd183e3c765997d7819692dd9efc

data/bin/ssh_scan

@@ -18,7 +18,7 @@ options = {
   "threads" => 5,
   "verbosity" => nil,
   "logger" => Logger.new(STDERR),
-  "fingerprint_database" => File.join(File.dirname(__FILE__),"../data/fingerprints.db")
+  "fingerprint_database" => File.join(File.dirname(__FILE__),"../data/fingerprints.yml")
 }
 
 # Reorder arguments before parsing
@@ -246,6 +246,11 @@ ssh_scan' to get the latest"
   end
 end
 
+# Limit scope of fingerprints DB to (per scan)
+if options["fingerprint_database"] && File.exists?(options["fingerprint_database"])
+  File.unlink(options["fingerprint_database"])
+end
+
 options["policy_file"] = SSHScan::Policy.from_file(options["policy"])
 
 # Perform scan and get results

data/lib/ssh_scan/fingerprint_database.rb

@@ -1,39 +1,38 @@
-require 'sqlite3'
+require 'yaml/store'
 
 module SSHScan
   class FingerprintDatabase
     def initialize(database_name)
-      if File.exists?(database_name)
-        @db = ::SQLite3::Database.open(database_name)
-      else
-        @db = ::SQLite3::Database.new(database_name)
-        self.create_schema
-      end
-    end
-
-    def create_schema
-      @db.execute <<-SQL
-        create table fingerprints (
-          fingerprint varchar(100),
-          ip varchar(100)
-        );
-      SQL
+      @store = YAML::Store.new(database_name)
     end
 
     def clear_fingerprints(ip)
-      @db.execute "delete from fingerprints where ip like ( ? )", [ip]
+      @store.transaction do
+        @store[ip] = []
+      end
     end
 
     def add_fingerprint(fingerprint, ip)
-      @db.execute "insert into fingerprints values ( ?, ? )", [fingerprint, ip]
+      @store.transaction do
+        @store[ip] = [] if @store[ip].nil?
+        @store[ip] << fingerprint
+      end
     end
 
     def find_fingerprints(fingerprint)
-      ips = []
-      @db.execute( "select * from fingerprints where fingerprint like ( ? )", [fingerprint] ) do |row|
-        ips << row[1]
+      ip_matches = []
+
+      @store.transaction(true) do
+        @store.roots.each do |ip|
+          @store[ip].each do |other_fingerprint|
+            if fingerprint == other_fingerprint
+              ip_matches << ip
+            end
+          end
+        end
       end
-      return ips
+
+      return ip_matches.uniq
     end
   end
 end

data/lib/ssh_scan/scan_engine.rb

@@ -150,8 +150,10 @@ module SSHScan
         fingerprint_db.clear_fingerprints(result[:ip])
         if result['fingerprints']
           result['fingerprints'].values.each do |host_key_algo|
-            host_key_algo.values.each do |fingerprint|
-              fingerprint_db.add_fingerprint(fingerprint, result[:ip])
+            host_key_algo.each do |fingerprint|
+              key, value = fingerprint
+              next if key == "known_bad"
+              fingerprint_db.add_fingerprint(value, result[:ip])
             end
           end
         end
@@ -163,8 +165,10 @@ module SSHScan
           ip = result[:ip]
           result['duplicate_host_key_ips'] = []
           result['fingerprints'].values.each do |host_key_algo|
-            host_key_algo.values.each do |fingerprint|
-              fingerprint_db.find_fingerprints(fingerprint).each do |other_ip|
+            host_key_algo.each do |fingerprint|
+              key, value = fingerprint
+              next if key == "known_bad"
+              fingerprint_db.find_fingerprints(value).each do |other_ip|
                 next if ip == other_ip
                 result['duplicate_host_key_ips'] << other_ip
               end

data/lib/ssh_scan/version.rb

@@ -1,3 +1,3 @@
 module SSHScan
-  VERSION = '0.0.18'
+  VERSION = '0.0.19'
 end

data/ssh_scan.gemspec

@@ -32,7 +32,6 @@ Gem::Specification.new do |s|
   s.add_dependency('bindata', '~> 2.0')
   s.add_dependency('netaddr')
   s.add_dependency('net-ssh')
-  s.add_dependency('sqlite3')
   s.add_dependency('sshkey')
   s.add_development_dependency('pry')
   s.add_development_dependency('rspec', '~> 3.0')

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssh_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.18
+  version: 0.0.19
 platform: ruby
 authors:
 - Jonathan Claudius
@@ -12,7 +12,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-24 00:00:00.000000000 Z
+date: 2017-04-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata
@@ -56,20 +56,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: sshkey
   requirement: !ruby/object:Gem::Requirement
@@ -177,7 +163,6 @@ files:
 - config/policies/mozilla_modern.yml
 - config/worker/config.yml
 - data/README
-- data/fingerprints.db
 - data/ssh-badkeys/LICENSE
 - data/ssh-badkeys/README.md
 - data/ssh-badkeys/authorized/array-networks-vapv-vxag.key