ssh_scan 0.0.25 → 0.0.26
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/data/fingerprints.yml +4 -4
- data/lib/ssh_scan/attribute.rb +27 -0
- data/lib/ssh_scan/policy.rb +17 -0
- data/lib/ssh_scan/policy_manager.rb +10 -8
- data/lib/ssh_scan/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d24a75be619ed3b8567cce7be9e5ac20b0acd720
|
4
|
+
data.tar.gz: 65d64750b90635a8e146752fc74671150cbfddf0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 699dadeff7f4c746b64f08e9119bc19c2186f79a07843e202b98b7e05178ef10cea6b728e355dab134e2aa33f0c95cb2a4b229a0aa3fa3277f9dc0b1e969fc3b
|
7
|
+
data.tar.gz: 612f62c3345e61807a0fee2a021b3a7f8d83d3e2fb10ad32c7f2acee1929c91f8759e30c46c823c9ea91d9c2390e55e18b0d9989c269ee1b0a7ea3af62fd778c
|
data/data/fingerprints.yml
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
---
|
2
|
-
45.
|
3
|
-
-
|
4
|
-
-
|
5
|
-
-
|
2
|
+
45.55.176.164:
|
3
|
+
- 4f:17:6e:38:63:0c:af:1c:f4:97:4f:ab:04:b4:47:a0
|
4
|
+
- 8c:71:d0:85:e5:2e:4c:24:34:4b:97:0a:af:37:f4:09:41:8d:ae:6d
|
5
|
+
- b5:b1:f8:2f:99:4e:88:bc:9d:6c:81:2b:9f:1c:db:44:2d:dd:e5:66:cb:49:bf:7e:e1:1a:a2:5f:d1:39:d2:16
|
@@ -0,0 +1,27 @@
|
|
1
|
+
require 'yaml'
|
2
|
+
|
3
|
+
module SSHScan
|
4
|
+
# A helper to turn array of strings into arrays of attributes for quick comparison
|
5
|
+
def self.make_attributes(array)
|
6
|
+
array.map {|item| SSHScan::Attribute.new(item)}
|
7
|
+
end
|
8
|
+
|
9
|
+
# A class for making attribute comparison possible beyond simple string comparison
|
10
|
+
class Attribute
|
11
|
+
def initialize(attribute_string)
|
12
|
+
@attribute_string = attribute_string
|
13
|
+
end
|
14
|
+
|
15
|
+
def to_s
|
16
|
+
@attribute_string
|
17
|
+
end
|
18
|
+
|
19
|
+
def base
|
20
|
+
@attribute_string.split("@").first
|
21
|
+
end
|
22
|
+
|
23
|
+
def ==(other)
|
24
|
+
self.base == other.base
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
data/lib/ssh_scan/policy.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'yaml'
|
2
|
+
require 'ssh_scan/attribute'
|
2
3
|
|
3
4
|
module SSHScan
|
4
5
|
# Policy methods that deal with key exchange, macs, encryption methods,
|
@@ -27,6 +28,22 @@ module SSHScan
|
|
27
28
|
self.new(opts)
|
28
29
|
end
|
29
30
|
|
31
|
+
def kex_attributes
|
32
|
+
SSHScan.make_attributes(@kex)
|
33
|
+
end
|
34
|
+
|
35
|
+
def mac_attributes
|
36
|
+
SSHScan.make_attributes(@macs)
|
37
|
+
end
|
38
|
+
|
39
|
+
def encryption_attributes
|
40
|
+
SSHScan.make_attributes(@encryption)
|
41
|
+
end
|
42
|
+
|
43
|
+
def compression_attributes
|
44
|
+
SSHScan.make_attributes(@compression)
|
45
|
+
end
|
46
|
+
|
30
47
|
# Generate a {SSHScan::Policy} object from YAML string.
|
31
48
|
# @param string [String] YAML string
|
32
49
|
# @return [SSHScan::Policy] new instance with parameters loaded
|
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'ssh_scan/attribute'
|
2
|
+
|
1
3
|
module SSHScan
|
2
4
|
# Policy management methods, compliance checking and recommendations.
|
3
5
|
class PolicyManager
|
@@ -13,7 +15,7 @@ module SSHScan
|
|
13
15
|
@result.encryption_algorithms_server_to_client
|
14
16
|
outliers = []
|
15
17
|
target_encryption.each do |target_enc|
|
16
|
-
outliers << target_enc unless @policy.
|
18
|
+
outliers << target_enc unless @policy.encryption_attributes.include?(SSHScan::Attribute.new(target_enc))
|
17
19
|
end
|
18
20
|
return outliers
|
19
21
|
end
|
@@ -25,7 +27,7 @@ module SSHScan
|
|
25
27
|
@result.encryption_algorithms_server_to_client
|
26
28
|
outliers = []
|
27
29
|
@policy.encryption.each do |encryption|
|
28
|
-
if target_encryption.include?(encryption) == false
|
30
|
+
if SSHScan.make_attributes(target_encryption).include?(SSHScan::Attribute.new(encryption)) == false
|
29
31
|
outliers << encryption
|
30
32
|
end
|
31
33
|
end
|
@@ -39,7 +41,7 @@ module SSHScan
|
|
39
41
|
@result.mac_algorithms_client_to_server
|
40
42
|
outliers = []
|
41
43
|
target_macs.each do |target_mac|
|
42
|
-
outliers << target_mac unless @policy.
|
44
|
+
outliers << target_mac unless @policy.mac_attributes.include?(SSHScan::Attribute.new(target_mac))
|
43
45
|
end
|
44
46
|
return outliers
|
45
47
|
end
|
@@ -52,7 +54,7 @@ module SSHScan
|
|
52
54
|
outliers = []
|
53
55
|
|
54
56
|
@policy.macs.each do |mac|
|
55
|
-
if target_macs.include?(mac) == false
|
57
|
+
if SSHScan.make_attributes(target_macs).include?(SSHScan::Attribute.new(mac)) == false
|
56
58
|
outliers << mac
|
57
59
|
end
|
58
60
|
end
|
@@ -64,7 +66,7 @@ module SSHScan
|
|
64
66
|
target_kexs = @result.key_algorithms
|
65
67
|
outliers = []
|
66
68
|
target_kexs.each do |target_kex|
|
67
|
-
outliers << target_kex unless @policy.
|
69
|
+
outliers << target_kex unless @policy.kex_attributes.include?(SSHScan::Attribute.new(target_kex))
|
68
70
|
end
|
69
71
|
return outliers
|
70
72
|
end
|
@@ -75,7 +77,7 @@ module SSHScan
|
|
75
77
|
outliers = []
|
76
78
|
|
77
79
|
@policy.kex.each do |kex|
|
78
|
-
if target_kex.include?(kex) == false
|
80
|
+
if SSHScan.make_attributes(target_kex).include?(SSHScan::Attribute.new(kex)) == false
|
79
81
|
outliers << kex
|
80
82
|
end
|
81
83
|
end
|
@@ -90,7 +92,7 @@ module SSHScan
|
|
90
92
|
outliers = []
|
91
93
|
target_compressions.each do |target_compression|
|
92
94
|
outliers << target_compression unless
|
93
|
-
@policy.
|
95
|
+
@policy.compression_attributes.include?(SSHScan::Attribute.new(target_compression))
|
94
96
|
end
|
95
97
|
return outliers
|
96
98
|
end
|
@@ -103,7 +105,7 @@ module SSHScan
|
|
103
105
|
outliers = []
|
104
106
|
|
105
107
|
@policy.compression.each do |compression|
|
106
|
-
if target_compressions.include?(compression) == false
|
108
|
+
if SSHScan.make_attributes(target_compressions).include?(SSHScan::Attribute.new(compression)) == false
|
107
109
|
outliers << compression
|
108
110
|
end
|
109
111
|
end
|
data/lib/ssh_scan/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ssh_scan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.26
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jonathan Claudius
|
@@ -12,7 +12,7 @@ authors:
|
|
12
12
|
autorequire:
|
13
13
|
bindir: bin
|
14
14
|
cert_chain: []
|
15
|
-
date: 2017-07-
|
15
|
+
date: 2017-07-20 00:00:00.000000000 Z
|
16
16
|
dependencies:
|
17
17
|
- !ruby/object:Gem::Dependency
|
18
18
|
name: bindata
|
@@ -340,6 +340,7 @@ files:
|
|
340
340
|
- data/ssh-badkeys/host/zyxel-vmg1312_rsa.pub
|
341
341
|
- data/ssh-badkeys/host/zyxel-vmg1312_rsa.yml
|
342
342
|
- lib/ssh_scan.rb
|
343
|
+
- lib/ssh_scan/attribute.rb
|
343
344
|
- lib/ssh_scan/banner.rb
|
344
345
|
- lib/ssh_scan/client.rb
|
345
346
|
- lib/ssh_scan/constants.rb
|