RubyGems - ssh_scan - Versions diffs - 0.0.6 → 0.0.7 - Mend

ssh_scan 0.0.6 → 0.0.7

Files changed (9) hide show

checksums.yaml +4 -4
data/README.md +6 -4
data/bin/ssh_scan +32 -5
data/lib/ssh_scan/client.rb +15 -7
data/lib/ssh_scan/policy_manager.rb +1 -1
data/lib/ssh_scan/scan_engine.rb +6 -2
data/lib/ssh_scan/version.rb +1 -1
data/lib/string_ext.rb +33 -0
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7d2c9bf22bc6a5d8add93c53017b015ef4c93d34
-  data.tar.gz: 1e8b0e0240aa1bbec27895aab4df439ba393d99b
+  metadata.gz: 523f33ca35c02c11f2a59a1cab89e06cc6dbed10
+  data.tar.gz: e94e1d5cfb9df79e4e32e09e34d7e2670bafe223
 SHA512:
-  metadata.gz: 03dccca8b8627bced9051658a17614e37d01bbf7f9331be5938479347c671aaa2d0736ddb520916ce08d6fa7285c76201162f57d36998f6dd54fc4cbf60223f1
-  data.tar.gz: d1f61dd9ab0b18114817ca086ec0fe06930a36bd9ca14247dac43b829ef4119a2688adb1902673394acd9e8b4210a0a34d709ed7d92b4fbc869fc39923ab7044
+  metadata.gz: 499ca37ef4d13b353074a9ee3ea03484c87f1f633a8e4b02b93f4014f5b9be2cf4700ff0b28ab2b101e2ab491bdb7a85672379bb691b98b20d388be41ab38d33
+  data.tar.gz: a82121192d78b156c218bd53ecc27edf661f417c3deb028f999ae6dda7ee7b017db3af2113628e31d89c6446a4c0a4044b9cda309f2e73e9a1e59440a2e7b1a4

data/README.md CHANGED Viewed

@@ -2,6 +2,7 @@
 [![Build Status](https://secure.travis-ci.org/claudijd/ssh_scan.png)](http://travis-ci.org/claudijd/ssh_scan)
 [![Code Climate](https://codeclimate.com/github/claudijd/ssh_scan.png)](https://codeclimate.com/github/claudijd/ssh_scan)
+[![Gem Version](https://badge.fury.io/rb/ssh_scan.svg)](https://badge.fury.io/rb/ssh_scan)
 A SSH configuration and policy scanner
@@ -34,10 +35,10 @@ gem install bindata
 Run `ssh_scan -h` to get this
-    ssh_scan v0.0.5 (https://github.com/claudijd/ssh_scan)
+    ssh_scan v0.0.6 (https://github.com/claudijd/ssh_scan)
     Usage: ssh_scan [options]
-        -t, --target [IP]                IP
+        -t, --target [IP/Hostname]       IP/Hostname
         -p, --port [PORT]                Port (Default: 22)
         -P, --policy [FILE]              Policy file (Default: Mozilla Modern)
         -h, --help                       Show this message
@@ -45,8 +46,9 @@ Run `ssh_scan -h` to get this
     Examples:
       ssh_scan -t 192.168.1.1
-      ssh_scan -t 192.168.1.1 -p 22222
-      ssh_scan -t 192.168.1.1 -P custom_policy.yml
+      ssh_scan -t server.example.com
+      ssh_scan -t server.example.com -p 22222
+      ssh_scan -t server.example.com -P custom_policy.yml
 See here for [example output](https://github.com/claudijd/ssh_scan/blob/master/examples/192.168.1.1.json)

data/bin/ssh_scan CHANGED Viewed

@@ -10,14 +10,15 @@ require 'optparse'
 options = {
   :target => nil,
   :port => 22,
-  :policy => File.expand_path("../../policies/mozilla_modern.yml", __FILE__)
+  :policy => File.expand_path("../../policies/mozilla_modern.yml", __FILE__),
+  :unit_test => false
 }
 opt_parser = OptionParser.new do |opts|
   opts.banner = "ssh_scan v#{SSHScan::VERSION} (https://github.com/claudijd/ssh_scan)\n\n" +
                 "Usage: ssh_scan [options]"
-  opts.on("-t", "--target [IP]",
-          "IP") do |ip|
+  opts.on("-t", "--target [IP/Hostname]",
+          "IP/Hostname") do |ip|
     options[:target] = ip
   end
@@ -31,12 +32,26 @@ opt_parser = OptionParser.new do |opts|
     options[:policy] = policy
   end
+  opts.on("-u", "--unit-test [FILE]",
+          "Throw appropriate exit codes based on compliance status") do
+    options[:unit_test] = true
+  end
+  opts.on("-v", "--version",
+          "Display just version info") do
+    puts SSHScan::VERSION
+    exit
+  end
   opts.on_tail("-h", "--help", "Show this message") do
     puts opts
     puts "\nExamples:"
     puts "\n  ssh_scan -t 192.168.1.1"
+    puts "  ssh_scan -t server.example.com"
     puts "  ssh_scan -t 192.168.1.1 -p 22222"
     puts "  ssh_scan -t 192.168.1.1 -P custom_policy.yml"
+    puts "  ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml"
+    puts ""
     exit
   end
 end
@@ -49,6 +64,12 @@ if options[:target].nil?
   exit
 end
+unless options[:target].ip_addr? || options[:target].fqdn?
+  puts opt_parser.help
+  puts "\nReason: #{options[:target]} is not a valid target"
+  exit
+end
 unless (0..65535).include?(options[:port])
   puts opt_parser.help
   puts "\nReason: port supplied is not within acceptable range"
@@ -61,10 +82,16 @@ unless File.exists?(options[:policy])
   exit
 end
-policy = SSHScan::Policy.from_file(options[:policy])
+options[:policy_file] = SSHScan::Policy.from_file(options[:policy])
 # Perform scan and get results
 scan_engine = SSHScan::ScanEngine.new()
-result = scan_engine.scan(options[:target], options[:port], policy)
+result = scan_engine.scan(options)
 puts JSON.pretty_generate(result)
+if result["compliance"] && result["compliance"][:compliant] == false
+  exit 1 #non-zero means a false
+else
+  exit 0 #non-zero means pass
+end

data/lib/ssh_scan/client.rb CHANGED Viewed

@@ -4,8 +4,15 @@ require 'ssh_scan/protocol'
 module SSHScan
   class Client
-    def initialize(ip, port)
-      @ip = ip
+    def initialize(target, port)
+      @target = target
+      if @target.ip_addr?
+        @ip = @target
+      else
+        @ip = @target.resolve_fqdn()
+      end
       @port = port
       @client_protocol = SSHScan::Constants::DEFAULT_CLIENT_PROTOCOL
       @server_protocol = nil
@@ -27,11 +34,12 @@ module SSHScan
       kex_exchange_init = SSHScan::KeyExchangeInit.read(resp)
       # Assemble and print results
-      result = {
-        :ip => @ip,
-        :port => @port,
-        :server_banner => @server_protocol
-      }
+      result = {}
+      result[:ssh_scan_version] = SSHScan::VERSION
+      result[:hostname] = @target.fqdn? ? @target : ""
+      result[:ip] = @ip
+      result[:port] = @port
+      result[:server_banner] = @server_protocol
       result.merge!(kex_exchange_init.to_hash)
       return result

data/lib/ssh_scan/policy_manager.rb CHANGED Viewed

@@ -96,7 +96,7 @@ module SSHScan
       missing_policy_encryption.empty? &&
       missing_policy_macs.empty? &&
       missing_policy_kex.empty? &&
-      missing_policy_compression?
+      missing_policy_compression.empty?
     end
     def recommendations

data/lib/ssh_scan/scan_engine.rb CHANGED Viewed

@@ -4,9 +4,13 @@ require 'ssh_scan/client'
 module SSHScan
   class ScanEngine
-    def scan(ip, port, policy = nil)
+    def scan(opts)
+      target = opts[:target]
+      port = opts[:port]
+      policy = opts[:policy_file]
       # Connect and get results
-      client = SSHScan::Client.new(ip, port)
+      client = SSHScan::Client.new(target, port)
       client.connect()
       result = client.get_kex_result()

data/lib/ssh_scan/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module SSHScan
-  VERSION = '0.0.6'
+  VERSION = '0.0.7'
 end

data/lib/string_ext.rb CHANGED Viewed

@@ -1,6 +1,39 @@
+require 'ipaddr'
 # Extend string to include some helpful stuff
 class String
   def unhexify
     [self].pack("H*")
   end
+  def ip_addr?
+    begin
+      IPAddr.new(self)
+    # Using ArgumentError instead of IPAddr::InvalidAddressError for 1.9.3 backward compatability
+    rescue ArgumentError
+      return false
+    end
+    return true
+  end
+  def resolve_fqdn
+    @fqdn ||= TCPSocket.gethostbyname(self)[3]
+  end
+  def fqdn?
+    begin
+      resolve_fqdn
+    rescue SocketError
+      return false
+    end
+    if ip_addr?
+      return false
+    else
+      return true
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ssh_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.6
+  version: 0.0.7
 platform: ruby
 authors:
 - Jonathan Claudius
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-03-01 00:00:00.000000000 Z
+date: 2016-03-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bindata