Home / Unlabelled / ssh_scan - A prototype SSH Configuration and Policy Scanner

ssh_scan - A prototype SSH Configuration and Policy Scanner


A SSH configuration and policy scanner

Key Benefits
  • Minimal Dependancies - Uses native Ruby and BinData to do its work, no heavy dependancies.
  • Not Just a Script - Implementation is portable for use in another project or for automation of tasks.
  • Simple - Just point ssh_scan at an SSH service and get a JSON report of what it supports and its policy status.
  • Configurable - Make your own custom policies that fit your unique policy requirements.

Setup
To install and run as a gem, type:
gem install ssh_scan
 ssh_scan
To run from a docker container, type:
docker pull mozilla/ssh_scan
 docker run -it mozilla/ssh_scan /app/bin/ssh_scan -t github.com
To install and run from source, type:
# clone repo
 git clone https://github.com/mozilla/ssh_scan.git
 cd ssh_scan
 
 # install rvm,
 # you might have to provide root to install missing packages
 gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
 curl -sSL https://get.rvm.io | bash -s stable
 
 # install Ruby 2.3.1 with rvm,
 # again, you might have to install missing devel packages
 rvm install 2.3.1
 rvm use 2.3.1
 
 # resolve dependencies
 gem install bundler
 bundle install
 
 ./bin/ssh_scan

Example Command-Line Usage
Run ssh_scan -h to get this
ssh_scan v0.0.17 (https://github.com/mozilla/ssh_scan)
 
 Usage: ssh_scan [options]
     -t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan
     -f, --file [FilePath]            File Path of the file containing IP/Range/Hostnames to scan
     -T, --timeout [seconds]          Timeout per connect after which ssh_scan gives up on the host
     -L, --logger [Log File Path]     Enable logger
     -O, --from_json [FilePath]       File to read JSON output from
     -o, --output [FilePath]          File to write JSON output to
     -p, --port [PORT]                Port (Default: 22)
     -P, --policy [FILE]              Custom policy file (Default: Mozilla Modern)
         --threads [NUMBER]           Number of worker threads (Default: 5)
         --fingerprint-db [FILE]      File location of fingerprint database (Default: ./fingerprints.db)
         --suppress-update-status     Do not check for updates
     -u, --unit-test [FILE]           Throw appropriate exit codes based on compliance status
     -V [STD_LOGGING_LEVEL],
         --verbosity
     -v, --version                    Display just version info
     -h, --help                       Show this message
 
 Examples:
 
   ssh_scan -t 192.168.1.1
   ssh_scan -t server.example.com
   ssh_scan -t ::1
   ssh_scan -t ::1 -T 5
   ssh_scan -f hosts.txt
   ssh_scan -o output.json
   ssh_scan -O output.json -o rescan_output.json
   ssh_scan -t 192.168.1.1 -p 22222
   ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO
   ssh_scan -t 192.168.1.1 -P custom_policy.yml
   ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml

Credits
Sources of Inspiration for ssh_scan
  • Mozilla OpenSSH Security Guide - For providing a sane baseline policy recommendation for SSH configuration parameters (eg. Ciphers, MACs, and KexAlgos).





Source: www.kitploit.com
ssh_scan - A prototype SSH Configuration and Policy Scanner ssh_scan - A prototype SSH Configuration and Policy Scanner Reviewed by Anonymous on 7:48 AM Rating: 5

Tags