ssh_scan - A prototype SSH Configuration and Policy Scanner
A SSH configuration and policy scanner
Key Benefits
- Minimal Dependancies - Uses native Ruby and BinData to do its work, no heavy dependancies.
- Not Just a Script - Implementation is portable for use in another project or for automation of tasks.
- Simple - Just point
ssh_scan
at an SSH service and get a JSON report of what it supports and its policy status. - Configurable - Make your own custom policies that fit your unique policy requirements.
Setup
To install and run as a gem, type:
gem install ssh_scan
ssh_scan
docker pull mozilla/ssh_scan
docker run -it mozilla/ssh_scan /app/bin/ssh_scan -t github.com
# clone repo
git clone http://ift.tt/2oqmNcj
cd ssh_scan
# install rvm,
# you might have to provide root to install missing packages
gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable
# install Ruby 2.3.1 with rvm,
# again, you might have to install missing devel packages
rvm install 2.3.1
rvm use 2.3.1
# resolve dependencies
gem install bundler
bundle install
./bin/ssh_scan
Example Command-Line Usage
Run
ssh_scan -h
to get this ssh_scan v0.0.17 (http://ift.tt/2barcIS)
Usage: ssh_scan [options]
-t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan
-f, --file [FilePath] File Path of the file containing IP/Range/Hostnames to scan
-T, --timeout [seconds] Timeout per connect after which ssh_scan gives up on the host
-L, --logger [Log File Path] Enable logger
-O, --from_json [FilePath] File to read JSON output from
-o, --output [FilePath] File to write JSON output to
-p, --port [PORT] Port (Default: 22)
-P, --policy [FILE] Custom policy file (Default: Mozilla Modern)
--threads [NUMBER] Number of worker threads (Default: 5)
--fingerprint-db [FILE] File location of fingerprint database (Default: ./fingerprints.db)
--suppress-update-status Do not check for updates
-u, --unit-test [FILE] Throw appropriate exit codes based on compliance status
-V [STD_LOGGING_LEVEL],
--verbosity
-v, --version Display just version info
-h, --help Show this message
Examples:
ssh_scan -t 192.168.1.1
ssh_scan -t server.example.com
ssh_scan -t ::1
ssh_scan -t ::1 -T 5
ssh_scan -f hosts.txt
ssh_scan -o output.json
ssh_scan -O output.json -o rescan_output.json
ssh_scan -t 192.168.1.1 -p 22222
ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO
ssh_scan -t 192.168.1.1 -P custom_policy.yml
ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml
- See here for example video
- See here for example output
- See here for example policies
Credits
Sources of Inspiration for ssh_scan
- Mozilla OpenSSH Security Guide - For providing a sane baseline policy recommendation for SSH configuration parameters (eg. Ciphers, MACs, and KexAlgos).
from KitPloit - PenTest Tools! full article here