How to use the ssh-audit.SSH function in ssh-audit
To help you get started, we’ve selected a few ssh-audit examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
arthepsy / ssh-audit / ssh-audit.py View on Github 
packet_type, payload = s.read_packet(sshv)
if packet_type < 0:
try:
payload_txt = payload.decode('utf-8') if payload else u'empty'
except UnicodeDecodeError:
payload_txt = u'"{0}"'.format(repr(payload).lstrip('b')[1:-1])
if payload_txt == u'Protocol major versions differ.':
if sshv == 2 and aconf.ssh1:
audit(aconf, 1)
return
err = '[exception] error reading packet ({0})'.format(payload_txt)
else:
err_pair = None
if sshv == 1 and packet_type != SSH.Protocol.SMSG_PUBLIC_KEY:
err_pair = ('SMSG_PUBLIC_KEY', SSH.Protocol.SMSG_PUBLIC_KEY)
elif sshv == 2 and packet_type != SSH.Protocol.MSG_KEXINIT:
err_pair = ('MSG_KEXINIT', SSH.Protocol.MSG_KEXINIT)
if err_pair is not None:
fmt = '[exception] did not receive {0} ({1}), ' + \
'instead received unknown message ({2})'
err = fmt.format(err_pair[0], err_pair[1], packet_type)
if err:
output(banner, header)
out.fail(err)
sys.exit(1)
if sshv == 1:
pkm = SSH1.PublicKeyMessage.parse(payload)
output(banner, header, pkm=pkm)
elif sshv == 2:
kex = SSH2.Kex.parse(payload)
output(banner, header, kex=kex)def output_security_sub(sub, software, padlen):
# type: (str, SSH.Software, int) -> None
secdb = SSH.Security.CVE if sub == 'cve' else SSH.Security.TXT
if software is None or software.product not in secdb:
return
for line in secdb[software.product]:
vfrom, vtill = line[0:2] # type: str, str
if not software.between_versions(vfrom, vtill):
continue
target, name = line[2:4] # type: int, str
is_server, is_client = target & 1 == 1, target & 2 == 2
is_local = target & 4 == 4
if not is_server:
continue
p = '' if out.batch else ' ' * (padlen - len(name))
if sub == 'cve':
cvss, descr = line[4:6] # type: float, str
out.fail('(cve) {0}{1} -- ({2}) {3}'.format(name, p, cvss, descr))
else:self.__sock.settimeout(rto)
if s < 0:
return self.__banner, self.__header
if self.__state < self.SM_BANNER_SENT:
self.send_banner(banner)
while self.__banner is None:
if not s > 0:
s, e = self.recv()
if s < 0:
break
while self.__banner is None and self.unread_len > 0:
line = self.read_line()
if len(line.strip()) == 0:
continue
if self.__banner is None:
self.__banner = SSH.Banner.parse(line)
if self.__banner is not None:
continue
self.__header.append(line)
s = 0
return self.__banner, self.__headerdef output_compatibility(kex, pkm, for_server=True):
# type: (Optional[SSH2.Kex], Optional[SSH1.PublicKeyMessage], bool) -> None
alg_pairs = get_alg_pairs(kex, pkm)
ssh_timeframe = get_ssh_timeframe(alg_pairs, for_server)
vp = 1 if for_server else 2
comp_text = []
for sshd_name in [SSH.Product.OpenSSH, SSH.Product.DropbearSSH]:
if sshd_name not in ssh_timeframe:
continue
v = ssh_timeframe[sshd_name]
if v[vp] is None:
comp_text.append('{0} {1}+'.format(sshd_name, v[0]))
elif v[0] == v[vp]:
comp_text.append('{0} {1}'.format(sshd_name, v[0]))
else:
if v[vp] < v[0]:
tfmt = '{0} {1}+ (some functionality from {2})'
else:
tfmt = '{0} {1}-{2}'
comp_text.append(tfmt.format(sshd_name, v[0], v[vp]))
if len(comp_text) > 0:
out.good('(gen) compatibility: ' + ', '.join(comp_text))ssh-audit
An SSH server & client configuration security auditing tool
Package Health Score
79 / 100Popular ssh-audit functions
- ssh-audit.AuditConf.from_cmdline
- ssh-audit.OutputBuffer
- ssh-audit.ReadBuf
- ssh-audit.SSH
- ssh-audit.SSH.Fingerprint
- ssh-audit.SSH.Product
- ssh-audit.SSH.Product.DropbearSSH
- ssh-audit.SSH.Product.LibSSH
- ssh-audit.SSH.Product.OpenSSH
- ssh-audit.SSH.Protocol
- ssh-audit.SSH.Socket
- ssh-audit.SSH.Socket.InsufficientReadException
- ssh-audit.SSH.Software
- ssh-audit.SSH.Software.parse
- ssh-audit.SSH1
- ssh-audit.SSH2.Kex.parse
- ssh-audit.SSH2.KexParty
- ssh-audit.WriteBuf
- ssh-audit.WriteBuf._create_mpint