ssh-audit
ssh-audit copied to clipboard
Output recommendations in JSON.
Address https://github.com/jtesta/ssh-audit/issues/122 by printing the recommendations when using JSON ouptut.
Thanks for the submission!
It appears that this patch doesn't work in some cases. When I scan test.rebex.net with JSON output, I get no recommendations. Without JSON output, I get the following:
# algorithm recommendations
(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change
(increase modulus size to 2048 bits or larger)
(rec) -aes128-cbc -- enc algorithm to remove
(rec) -aes192-cbc -- enc algorithm to remove
(rec) -aes256-cbc -- enc algorithm to remove
(rec) -diffie-hellman-group-exchange-sha1 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp256 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp384 -- kex algorithm to remove
(rec) -ecdh-sha2-nistp521 -- kex algorithm to remove
(rec) -ecdsa-sha2-nistp256 -- key algorithm to remove
(rec) -ecdsa-sha2-nistp384 -- key algorithm to remove
(rec) -ecdsa-sha2-nistp521 -- key algorithm to remove
(rec) -hmac-sha1-96 -- mac algorithm to remove
(rec) -ssh-rsa -- key algorithm to remove
(rec) -diffie-hellman-group14-sha1 -- kex algorithm to remove
(rec) -hmac-sha1 -- mac algorithm to remove
(rec) -hmac-sha2-256 -- mac algorithm to remove
(rec) -hmac-sha2-512 -- mac algorithm to remove
Sorry for the delay. This should be fixed.
Can you also add the applicable CVE vulnerabilities that a host is susceptible to to the JSON output? For example, non json output includes CVEs such as
# security
(cve) CVE-2021-41617 -- (CVSSv2: 7.0) privilege escalation via supplemental groups
(cve) CVE-2020-15778 -- (CVSSv2: 7.8) command injection via anomalous argument transfers
(cve) CVE-2018-15919 -- (CVSSv2: 5.3) username enumeration via GS2
(cve) CVE-2018-15473 -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies
(cve) CVE-2016-20012 -- (CVSSv2: 5.3) enumerate usernames via challenge response
@jtesta @letiemble Awesome tool by the way : )
@letiemble : I opted to write this patch from scratch myself (which I just committed) since there were some subtle code-organization I wanted to improve upon, along with an 'informational' level of recommendation I wanted to include. I thought going back and forth with the changes I was interested in would take longer than just writing the patch myself, and since I'm aiming to make a release soon, I opted for a quick turnaround.
I do appreciate the work you've done, though! And if you had an opportunity to test the master branch soon, that would also be a big help as well. Thanks!!