ssh-audit icon indicating copy to clipboard operation
ssh-audit copied to clipboard

Published 20 hours ago verified publisher icon jtesta

Output recommendations in JSON.

Open letiemble opened this issue 2 years ago • 2 comments

Address https://github.com/jtesta/ssh-audit/issues/122 by printing the recommendations when using JSON ouptut.

letiemble avatar Oct 16 '21 10:10 letiemble

Thanks for the submission!

It appears that this patch doesn't work in some cases. When I scan test.rebex.net with JSON output, I get no recommendations. Without JSON output, I get the following:

# algorithm recommendations 
(rec) !diffie-hellman-group-exchange-sha256 -- kex algorithm to change
(increase modulus size to 2048 bits or larger) 
(rec) -aes128-cbc                           -- enc algorithm to remove 
(rec) -aes192-cbc                           -- enc algorithm to remove 
(rec) -aes256-cbc                           -- enc algorithm to remove 
(rec) -diffie-hellman-group-exchange-sha1   -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp256                   -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp384                   -- kex algorithm to remove 
(rec) -ecdh-sha2-nistp521                   -- kex algorithm to remove 
(rec) -ecdsa-sha2-nistp256                  -- key algorithm to remove 
(rec) -ecdsa-sha2-nistp384                  -- key algorithm to remove 
(rec) -ecdsa-sha2-nistp521                  -- key algorithm to remove 
(rec) -hmac-sha1-96                         -- mac algorithm to remove 
(rec) -ssh-rsa                              -- key algorithm to remove 
(rec) -diffie-hellman-group14-sha1          -- kex algorithm to remove 
(rec) -hmac-sha1                            -- mac algorithm to remove 
(rec) -hmac-sha2-256                        -- mac algorithm to remove 
(rec) -hmac-sha2-512                        -- mac algorithm to remove

jtesta avatar Oct 19 '21 02:10 jtesta

Sorry for the delay. This should be fixed.

letiemble avatar Dec 14 '21 21:12 letiemble

Can you also add the applicable CVE vulnerabilities that a host is susceptible to to the JSON output? For example, non json output includes CVEs such as

# security                                                                                                      
(cve) CVE-2021-41617                        -- (CVSSv2: 7.0) privilege escalation via supplemental groups       
(cve) CVE-2020-15778                        -- (CVSSv2: 7.8) command injection via anomalous argument transfers 
(cve) CVE-2018-15919                        -- (CVSSv2: 5.3) username enumeration via GS2                       
(cve) CVE-2018-15473                        -- (CVSSv2: 5.3) enumerate usernames due to timing discrepancies    
(cve) CVE-2016-20012                        -- (CVSSv2: 5.3) enumerate usernames via challenge response

@jtesta @letiemble Awesome tool by the way : )

mr-pmillz avatar Jan 13 '23 20:01 mr-pmillz

@letiemble : I opted to write this patch from scratch myself (which I just committed) since there were some subtle code-organization I wanted to improve upon, along with an 'informational' level of recommendation I wanted to include. I thought going back and forth with the changes I was interested in would take longer than just writing the patch myself, and since I'm aiming to make a release soon, I opted for a quick turnaround.

I do appreciate the work you've done, though! And if you had an opportunity to test the master branch soon, that would also be a big help as well. Thanks!!

jtesta avatar Mar 24 '23 23:03 jtesta