jtesta
Feature Request: Output Directory and SSH Auth Methods
Hi @jtesta ,
many thanks for this great project!
SSH Auth Methods
It would be nice to include some info about the supported auth methods of an SSH server. For example password, public key and/or keyboard-interactive. Regarding hardening, only pubkey auth should be offered as the other ones allow brute-forcing attacks and password guessing (if no measures are implemented such as fail2ban etc.).
I personally would flag all as info but you may define password and keyboard-interactive as warning.
Output Directory
I am currently relying on the JSON output. However, there seems no possibility to define the output directory or output file at all via CLI params. The only way is to pipe the Python's script output into an outfile. This works fine but gets problematic when ssh-audit is called from another script via subprocess. I always have to overwrite the stdout, which is a bit weird.
Would be nice if you add an argparse argument to define the output dir.
You can limit this to the -j and -jj output formats if you want.
