known_hosts_bruteforcer icon indicating copy to clipboard operation
known_hosts_bruteforcer copied to clipboard

Published 20 hours ago verified publisher icon xme

Change open call to three-parameter form

Open jawaad-ahmad opened this issue 4 years ago • 0 comments

Reference: https://perlmaven.com/open-files-in-the-old-way

Current code calls open on known_hosts as:

open(HOSTFILE, "$knownhostFile") || die "Cannot open $knownhostFile";

Recommend changing to the following to make explicit that we're opening the file as read-only and also to prevent any intentional or unintentional malicious use:

open(HOSTFILE, "<", "$knownhostFile") || die "Cannot open $knownhostFile";

As an alternative, consider removing the file name option and the open logic, and instead take the input from standard input:

$ ./known_hosts_bruteforcer.pl < ~/.ssh/known_hosts

This simplifies the logic of the script and also allows users the flexibility to pass in whatever they want into the script without having to make any temporary files beforehand e.g.

$ tail -3 ~/.ssh/known_hosts | ./known_hosts_bruteforcer.pl

jawaad-ahmad avatar Aug 02 '20 08:08 jawaad-ahmad