Skip to content

feature-request : support options in any order #41

New issue
New issue
Open
Open
feature-request : support options in any order#41
@noraj

Description

@noraj
noraj
opened on Dec 28, 2018

warning : read the update section

related to #37

ssh-audit display the wrong banner instead of displaying the real one or saying he doesn't know this one:

ssh-audit x.x.x.x -p 2222                                                                                                            
# general                                                                                                                                              
(gen) banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6                                                                                                  
(gen) software: OpenSSH 7.2p2                                                                                                                          
(gen) compatibility: OpenSSH 7.2+, Dropbear SSH 2013.62+                                                                                               
(gen) compression: enabled (zlib@openssh.com)

But when doing ssh -v or sftp -v (because it is a sftp server) I can see: debug1: Remote protocol version 2.0, remote software version mod_sftp/0.9.9.

To be sure I used nmap:

nmap -Pn -p 2222 x.x.x.x -sVC                                                                         
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-28 11:06 CET
Nmap scan report for x.com (x.x.x.x)                                                                  
Host is up (0.023s latency).

PORT     STATE SERVICE VERSION
2222/tcp open  ssh     ProFTPD mod_sftp 0.9.9 (protocol 2.0)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .                                                        
Nmap done: 1 IP address (1 host up) scanned in 62.67 seconds

So:

  1. You need to display the real banner, the one grabbed not making an internal match or something and displying a wrong banner when the ssh provider is not known from ssh-audit because it can lead to severe mistakes.
  2. As Add ProFTPd to known SSH softwares #37 said, adding mod_sftp support (module sftp support in ProFTPD).

Update Also a real SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6 is running on port 22 so I suspect that ssh-audit is ignoring the option for port 2222.

ssh-audit/ssh-audit.py

Lines 155 to 185 in 22b671e

elif o in ('-p', '--port'):
oport = a
elif o in ('-b', '--batch'):
aconf.batch = True
aconf.verbose = True
elif o in ('-n', '--no-colors'):
aconf.colors = False
elif o in ('-v', '--verbose'):
aconf.verbose = True
elif o in ('-l', '--level'):
if a not in ('info', 'warn', 'fail'):
usage_cb('level {0} is not valid'.format(a))
aconf.minlevel = a
if len(args) == 0:
usage_cb()
if oport is not None:
host = args[0]
port = utils.parse_int(oport)
else:
s = args[0].split(':')
host = s[0].strip()
if len(s) == 2:
oport, port = s[1], utils.parse_int(s[1])
else:
oport, port = '22', 22
if not host:
usage_cb('host is empty')
if port <= 0 or port > 65535:
usage_cb('port {0} is not valid'.format(oport))
aconf.host = host
aconf.port = port

==> this is it, if I put ssh-audit -p 2222 x.x.x.x instead of ssh-audit x.x.x.x -p 2222 i have the good banner:

(gen) banner: SSH-2.0-mod_sftp/0.9.9                                                                                                                   
(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)                                                             
(gen) compression: enabled (zlib@openssh.com, zlib)

So I suggest to support options in any order even after the host like nmap and many other tools are doing.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions