ssh-audit is a tool for ssh server auditing.
- SSH1 and SSH2 protocol server support;
- grab banner, recognize device or software and operating system, detect compression;
- gather key-exchange, host-key, encryption and message authentication code algorithms;
- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
- output algorithm recommendations (append or remove based on recognized software version);
- output security information (related issues, assigned CVE list, etc);
- analyze SSH version compatibility based on algorithm information;
- historical information from OpenSSH, Dropbear SSH and libssh;
- no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;
usage: ssh-audit.py [-bnv] [-l ] <host[:port]> -1, --ssh1 force ssh version 1 only -2, --ssh2 force ssh version 2 only -b, --batch batch output -n, --no-colors disable colors -v, --verbose verbose output -l, --level= minimum output level (info|warn|fail)
– batch flag -b will output sections without header and without empty lines (implies verbose flag).
– verbose flag -v will prefix each line with section type and algorithm name.
Latest posts by TWR (see all)
- Connecting to Airport WiFi is Safe, Right?…..Wrong - December 5, 2017
- Your HP Wireless mouse can be Spoofed; Be careful - May 18, 2017
- E.U. Fines Facebook $122 Million for misleading information about WhatsApp acquisition - May 18, 2017