Add terrapin-scanner: Scan SSH servers and clients for Terrapin vulne…

…rability The Terrapin Vulnerability Scanner is a small utility program written in Go, which can be used to determine the vulnerability of an SSH client or server against the Terrapin Attack. The vulnerability scanner requires a single connection with the peer to gather all supported algorithms. However, it does not perform a fully fledged SSH key exchange, will never attempt authentication on a server, and does not perform the attack in practice. Instead, vulnerability is determined by checking the supported algorithms and support for known countermeasures (strict key exchange). This may falsely claim vulnerability in case the peer supports countermeasures unknown to this tool.
NetBSD · Dec 20, 2023 · 7a15791 · 7a15791
1 parent bc7c848
commit 7a15791
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 0 deletions.
diff --git a/security/terrapin-scanner/DESCR b/security/terrapin-scanner/DESCR
@@ -0,0 +1,10 @@
+The Terrapin Vulnerability Scanner is a small utility program written in
+Go, which can be used to determine the vulnerability of an SSH client or
+server against the Terrapin Attack. The vulnerability scanner requires a
+single connection with the peer to gather all supported algorithms.
+However, it does not perform a fully fledged SSH key exchange, will
+never attempt authentication on a server, and does not perform the
+attack in practice. Instead, vulnerability is determined by checking the
+supported algorithms and support for known countermeasures (strict key
+exchange). This may falsely claim vulnerability in case the peer
+supports countermeasures unknown to this tool.
diff --git a/security/terrapin-scanner/Makefile b/security/terrapin-scanner/Makefile
@@ -0,0 +1,15 @@
+# $NetBSD: Makefile,v 1.1 2023/12/20 16:43:04 schmonz Exp $
+
+DISTNAME=	Terrapin-Scanner-1.0.3
+PKGNAME=	${DISTNAME:tl}
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_GITHUB:=RUB-NDS/}
+GITHUB_TAG=	v${PKGVERSION_NOREV}
+
+MAINTAINER=	pkgsrc-users@NetBSD.org
+HOMEPAGE=	https://terrapin-attack.com/
+COMMENT=	Scan SSH servers and clients for Terrapin vulnerability
+LICENSE=	apache-2.0
+
+.include "../../lang/go/go-module.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/terrapin-scanner/PLIST b/security/terrapin-scanner/PLIST
@@ -0,0 +1,2 @@
+@comment $NetBSD: PLIST,v 1.1 2023/12/20 16:43:04 schmonz Exp $
+bin/Terrapin-Scanner
diff --git a/security/terrapin-scanner/distinfo b/security/terrapin-scanner/distinfo
@@ -0,0 +1,5 @@
+$NetBSD: distinfo,v 1.1 2023/12/20 16:43:04 schmonz Exp $
+
+BLAKE2s (Terrapin-Scanner-1.0.3.tar.gz) = b5988af4581e0bf355413b53726c83c9deb757e6d618c077ff83941a3a901e59
+SHA512 (Terrapin-Scanner-1.0.3.tar.gz) = b64a2d2b67e632a59cb05f0b3597a2146a14294017cc8f015821d3ecbaf2add67f07ddbb13ac2774b845aa86c267f5d2cad099e85f6817c93ff764847cccbc27
+Size (Terrapin-Scanner-1.0.3.tar.gz) = 9470 bytes