Feature: add security section (e.g, related CVE's)

[arthepsy]

No description provided.

[arthepsy]

• find all related CVE's
  • OpenSSH
  • DropbearSSH
• go through ChangeLog for security issues, which doesn't have assigned CVE
  • OpenSSH
  • DropbearSSH
• double check with some security scanners to not miss anything
• extract banner components (protocol, software, comments)
• extract vendor/version from banner software component
• version comparison functionality
  • OpenSSH
  • DropBearSSH
• match against database

[blindfuzzy]

Might be possible to use searchsploit for the CVE stuff. I use it here: https://github.com/blindfuzzy/LHF/blob/master/Modules/recon.py ; works out pretty well.

[arthepsy]

Good tip, @blindfuzzy . As I don't want to rely on external modules/scripts/dependencies, I could use this for double-checking (as existing database). Also, maybe I could add it as optional dependency. Will have to research how useful it is when I'm done with historical CVE's.

P.S. LHF looks interesting.

[blindfuzzy]

I understand. Thanks :D Hoping to continue making it better.

[arthepsy]

Dropbear SSH CVE's: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dropbear
Correspond exactly to ChangeLog: https://matt.ucc.asn.au/dropbear/CHANGES

cve-search is missing CVE-2006-0225 (probably, due to being attributed to OpenSSH).

[arthepsy]

Security sections for Dropbear SSH (already released) and libssh are done (release next week). Only OpenSSH is left as TODO.

[egberts]

Perhaps a simple output of encountered SSH versions can be written to a file for a second script tool to interactively read then consult via-API to retrieve CVE?