Skip to content
This repository has been archived by the owner on Jan 24, 2022. It is now read-only.

Commit

Permalink
First round of results refactoring to a class
Browse files Browse the repository at this point in the history
  • Loading branch information
Jonathan Claudius committed Jun 6, 2017
1 parent 76463e4 commit 80cb670
Show file tree
Hide file tree
Showing 8 changed files with 658 additions and 121 deletions.
3 changes: 1 addition & 2 deletions bin/ssh_scan
View file
Original file line number Diff line number Diff line change
Expand Up @@ -261,8 +261,7 @@ puts JSON.pretty_generate(results)

if options["unit_test"] == true
results.each do |result|
if result["compliance"] &&
result["compliance"][:compliant] == false
if result.compliant == false
exit 1 #non-zero means a false
else
exit 0 #non-zero means pass
Expand Down
1 change: 1 addition & 0 deletions lib/ssh_scan.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
require 'ssh_scan/update'
require 'ssh_scan/fingerprint_database'
require 'ssh_scan/grader'
require 'ssh_scan/result'

#Monkey Patches
require 'string_ext'
4 changes: 2 additions & 2 deletions lib/ssh_scan/banner.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ def self.read(string)
# or "SSH-number" then return the number, else return
# "unknown"
def ssh_version()
if version = @string.match(/SSH-(\d+[\.\d+]+)/)[1]
return version.to_f
if match = @string.match(/SSH-(\d+[\.\d+]+)/)
return match[1].to_f
else
return "unknown"
end
Expand Down
57 changes: 33 additions & 24 deletions lib/ssh_scan/client.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@

module SSHScan
class Client
def initialize(target, port, timeout = 3)
@target = target
def initialize(ip, port, timeout = 3)
@ip = ip
@timeout = timeout

@port = port
Expand All @@ -16,9 +16,23 @@ def initialize(target, port, timeout = 3)
@kex_init_raw = SSHScan::Constants::DEFAULT_KEY_INIT.to_binary_s
end

def ip
@ip
end

def port
@port
end

def banner
@server_banner
end

def connect()
@error = nil

begin
@sock = Socket.tcp(@target, @port, connect_timeout: @timeout)
@sock = Socket.tcp(@ip, @port, connect_timeout: @timeout)
rescue SocketError => e
@error = SSHScan::Error::ConnectionRefused.new(e.message)
@sock = nil
Expand Down Expand Up @@ -56,58 +70,53 @@ def connect()
end
end

def get_kex_result(kex_init_raw = @kex_init_raw)
# Common options for all cases
result = {}
result[:ssh_scan_version] = SSHScan::VERSION
result[:ip] = @target
result[:port] = @port
def error?
!@error.nil?
end

def error
@error
end

def get_kex_result(kex_init_raw = @kex_init_raw)
if !@sock
result[:error] = @error
return result
@error = "Socket is no longer valid"
return nil
end

# Assemble and print results
result[:server_banner] = @server_banner.to_s
result[:ssh_version] = @server_banner.ssh_version
result[:os] = @server_banner.os_guess.common
result[:os_cpe] = @server_banner.os_guess.cpe
result[:ssh_lib] = @server_banner.ssh_lib_guess.common
result[:ssh_lib_cpe] = @server_banner.ssh_lib_guess.cpe

begin
@sock.write(kex_init_raw)
resp = @sock.read(4)

if resp.nil?
result[:error] = SSHScan::Error::NoKexResponse.new(
@error = SSHScan::Error::NoKexResponse.new(
"service did not respond to our kex init request"
)
@sock = nil
return result
return nil
end

resp += @sock.read(resp.unpack("N").first)
@sock.close

kex_exchange_init = SSHScan::KeyExchangeInit.read(resp)
result.merge!(kex_exchange_init.to_hash)
rescue Errno::ETIMEDOUT => e
@error = SSHScan::Error::ConnectTimeout.new(e.message)
@sock = nil
return nil
rescue Errno::ECONNREFUSED,
Errno::ENETUNREACH,
Errno::ECONNRESET,
Errno::EACCES,
Errno::EHOSTUNREACH
result[:error] = SSHScan::Error::NoKexResponse.new(
@error = SSHScan::Error::NoKexResponse.new(
"service did not respond to our kex init request"
)
@sock = nil
return nil
end

return result
return kex_exchange_init.to_hash
end
end
end
34 changes: 17 additions & 17 deletions lib/ssh_scan/policy_manager.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ def initialize(result, policy)
def out_of_policy_encryption
return [] if @policy.encryption.empty?
target_encryption =
@result[:encryption_algorithms_client_to_server] |
@result[:encryption_algorithms_server_to_client]
@result.encryption_algorithms_client_to_server |
@result.encryption_algorithms_server_to_client
outliers = []
target_encryption.each do |target_enc|
outliers << target_enc unless @policy.encryption.include?(target_enc)
Expand All @@ -21,8 +21,8 @@ def out_of_policy_encryption
def missing_policy_encryption
return [] if @policy.encryption.empty?
target_encryption =
@result[:encryption_algorithms_client_to_server] |
@result[:encryption_algorithms_server_to_client]
@result.encryption_algorithms_client_to_server |
@result.encryption_algorithms_server_to_client
outliers = []
@policy.encryption.each do |encryption|
if target_encryption.include?(encryption) == false
Expand All @@ -35,8 +35,8 @@ def missing_policy_encryption
def out_of_policy_macs
return [] if @policy.macs.empty?
target_macs =
@result[:mac_algorithms_server_to_client] |
@result[:mac_algorithms_client_to_server]
@result.mac_algorithms_server_to_client |
@result.mac_algorithms_client_to_server
outliers = []
target_macs.each do |target_mac|
outliers << target_mac unless @policy.macs.include?(target_mac)
Expand All @@ -47,8 +47,8 @@ def out_of_policy_macs
def missing_policy_macs
return [] if @policy.macs.empty?
target_macs =
@result[:mac_algorithms_server_to_client] |
@result[:mac_algorithms_client_to_server]
@result.mac_algorithms_server_to_client |
@result.mac_algorithms_client_to_server
outliers = []

@policy.macs.each do |mac|
Expand All @@ -61,7 +61,7 @@ def missing_policy_macs

def out_of_policy_kex
return [] if @policy.kex.empty?
target_kexs = @result[:key_algorithms]
target_kexs = @result.key_algorithms
outliers = []
target_kexs.each do |target_kex|
outliers << target_kex unless @policy.kex.include?(target_kex)
Expand All @@ -71,7 +71,7 @@ def out_of_policy_kex

def missing_policy_kex
return [] if @policy.kex.empty?
target_kex = @result[:key_algorithms]
target_kex = @result.key_algorithms
outliers = []

@policy.kex.each do |kex|
Expand All @@ -85,8 +85,8 @@ def missing_policy_kex
def out_of_policy_compression
return [] if @policy.compression.empty?
target_compressions =
@result[:compression_algorithms_server_to_client] |
@result[:compression_algorithms_client_to_server]
@result.compression_algorithms_server_to_client |
@result.compression_algorithms_client_to_server
outliers = []
target_compressions.each do |target_compression|
outliers << target_compression unless
Expand All @@ -98,8 +98,8 @@ def out_of_policy_compression
def missing_policy_compression
return [] if @policy.compression.empty?
target_compressions =
@result[:compression_algorithms_server_to_client] |
@result[:compression_algorithms_client_to_server]
@result.compression_algorithms_server_to_client |
@result.compression_algorithms_client_to_server
outliers = []

@policy.compression.each do |compression|
Expand All @@ -112,8 +112,8 @@ def missing_policy_compression

def out_of_policy_auth_methods
return [] if @policy.auth_methods.empty?
return [] if @result["auth_methods"].nil?
target_auth_methods = @result["auth_methods"]
return [] if @result.auth_methods.empty?
target_auth_methods = @result.auth_methods
outliers = []

if not @policy.auth_methods.empty?
Expand All @@ -128,7 +128,7 @@ def out_of_policy_auth_methods

def out_of_policy_ssh_version
return false if @policy.ssh_version.nil?
target_ssh_version = @result[:ssh_version]
target_ssh_version = @result.ssh_version
if @policy.ssh_version
if target_ssh_version < @policy.ssh_version
return true
Expand Down

0 comments on commit 80cb670

Please sign in to comment.