{"id":13453556,"url":"https://github.com/arthepsy/ssh-audit","last_synced_at":"2025-05-15T02:08:19.286Z","repository":{"id":37663229,"uuid":"48465577","full_name":"arthepsy/ssh-audit","owner":"arthepsy","description":"SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)","archived":false,"fork":false,"pushed_at":"2024-06-28T23:48:45.000Z","size":239,"stargazers_count":2970,"open_issues_count":29,"forks_count":267,"subscribers_count":121,"default_branch":"master","last_synced_at":"2025-04-11T14:17:05.832Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/arthepsy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-12-23T02:54:38.000Z","updated_at":"2025-04-07T12:03:49.000Z","dependencies_parsed_at":"2024-10-28T20:34:38.066Z","dependency_job_id":"f71e6a84-d4c3-4e37-baee-7e5aeab600b1","html_url":"https://github.com/arthepsy/ssh-audit","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fssh-audit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fssh-audit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fssh-audit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/arthepsy%2Fssh-audit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/arthepsy","download_url":"https://codeload.github.com/arthepsy/ssh-audit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254259384,"owners_count":22040820,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T08:00:43.025Z","updated_at":"2025-05-15T02:08:14.278Z","avatar_url":"https://github.com/arthepsy.png","language":"Python","funding_links":[],"categories":["Python","SSH","Python (1887)","Tools to check security hardening","Apps","DevOps Utilities","📦 Legacy \u0026 Inactive Projects"],"sub_categories":["Packages","SSH","Testing / Honeypots"],"readme":"# ssh-audit\n[![build status](https://api.travis-ci.org/arthepsy/ssh-audit.svg)](https://travis-ci.org/arthepsy/ssh-audit)\n[![coverage status](https://coveralls.io/repos/github/arthepsy/ssh-audit/badge.svg)](https://coveralls.io/github/arthepsy/ssh-audit)  \n**ssh-audit** is a tool for ssh server auditing.  \n\n## Features\n- SSH1 and SSH2 protocol server support;\n- grab banner, recognize device or software and operating system, detect compression;\n- gather key-exchange, host-key, encryption and message authentication code algorithms;\n- output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);\n- output algorithm recommendations (append or remove based on recognized software version);\n- output security information (related issues, assigned CVE list, etc);\n- analyze SSH version compatibility based on algorithm information;\n- historical information from OpenSSH, Dropbear SSH and libssh;\n- no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;\n\n## Usage\n```\nusage: ssh-audit.py [-1246pbnvl] \u003chost\u003e\n\n   -1,  --ssh1             force ssh version 1 only\n   -2,  --ssh2             force ssh version 2 only\n   -4,  --ipv4             enable IPv4 (order of precedence)\n   -6,  --ipv6             enable IPv6 (order of precedence)\n   -p,  --port=\u003cport\u003e      port to connect\n   -b,  --batch            batch output\n   -n,  --no-colors        disable colors\n   -v,  --verbose          verbose output\n   -l,  --level=\u003clevel\u003e    minimum output level (info|warn|fail)\n   \n```\n* if both IPv4 and IPv6 are used, order of precedence can be set by using either `-46` or `-64`.  \n* batch flag `-b` will output sections without header and without empty lines (implies verbose flag).  \n* verbose flag `-v` will prefix each line with section type and algorithm name.  \n\n### example\n![screenshot](https://cloud.githubusercontent.com/assets/7356025/19233757/3e09b168-8ef0-11e6-91b4-e880bacd0b8a.png)\n\n## ChangeLog\n### v1.7.0 (2016-10-26)\n - implement options to allow specify IPv4/IPv6 usage and order of precedence\n - implement option to specify remote port (old behavior kept for compatibility)\n - add colors support for Microsoft Windows via optional colorama dependency\n - fix encoding and decoding issues, add tests, do not crash on encoding errors\n - use mypy-lang for static type checking and verify all code\n\n### v1.6.0 (2016-10-14)\n - implement algorithm recommendations section (based on recognized software)\n - implement full libssh support (version history, algorithms, security, etc)\n - fix SSH-1.99 banner recognition and version comparison functionality\n - do not output empty algorithms (happens for misconfigured servers)\n - make consistent output for Python 3.x versions\n - add a lot more tests (conf, banner, software, SSH1/SSH2, output, etc)\n - use Travis CI to test for multiple Python versions (2.6-3.5, pypy, pypy3)\n\n### v1.5.0 (2016-09-20)\n - create security section for related security information\n - match and output assigned CVE list and security issues for Dropbear SSH\n - implement full SSH1 support with fingerprint information\n - automatically fallback to SSH1 on protocol mismatch\n - add new options to force SSH1 or SSH2 (both allowed by default)\n - parse banner information and convert it to specific software and OS version\n - do not use padding in batch mode\n - several fixes (Cisco sshd, rare hangs, error handling, etc)\n\n### v1.0.20160902\n - implement batch output option\n - implement minimum output level option\n - fix compatibility with Python 2.6\n\n### v1.0.20160812\n - implement SSH version compatibility feature\n - fix wrong mac algorithm warning\n - fix Dropbear SSH version typo\n - parse pre-banner header\n - better errors handling\n\n### v1.0.20160803\n - use OpenSSH 7.3 banner\n - add new key-exchange algorithms\n\n### v1.0.20160207\n - use OpenSSH 7.2 banner\n - additional warnings for OpenSSH 7.2 \n - fix OpenSSH 7.0 failure messages\n - add rijndael-cbc failure message from OpenSSH 6.7\n\n### v1.0.20160105\n - multiple additional warnings\n - support for none algorithm\n - better compression handling  \n - ensure reading enough data (fixes few Linux SSH)  \n\n### v1.0.20151230\n - Dropbear SSH support  \n\n### v1.0.20151223\n - initial version  \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farthepsy%2Fssh-audit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Farthepsy%2Fssh-audit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Farthepsy%2Fssh-audit/lists"}