https://github.com/mozilla/ssh_scan

DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)
https://github.com/mozilla/ssh_scan

abandoned unmaintained

Last synced: about 18 hours ago
JSON representation

DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/)

• Host: GitHub
• URL: https://github.com/mozilla/ssh_scan
• Owner: mozilla
• License: mpl-2.0
• Archived: true
• Created: 2016-01-29T21:39:15.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2022-01-23T21:53:21.000Z (almost 3 years ago)
• Last Synced: 2024-10-30T00:45:23.265Z (5 days ago)
• Topics: abandoned, unmaintained
• Language: Ruby
• Homepage:
• Size: 4.01 MB
• Stars: 793
• Watchers: 44
• Forks: 105
• Open Issues: 2
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

• awesome-repositories - mozilla/ssh_scan - DEPRECATED - A prototype SSH configuration and policy scanner (Blog: https://mozilla.github.io/ssh_scan/) (Ruby)

README

        
# ssh_scan

[![Gem Version](https://badge.fury.io/rb/ssh_scan.svg)](https://badge.fury.io/rb/ssh_scan)

[![Coverage Status](https://coveralls.io/repos/github/mozilla/ssh_scan/badge.svg?branch=master)](https://coveralls.io/github/mozilla/ssh_scan?branch=master)

A SSH configuration and policy scanner

⚠️ Deprecation Notice ⚠️

-------------------------

Mozilla is no longer maintaining the SSH Scan project.

Please fork it to continue development.

## Key Benefits

- **Minimal Dependencies** - Uses native Ruby and BinData to do its work, no heavy dependencies.

- **Not Just a Script** - Implementation is portable for use in another project or for automation of tasks.

- **Simple** - Just point `ssh_scan` at an SSH service and get a JSON report of what it supports and its policy status.

- **Configurable** - Make your own custom policies that fit your unique policy requirements.

## Setup

To install and run as a gem, type:

```bash

gem install ssh_scan

ssh_scan

```

To run from a docker container, type:

```bash

docker pull mozilla/ssh_scan

docker run -it mozilla/ssh_scan -t sshscan.rubidus.com

```

To install and run from source, type:

```bash

# clone repo

git clone https://github.com/mozilla/ssh_scan.git

cd ssh_scan

gem install bundler

bundle install

./bin/ssh_scan

```

## Example Command-Line Usage

Run `ssh_scan -h` to get this

```bash

ssh_scan v0.0.21 (https://github.com/mozilla/ssh_scan)

Usage: ssh_scan [options]

    -t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan

    -f, --file [FilePath]            File Path of the file containing IP/Range/Hostnames to scan

    -T, --timeout [seconds]          Timeout per connect after which ssh_scan gives up on the host

    -L, --logger [Log File Path]     Enable logger

    -O, --from_json [FilePath]       File to read JSON output from

    -o, --output [FilePath]          File to write JSON output to

    -p, --port [PORT]                Port (Default: 22)

    -P, --policy [FILE]              Custom policy file (Default: Mozilla Modern)

        --threads [NUMBER]           Number of worker threads (Default: 5)

        --fingerprint-db [FILE]      File location of fingerprint database (Default: ./fingerprints.db)

        --suppress-update-status     Do not check for updates

    -u, --unit-test [FILE]           Throw appropriate exit codes based on compliance status

    -V [STD_LOGGING_LEVEL],

        --verbosity

    -v, --version                    Display just version info

    -h, --help                       Show this message

Examples:

  ssh_scan -t 192.168.1.1

  ssh_scan -t server.example.com

  ssh_scan -t ::1

  ssh_scan -t ::1 -T 5

  ssh_scan -f hosts.txt

  ssh_scan -o output.json

  ssh_scan -O output.json -o rescan_output.json

  ssh_scan -t 192.168.1.1 -p 22222

  ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO

  ssh_scan -t 192.168.1.1 -P custom_policy.yml

  ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml

```

- See here for [example output](https://github.com/mozilla/ssh_scan/blob/master/examples/192.168.1.1.json)

- See here for [example policies](https://github.com/mozilla/ssh_scan/blob/master/config/policies)

## ssh_scan as a service/api?

This project is solely for ssh_scan engine/command-line usage.

If you would like to run ssh_scan as a service, please refer to [the ssh_scan_api project](https://github.com/mozilla/ssh_scan_api)

## Rubies Supported

This project is integrated with [travis-ci](http://about.travis-ci.org/) and is regularly tested to work with multiple rubies.

To checkout the current build status for these rubies, click [here](https://travis-ci.org/#!/mozilla/ssh_scan).

## Contributing

If you are interested in contributing to this project, please see [CONTRIBUTING.md](https://github.com/mozilla/ssh_scan/blob/master/CONTRIBUTING.md).

## Credits

**Sources of Inspiration for ssh_scan**

- [**Mozilla OpenSSH Security Guide**](https://wiki.mozilla.org/Security/Guidelines/OpenSSH) - For providing a sane baseline policy recommendation for SSH configuration parameters (eg. Ciphers, MACs, and KexAlgos).