Skip to content
This repository has been archived by the owner on Feb 26, 2021. It is now read-only.
/ scanner-infrastructure-ssh Public archive

Part of the deprecated secureCodeBox v1, see secureCodeBox/secureCodeBox Repo for v2

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

secureCodeBox/scanner-infrastructure-ssh

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

104 Commits
.github
.github
 
 
.travis
.travis
 
 
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
Dockerfile
Dockerfile
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 

Repository files navigation

title path category usecase release
SSH
scanner/SSH
scanner
SSH Configuration and Policy Scanner

SSH_scan is an easy-to-use prototype SSH configuration and policy scanner, inspired by Mozilla OpenSSH Security Guide, which provides a reasonable baseline policy recommendation for SSH configuration parameters such as Ciphers, MACs, and KexAlgos and much more.

About

This repository contains a self contained µService utilizing the Mozilla SSH Scanner for the secureCodeBox project. To learn more about the ssh_scan scanner itself visit ssh_scan.

ssh_scan parameters

To hand over supported parameters through api usage, you can set following attributes:

[
  {
    "name": "some Name",
    "context": "some Context",
    "target": {
      "name": "targetName",
      "location": "http://your-target.com/",
      "attributes": {
        "SSH_TIMEOUT_SECONDS": "[seconds]",
        "SSH_POLICY_FILE": "[filepath/cutsom-policy-file]"
      }
    }
  }
]

Example

Example configuration:

[
  {
    "name": "ssh",
    "context": "Example Test",
    "target": {
      "name": "BodgeIT on OpenShift",
      "location": "bodgeit.example.com",
      "attributes": {}
    }
  }
]

Example Output:

{
  "findings": [
    {
      "id":"15571571-c578-4a22-8416-0c54cd05829c",
      "name":"SSH Compliance",
      "description":"SSH Compliance Information",
      "category":"SSH Service",
      "osi_layer":"NETWORK",
      "severity":"INFORMATIONAL",
      "reference":{},
      "hint":"",
      "location":"192.168.0.1",
      "attributes":{
        "hostname":"bodgeit.example.com",
        "server_banner":"",
        "ssh_version":"unknown",
        "os_cpe":"o:unknown",
        "ssh_lib_cpe":"a:unknown",
        "compliance_policy":null,
        "compliant":null,
        "grade":null,
        "start_time":"2019-09-11 11:41:48 +0000",
        "end_time":"2019-09-11 11:41:54 +0000",
        "scan_duration_seconds":5.017572203,
        "references":null
      }
    }
  ]
}

Development

Configuration Options

To configure this service specify the following environment variables:

Environment Variable Value Example
ENGINE_ADDRESS http://engine
ENGINE_BASIC_AUTH_USER username
ENGINE_BASIC_AUTH_PASSWORD 123456

Local setup

  1. Clone the repository
  2. You might need to install some dependencies gem install sinatra rest-client
  3. Run locally ruby src/main.rb

Test

To run the testsuite run:

rake test

Build with docker

To build the docker container run:

docker build -t IMAGE_NAME:LABEL .

Build Status License GitHub release

About

Part of the deprecated secureCodeBox v1, see secureCodeBox/secureCodeBox Repo for v2

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

2 stars

Watchers

10 watching

Forks

0 forks
Report repository

Releases 5

v1.2.0 Latest
Mar 17, 2020
+ 4 releases

Packages

No packages published

Contributors 5

Languages