ncsa / ssh-auditor Goto Github PK

• I would like to be able to reset the check interval for all credentials
• I would like to be able to drop the whole credentials table
• I would like to be able to set a new interval value for all credentials at once

Many thanks

addcredential works for one at a time, but should support importing a list from a CSV or TSV file.

I was testing the version 0.6 installed from rpm packages on a specific target, I've found out the scan return a false negative:

[root@com01 ~]# ssh-auditor discover 10.200.200.206/32 --debug
INFO[11-18|08:53:32] discovering hosts                        include=10.200.200.206/32 exclude= total=1 ports=22
INFO[11-18|08:53:32] current known hosts                      count=0
INFO[11-18|08:53:32] discovered new host                      host=10.200.200.206:22 version=SSH-2.0-OpenSSH_7.2 fp=SHA256:LNhTGE5pmDRfWmM15aF49hUrUz/NCI5cIoxqMfjSfJ4
INFO[11-18|08:53:32] discovery report                         total=1 new=1 updated=0
INFO[11-18|08:53:32] brute force queue size                   new=0 total=0

[root@com01 ~]# ssh-auditor addcredential root zaq12wsx --debug
INFO[11-18|08:53:53] added credential                         user=root password=zaq12wsx interval=14

[root@com01 ~]# ssh-auditor scan --debug
INFO[11-18|08:54:19] brute force queue size                   new=1 total=1
DBUG[11-18|08:54:19] negative brute force result              host=10.200.200.206:22 user=root password=zaq12wsx result=
INFO[11-18|08:54:19] brute force scan report                  total=1 neg=1 pos=0 err=0

[root@com01 ~]# sshpass -p zaq12wsx ssh [email protected] hostname
com07
[root@com01 ~]# 

The target is a linux server running opensuse 42.3 with ldap authentication

AddCredential needs to do a

update host_creds set scan_interval=..

if the row was updated and not added.

Hello
Consider adding a "-f" parameter so you can add a custom ip list

like：
./ssh-auditor discover -p 22 -f ip.txt

thanks

We have some old entries that need to be cleared out. The vulnerable hosts went offline rather than being fixed.

Currently I can't just use the CentOS sqlite3 tool because of the partial index, which isn't supported in version 3.7. (CREATE INDEX host_creds_vulnerable ON host_creds (result) where result != '';)

It would be great if there was a command to reset hosts.

go get -t -v ./...
Fetching https://golang.org/x/crypto/ssh?go-get=1
https fetch failed: Get https://golang.org/x/crypto/ssh?go-get=1: dial tcp 216.239.37.1:443: i/o timeout
package golang.org/x/crypto/ssh: unrecognized import path "golang.org/x/crypto/ssh" (https fetch: Get https://golang.org/x/crypto/ssh?go-get=1: dial tcp 216.239.37.1:443: i/o timeout)
Fetching https://golang.org/x/crypto/ssh/terminal?go-get=1
https fetch failed: Get https://golang.org/x/crypto/ssh/terminal?go-get=1: dial tcp 216.239.37.1:443: i/o timeout
package golang.org/x/crypto/ssh/terminal: unrecognized import path "golang.org/x/crypto/ssh/terminal" (https fetch: Get https://golang.org/x/crypto/ssh/terminal?go-get=1: dial tcp 216.239.37.1:443: i/o timeout)
make: *** [static] Error 1

Is it possible to test for a username/blank password combination?

Would be neat to be able to add bad/default SSH keys, for example the ones in the https://github.com/rapid7/ssh-badkeys repo, for a start.