README
¶
SSHscan
SSHscan is a simple utility for inspecting or auditing an SSH server for various settings such as supported encryption and key exchange algorithms.
Using sshscan as a library
In order to start, go get this repository:
go get github.com/adedayo/sshscan
Example
In your code simply import as usual and enjoy:
package main
import
(
"fmt"
"github.com/adedayo/sshscan"
)
func main() {
scan := sshscan.Inspect("host", "22")
fmt.Printf("%#v\n", scan)
}
This should produce an output similar to the following:
sshscan.SSHExchange{ProtocolVersion:"SSH-2.0-OpenSSH_7.6p1 Ubuntu-4\r\n", Cookie:[16]uint8{0x9e, 0x37, 0xe0, 0x10, 0xf0, 0x28, 0x5d,0xf9, 0x7c, 0x31, 0xb6, 0xb5, 0x84, 0xb, 0xf4, 0xa4}, KEXAlgorithms:[]string{"ssh-rsa", "rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"}, ServerHostKeyAlgos:[]string{"chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"}, EncAlgosC2S:[]string{"chacha20-poly1305@openssh.com", "aes128-ctr", "aes192-ctr", "aes256-ctr", "aes128-gcm@openssh.com", "aes256-gcm@openssh.com"}, EncAlgosS2C:[]string{"umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"}, MACAlgosC2S:[]string{"umac-64-etm@openssh.com", "umac-128-etm@openssh.com", "hmac-sha2-256-etm@openssh.com", "hmac-sha2-512-etm@openssh.com", "hmac-sha1-etm@openssh.com", "umac-64@openssh.com", "umac-128@openssh.com", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"}, MACAlgosS2C:[]string{"none", "zlib@openssh.com"}, CompAlgosC2S:[]string{"none", "zlib@openssh.com"}, CompAlgosS2C:[]string{""}, LanguagesC2S:[]string{""}, LanguagesS2C:[]string{""}, Fail:false, FailReason:""}
Using it as a command-line tool
sshscan is also available as a command-line tool.
Installation
Prebuilt binaries may be found for your operating system here: https://github.com/adedayo/sshscan/releases
For macOS X, you could install via brew as follows:
brew tap adedayo/tap
brew install sshscan
Inspecting a server
#scan on the default port 22
sshscan host
#specify port explicitly
sshscan -p 22222 host
For JSON-formatted output simply add the --json or -j flag:
sshscan --json host
License
BSD 3-Clause License
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type SSHExchange ¶
type SSHExchange struct {
Server string
Port string
ProtocolVersion string
Cookie [16]byte //random cookie
KEXAlgorithms []string //key exchange algorithms
ServerHostKeyAlgos []string //server host ket algorithms
EncAlgosC2S []string //encryption algorithms client to server
EncAlgosS2C []string //encryption algorithms server to client
MACAlgosC2S []string //MAC algorithms client to server
MACAlgosS2C []string //MAC algorithms server to client
CompAlgosC2S []string //Compression algorithms client to server
CompAlgosS2C []string //Compression algorithms server to client
LanguagesC2S []string //Languages client to server
LanguagesS2C []string //Languages server to client
Fail bool //if the inspection fails
FailReason string //possible error information in the event of a failure
}
SSHExchange contains parameters exchanged between server and client during the connection setup and key exchange algorithm negotiation step See https://tools.ietf.org/html/rfc4253
func Inspect ¶
func Inspect(host, port string) (data SSHExchange)
Inspect returns an `SSHExchange` on the specified `host` and `port`. If the inspection fails `SSHExchange.Fail` is set to true, and a possible reason for failure is provided in `SSHExchange.FailReason`
Source Files
Directories