ssh-auditor v0.15 releases: scan for weak ssh passwords

SSH Auditor

The best way to scan for weak ssh passwords on your network

Features

ssh-auditor will automatically:

  • Re-check all known hosts as new credentials are added. It will only check the new credentials.
  • Queue a full credential scan on any new host discovered.
  • Queue a full credential scan on any known host whose ssh version or key fingerprint changes.
  • Attempt command execution as well as attempt to tunnel a TCP connection.
  • Re-check each credential using a per credential scan_interval – default 14 days.

It’s designed so that you can run ssh-auditor discover + ssh-auditor scan from cron every hour to perform a constant audit.

Changelog v0.15

  • eda2a3f build standalone before doing e2e-tests
  • f46ac82 Add automated goreleaser build, fix key test
  • 2617592 add initial support for key based authentication
  • 9a0f1ae add a test case for an account with no password
  • 16b854c problem: Can’t discover using a list of ips
  • 2cb844d problem: can’t discover a single host
  • 4192134 remove redundant if block
  • bf9d35d Merge pull request #4 from Neo23x0/master
  • 9546ea7 feat: Reset credentials
  • 3a00933 feat: Reset scan interval

Install

$ go get github.com/ncsa/ssh-auditor

Or

Download

Use

Create an initial database and discover ssh servers

$ ./ssh-auditor discover -p 22 -p 2222 192.168.1.0/24 10.0.0.1/24

Add credential pairs to check

$ ./ssh-auditor addcredential root root
$ ./ssh-auditor addcredential admin admin
$ ./ssh-auditor addcredential guest guest --scan-interval 1 #check this once per day

Try credentials against discovered hosts in a batch of 20000

$ ./ssh-auditor scan

Output a report on what credentials worked

$ ./ssh-auditor vuln

Report query.
This query that ssh-auditor vuln runs are

select
        hc.hostport, hc.user, hc.password, hc.result, hc.last_tested, h.version
 from
        host_creds hc, hosts h
 where
        h.hostport = hc.hostport
 and    result!='' order by last_tested asc

 

RE-Check credentials that worked

$ ./ssh-auditor rescan

Output a report on duplicate key usage

$ ./ssh-auditor dupes

Demo

demo

Copyright (c) 2016 University of Illinois/NCSA

Source: https://github.com/ncsa/

Share