ncsa / Ssh Auditor
Licence: other
The best way to scan for weak ssh passwords on your network
Stars: ✭ 516
Programming Languages
go
31211 projects - #10 most used programming language
Projects that are alternatives of or similar to Ssh Auditor
Shodan-RPi
A simple SSH bruteforce script targeting (not necessarily) Raspbian devices.
Stars: ✭ 13 (-97.48%)
Mutual labels: ssh, brute-force
Brutedum
BruteDum - Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack
Stars: ✭ 212 (-58.91%)
Mutual labels: ssh, brute-force
Ssb
Secure Shell Bruteforcer — A faster & simpler way to bruteforce SSH server
Stars: ✭ 832 (+61.24%)
Mutual labels: ssh, brute-force
Otseca
Open source security auditing tool to search and dump system configuration. It allows you to generate reports in HTML or RAW-HTML formats.
Stars: ✭ 416 (-19.38%)
Mutual labels: auditing
Bastillion Ec2
A web-based SSH console to execute commands and manage multiple EC2 instances simultaneously running on Amazon Web Services (AWS).
Stars: ✭ 410 (-20.54%)
Mutual labels: ssh
Cheetah
a very fast brute force webshell password tool
Stars: ✭ 509 (-1.36%)
Mutual labels: brute-force
Ssh
A lightweight package to execute commands over an SSH connection
Stars: ✭ 468 (-9.3%)
Mutual labels: ssh
Pi Timolo
Raspberry PI-TIMOLO ( PI-TImelapse, MOtion, LOwLight ) uses RPI picamera and OpenCV for Remote Headless Security Monitoring using Motion Tracking, Rclone Auto Sync files with remote storage services. Auto Twilight Transitions and Low Light Camera Settings. Panoramic images using PanTiltHat and More. This project is featured on GitHub Awesome software.
Stars: ✭ 441 (-14.53%)
Mutual labels: ssh
Fatt
FATT /fingerprintAllTheThings - a pyshark based script for extracting network metadata and fingerprints from pcap files and live network traffic
Stars: ✭ 490 (-5.04%)
Mutual labels: ssh
Django Auditlog
A Django app that keeps a log of changes made to an object.
Stars: ✭ 412 (-20.16%)
Mutual labels: auditing
Cnp3
Computer Networking : Principles, Protocols and Practice (first and second edition, third edition is being written on https://github.com/cnp3/ebook)
Stars: ✭ 471 (-8.72%)
Mutual labels: ssh
SSH Auditor
Features
ssh-auditor will automatically:
- Re-check all known hosts as new credentials are added. It will only check the new credentials.
- Queue a full credential scan on any new host discovered.
- Queue a full credential scan on any known host whose ssh version or key fingerprint changes.
- Attempt command execution as well as attempt to tunnel a TCP connection.
- Re-check each credential using a per credential
scan_interval
- default 14 days.
It's designed so that you can run ssh-auditor discover
+ ssh-auditor scan
from cron every hour to to perform a constant audit.
Demos
Earlier demo showing all of the features
Demo showing improved log output
Usage
Install
$ brew install go # or however you want to install the go compiler
$ go get github.com/ncsa/ssh-auditor
or Build from a git clone
$ go build
Build a static binary including sqlite
$ make static
Ensure you can use enough file descriptors
$ ulimit -n 4096
Create initial database and discover ssh servers
$ ./ssh-auditor discover -p 22 -p 2222 192.168.1.0/24 10.0.0.1/24
Add credential pairs to check
$ ./ssh-auditor addcredential root root
$ ./ssh-auditor addcredential admin admin
$ ./ssh-auditor addcredential guest guest --scan-interval 1 #check this once per day
Try credentials against discovered hosts in a batch of 20000
$ ./ssh-auditor scan
Output a report on what credentials worked
$ ./ssh-auditor vuln
RE-Check credentials that worked
$ ./ssh-auditor rescan
Output a report on duplicate key usage
$ ./ssh-auditor dupes
TODO
- [x] update the 'host changes' table
- [x] handle false positives from devices that don't use ssh password authentication but instead use the shell to do it.
- [x] variable re-check times - each credential has a scan_interval in days
- [x] better support non-standard ports - discover is the only thing that needs to be updated, the rest doesn't care.
- [ ] possibly daemonize and add an api that bro could hook into to kick off a discover as soon as a new SSH server is detected.
- [ ] make the store pluggable (mysql, postgresql).
- [x] differentiate between a failed password attempt and a failed connection or timeout. Mostly done. Things like fail2ban complicate this.
- [x] add go implementations for the report sqlite3 command.
Report query.
This query that ssh-auditor vuln
runs is
select
hc.hostport, hc.user, hc.password, hc.result, hc.last_tested, h.version
from
host_creds hc, hosts h
where
h.hostport = hc.hostport
and result!='' order by last_tested asc
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].