Hacking Tools s

Published on April 11th, 2017 | 1,305 views Post Views

ssh_scan – A prototype SSH Configuration and Policy Scanner

A SSH configuration and policy scanner

Key Benefits

  • Minimal Dependancies – Uses native Ruby and BinData to do its work, no heavy dependancies.
  • Not Just a Script – Implementation is portable for use in another project or for automation of tasks.
  • Simple – Just point ssh_scan at an SSH service and get a JSON report of what it supports and its policy status.
  • Configurable – Make your own custom policies that fit your unique policy requirements.

To install and run as a gem, type:

gem install ssh_scan

To run from a docker container, type:

docker pull mozilla/ssh_scan
docker run -it mozilla/ssh_scan /app/bin/ssh_scan -t github.com

To install and run from source, type:

# clone repo
git clone https://github.com/mozilla/ssh_scan.git
cd ssh_scan

# install rvm,
# you might have to provide root to install missing packages
gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
curl -sSL https://get.rvm.io | bash -s stable

# install Ruby 2.3.1 with rvm,
# again, you might have to install missing devel packages
rvm install 2.3.1
rvm use 2.3.1

# resolve dependencies
gem install bundler
bundle install


Example Command-Line Usage
Run ssh_scan -h to get this

ssh_scan v0.0.17 (https://github.com/mozilla/ssh_scan)

Usage: ssh_scan [options]
    -t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan
    -f, --file [FilePath]            File Path of the file containing IP/Range/Hostnames to scan
    -T, --timeout [seconds]          Timeout per connect after which ssh_scan gives up on the host
    -L, --logger [Log File Path]     Enable logger
    -O, --from_json [FilePath]       File to read JSON output from
    -o, --output [FilePath]          File to write JSON output to
    -p, --port [PORT]                Port (Default: 22)
    -P, --policy [FILE]              Custom policy file (Default: Mozilla Modern)
        --threads [NUMBER]           Number of worker threads (Default: 5)
        --fingerprint-db [FILE]      File location of fingerprint database (Default: ./fingerprints.db)
        --suppress-update-status     Do not check for updates
    -u, --unit-test [FILE]           Throw appropriate exit codes based on compliance status
    -v, --version                    Display just version info
    -h, --help                       Show this message


  ssh_scan -t
  ssh_scan -t server.example.com
  ssh_scan -t ::1
  ssh_scan -t ::1 -T 5
  ssh_scan -f hosts.txt
  ssh_scan -o output.json
  ssh_scan -O output.json -o rescan_output.json
  ssh_scan -t -p 22222
  ssh_scan -t -p 22222 -L output.log -V INFO
  ssh_scan -t -P custom_policy.yml
  ssh_scan -t --unit-test -P custom_policy.yml

Sources of Inspiration for ssh_scan

  • Mozilla OpenSSH Security Guide – For providing a sane baseline policy recommendation for SSH configuration parameters (eg. Ciphers, MACs, and KexAlgos).


Download ssh_scan
(Visited 385 times, 1 visits today)

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
Static Code Analyzer: PVS-Studio

PVS-Studio performs static code analysis and generates a report that helps a programmer find and fix bugs. PVS-Studio performs a...