def check_rule(self, ip, port, values, conf):
t = Triage()
p = ScanParser(port, values)
domain = p.get_domain()
module = p.get_module()
if port in ssh_ports and 'ssh' in module.lower():
output = t.run_cmd(
'ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"'
.format(ip, port))
if output and 'password' in str(output):
self.rule_details = 'Server accepts passwords as an authentication option'
rds.store_vuln({
'ip': ip,
'port': port,
'domain': domain,
'rule_id': self.rule,
'rule_sev': self.rule_severity,
'rule_desc': self.rule_description,
'rule_confirm': self.rule_confirm,
'rule_details': self.rule_details,
'rule_mitigation': self.rule_mitigation
})
return
def check_rule(self, ip, port, values, conf):
c = ConfParser(conf)
t = Triage()
p = ScanParser(port, values)
domain = p.get_domain()
if port in ssh_ports and t.is_ssh(ip, port):
output = t.run_cmd('ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"'.format(ip, port))
if output and 'password' in str(output):
self.rule_details = p.get_product()
js_data = {
'ip':ip,
'port':port,
'domain':domain,
'rule_id':self.rule,
'rule_sev':self.rule_severity,
'rule_desc':self.rule_description,
'rule_confirm':self.rule_confirm,
'rule_details':self.rule_details,
'rule_mitigation':self.rule_mitigation
}
rds.store_vuln(js_data)
return
def check_rule(self, ip, port, values, conf):
c = ConfParser(conf)
t = Triage()
p = ScanParser(port, values)
domain = p.get_domain()
module = p.get_module()
if not c.get_cfg_allow_bf():
return
if port in ssh_ports or 'ssh' in module:
usernames = c.get_cfg_usernames() + known_users
passwords = c.get_cfg_passwords() + known_weak
output = t.run_cmd(
'ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"'
.format(ip, port))
if output and 'password' in str(output):
for username in usernames:
for password in passwords:
if self.ssh_attack(ip, port, username, password):
self.rule_details = 'SSH Server Credentials are set to {}:{}'.format(
username, password)
rds.store_vuln({
'ip':
ip,
'port':
port,
'domain':
domain,
'rule_id':
self.rule,
'rule_sev':
self.rule_severity,
'rule_desc':
self.rule_description,
'rule_confirm':
self.rule_confirm,
'rule_details':
self.rule_details,
'rule_mitigation':
self.rule_mitigation
})
return
