def check_rule(self, ip, port, values, conf): t = Triage() p = ScanParser(port, values) domain = p.get_domain() module = p.get_module() if port in ssh_ports and 'ssh' in module.lower(): output = t.run_cmd( 'ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"' .format(ip, port)) if output and 'password' in str(output): self.rule_details = 'Server accepts passwords as an authentication option' rds.store_vuln({ 'ip': ip, 'port': port, 'domain': domain, 'rule_id': self.rule, 'rule_sev': self.rule_severity, 'rule_desc': self.rule_description, 'rule_confirm': self.rule_confirm, 'rule_details': self.rule_details, 'rule_mitigation': self.rule_mitigation }) return
def check_rule(self, ip, port, values, conf): c = ConfParser(conf) t = Triage() p = ScanParser(port, values) domain = p.get_domain() if port in ssh_ports and t.is_ssh(ip, port): output = t.run_cmd('ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"'.format(ip, port)) if output and 'password' in str(output): self.rule_details = p.get_product() js_data = { 'ip':ip, 'port':port, 'domain':domain, 'rule_id':self.rule, 'rule_sev':self.rule_severity, 'rule_desc':self.rule_description, 'rule_confirm':self.rule_confirm, 'rule_details':self.rule_details, 'rule_mitigation':self.rule_mitigation } rds.store_vuln(js_data) return
def check_rule(self, ip, port, values, conf): c = ConfParser(conf) t = Triage() p = ScanParser(port, values) domain = p.get_domain() module = p.get_module() if not c.get_cfg_allow_bf(): return if port in ssh_ports or 'ssh' in module: usernames = c.get_cfg_usernames() + known_users passwords = c.get_cfg_passwords() + known_weak output = t.run_cmd( 'ssh -o PreferredAuthentications=none -o ConnectTimeout=5 -o StrictHostKeyChecking=no -o NoHostAuthenticationForLocalhost=yes user@"{}" -p "{}"' .format(ip, port)) if output and 'password' in str(output): for username in usernames: for password in passwords: if self.ssh_attack(ip, port, username, password): self.rule_details = 'SSH Server Credentials are set to {}:{}'.format( username, password) rds.store_vuln({ 'ip': ip, 'port': port, 'domain': domain, 'rule_id': self.rule, 'rule_sev': self.rule_severity, 'rule_desc': self.rule_description, 'rule_confirm': self.rule_confirm, 'rule_details': self.rule_details, 'rule_mitigation': self.rule_mitigation }) return