| 83 | |
| 84 | |
| 85 | def usage(uout: OutputBuffer, err: Optional[str] = None) -> None: |
| 86 | retval = exitcodes.GOOD |
| 87 | p = os.path.basename(sys.argv[0]) |
| 88 | uout.head('# {} {}, https://github.com/jtesta/ssh-audit\n'.format(p, VERSION)) |
| 89 | if err is not None and len(err) > 0: |
| 90 | uout.fail(err + '\n') |
| 91 | retval = exitcodes.UNKNOWN_ERROR |
| 92 | uout.info('usage: {0} [options] <host>\n'.format(p)) |
| 93 | uout.info(' -h, --help print this help') |
| 94 | uout.info(' -1, --ssh1 force ssh version 1 only') |
| 95 | uout.info(' -2, --ssh2 force ssh version 2 only') |
| 96 | uout.info(' -4, --ipv4 enable IPv4 (order of precedence)') |
| 97 | uout.info(' -6, --ipv6 enable IPv6 (order of precedence)') |
| 98 | uout.info(' -b, --batch batch output') |
| 99 | uout.info(' -c, --client-audit starts a server on port 2222 to audit client\n software config (use -p to change port;\n use -t to change timeout)') |
| 100 | uout.info(' --conn-rate-test=N[:max_rate] perform a connection rate test (useful') |
| 101 | uout.info(' for collecting metrics related to') |
| 102 | uout.info(' susceptibility of the DHEat vuln).') |
| 103 | uout.info(' Testing is conducted with N concurrent') |
| 104 | uout.info(' sockets with an optional maximum rate') |
| 105 | uout.info(' of connections per second.') |
| 106 | uout.info(' -d, --debug debug output') |
| 107 | uout.info(' --dheat=N[:kex[:e_len]] continuously perform the DHEat DoS attack') |
| 108 | uout.info(' (CVE-2002-20001) against the target using N') |
| 109 | uout.info(' concurrent sockets. Optionally, a specific') |
| 110 | uout.info(' key exchange algorithm can be specified') |
| 111 | uout.info(' instead of allowing it to be automatically') |
| 112 | uout.info(' chosen. Additionally, a small length of') |
| 113 | uout.info(' the fake e value sent to the server can') |
| 114 | uout.info(' be chosen for a more efficient attack (such') |
| 115 | uout.info(' as 4).') |
| 116 | uout.info(' -g, --gex-test=<x[,y,...]> dh gex modulus size test') |
| 117 | uout.info(' <min1:pref1:max1[,min2:pref2:max2,...]>') |
| 118 | uout.info(' <x-y[:step]>') |
| 119 | uout.info(' -j, --json JSON output (use -jj to enable indents)') |
| 120 | uout.info(' -l, --level=<level> minimum output level (info|warn|fail)') |
| 121 | uout.info(' -L, --list-policies list all the official, built-in policies. Use with -v') |
| 122 | uout.info(' to view policy change logs.') |
| 123 | uout.info(' --lookup=<alg1,alg2,...> looks up an algorithm(s) without\n connecting to a server') |
| 124 | uout.info(' -M, --make-policy=<policy.txt> creates a policy based on the target server\n (i.e.: the target server has the ideal\n configuration that other servers should\n adhere to)') |
| 125 | uout.info(' -m, --manual print the man page (Windows only)') |
| 126 | uout.info(' -n, --no-colors disable colors (automatic when the NO_COLOR') |
| 127 | uout.info(' environment variable is set)') |
| 128 | uout.info(' -p, --port=<port> port to connect') |
| 129 | uout.info(' -P, --policy=<policy.txt> run a policy test using the specified policy') |
| 130 | uout.info(' --skip-rate-test skip the connection rate test during standard audits\n (used to safely infer whether the DHEat attack\n is viable)') |
| 131 | uout.info(' -t, --timeout=<secs> timeout (in seconds) for connection and reading\n (default: 5)') |
| 132 | uout.info(' -T, --targets=<hosts.txt> a file containing a list of target hosts (one\n per line, format HOST[:PORT]). Use -p/--port\n to set the default port for all hosts. Use\n --threads to control concurrent scans.') |
| 133 | uout.info(' --threads=<threads> number of threads to use when scanning multiple\n targets (-T/--targets) (default: 32)') |
| 134 | uout.info(' -v, --verbose verbose output') |
| 135 | uout.sep() |
| 136 | uout.write() |
| 137 | sys.exit(retval) |
| 138 | |
| 139 | |
| 140 | def output_algorithms(out: OutputBuffer, title: str, alg_db: Dict[str, Dict[str, List[List[Optional[str]]]]], alg_type: str, algorithms: List[str], unknown_algs: List[str], is_json_output: bool, program_retval: int, maxlen: int = 0, host_keys: Optional[Dict[str, Dict[str, Union[bytes, str, int]]]] = None, dh_modulus_sizes: Optional[Dict[str, int]] = None) -> int: # pylint: disable=too-many-arguments |