ssh-audit – SSH Server Auditing

ssh-audit is a tool for ssh server auditing.Features

SSH1 and SSH2 protocol server support;

grab banner, recognize device or software and operating system, detect compression;

gather key-exchange, host-key, encryption and message authentication code algorithms;

output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);

output algorithm recommendations (append or remove based on recognized software version);

output security information (related issues, assigned CVE list, etc);

analyze SSH version compatibility based on algorithm information;

historical information from OpenSSH, Dropbear SSH and libssh;

no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;


usage: [-bnv] [-l ] -1, –ssh1 force ssh version 1 only -2, –ssh2 force ssh version 2 only -b, –batch batch output -n, –no-colors disable colors -v, –verbose verbose output -l, –level= minimum output level (info|warn|fail)

batch flag -b will output sections without header and without empty lines (implies verbose flag).

verbose flag -v will prefix each line with section type and algorithm name.

ChangeLogv1.6.0 (2016-10-14)

implement algorithm recommendations section (based on recognized software)

implement full libssh support (version history, algorithms, security, etc)

fix SSH-1.99 banner recognition and version comparison functionality

do not output empty algorithms (happens for misconfigured servers)

make consistent output for Python 3.x versions

add a lot more tests (conf, banner, software, SSH1/SSH2, output, etc)

use Travis CI to test for multiple Python versions (2.6-3.5, pypy, pypy3)

v1.5.0 (2016-09-20)

create security section for related security information

match and output assigned CVE list and security issues for Dropbear SSH

implement full SSH1 support with fingerprint information

automatically fallback to SSH1 on protocol mismatch

add new options to force SSH1 or SSH2 (both allowed by default)

parse banner information and convert it to specific sofware and OS version

do not use padding in batch mode

several fixes (Cisco sshd, rare hangs, error handling, etc)


implement batch output option

implement minimum output level option

fix compatibility with Python 2.6


implement SSH version compatibility feature

fix wrong mac algorithm warning

fix Dropbear SSH version typo

parse pre-banner header

better errors handling


use OpenSSH 7.3 banner

add new key-exchange algorithms


use OpenSSH 7.2 banner

additional warnings for OpenSSH 7.2

fix OpenSSH 7.0 failure messages

add rijndael-cbc failure message from OpenSSH 6.7


multiple additional warnings

support for none algorithm

better compression handling

ensure reading enough data (fixes few Linux SSH)


Dropbear SSH support


initial version

Download ssh-audit


Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do

Você está comentando utilizando sua conta Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s