sshmitm.plugins.session.clientaudit module
- class sshmitm.plugins.session.clientaudit.SSHClientAudit(key_negotiation_data: KeyNegotiationData, client_version: str, client_name: Optional[str] = None, client_info: Optional[Dict[str, Dict[str, Any]]] = None)
Bases:
object
The class SSHClientAudit is used for auditing SSH clients.
- Parameters:
key_negotiation_data ('sshmitm.plugins.session.key_negotiation.KeyNegotiationData') – object of ‘sshmitm.plugins.session.key_negotiation.KeyNegotiationData’
client_version (str) – client version string
client_name (Optional[str]) – optional client name
client_info (Optional[Dict[str, Dict[str, Any]]]) – optional client information, stored as a dictionary
- Returns:
None
- Return type:
None
- audit() List[str]
Run audits on all clients.
- Returns:
None
- Return type:
None
- between_versions(version_min: Union[None, int, float, str], version_max: Union[None, int, float, str]) bool
This method returns True if the version string is between version_min and version_max. Returns False otherwise.
- Parameters:
version_min (Union[None, int, float, str]) – minimum version number
version_max (Union[None, int, float, str]) – maximum version number
- Returns:
True if version string is between version_min and version_max, False otherwise
- Return type:
bool
- check_cves(vulnerabilities: Dict[str, List[str]]) List[str]
This method returns a list of strings representing the Common Vulnerabilities and Exposures (CVEs) found in the client, along with the information available in the vulnerabilities dictionary.
- Parameters:
vulnerabilities (Dict[str, List[str]]) – dictionary of CVEs and their descriptions
- Returns:
list of strings representing the CVEs and their information
- Return type:
List[str]
- check_key_negotiation() Dict[str, List[str]]
Check if a key negotiation data is known.
- Parameters:
client_id (str) – ID of the client to check
- Returns:
True if key negotiation data is known, False otherwise
- Return type:
bool
- get_version_string() Optional[str]
This method returns version string extracted from the client_version string in the key_negotiation_data object using the version_regex field of client_info dictionary.
- Returns:
version string
- Return type:
Optional[str]
- run_audit() None
Run an audit on the client with the given ID.
- Parameters:
client_id (str) – ID of the client to audit
- Returns:
None
- Return type:
None
- class sshmitm.plugins.session.clientaudit.Vulnerability(cve: str, indocs: bool = False)
Bases:
object
This class represents a vulnerability and holds information about it.
- Parameters:
cve (str) – the identifier of the vulnerability (e.g. ‘CVE-2022-0001’)
indocs (bool) – if True, the URL of the vulnerability information will point to the internal docs. if False, the URL will point to the official NIST National Vulnerability Database.
- property url: str
Get the URL where the information about the vulnerability can be found.
- Returns:
the URL
- Return type:
str