Feature: add security section (e.g, related CVE's)

[arthepsy]

• [ ] find all related CVE's
  • [ ] OpenSSH
  • [x] DropbearSSH
• [ ] go through ChangeLog for security issues, which doesn't have assigned CVE
  • [ ] OpenSSH
  • [x] DropbearSSH
• [ ] double check with some security scanners to not miss anything
• [x] extract banner components (protocol, software, comments)
• [x] extract vendor/version from banner software component
• [x] version comparison functionality
  • [x] OpenSSH
  • [x] DropBearSSH
• [x] match against database

[blindfuzzy]

Might be possible to use searchsploit for the CVE stuff. I use it here: https://github.com/blindfuzzy/LHF/blob/master/Modules/recon.py ; works out pretty well.

[arthepsy]

Good tip, @blindfuzzy . As I don't want to rely on external modules/scripts/dependencies, I could use this for double-checking (as existing database). Also, maybe I could add it as optional dependency. Will have to research how useful it is when I'm done with historical CVE's.

P.S. LHF looks interesting.

[blindfuzzy]

I understand. Thanks :D Hoping to continue making it better.

[arthepsy]

Dropbear SSH CVE's: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dropbear Correspond exactly to ChangeLog: https://matt.ucc.asn.au/dropbear/CHANGES

cve-search is missing CVE-2006-0225 (probably, due to being attributed to OpenSSH).

[arthepsy]

Security sections for Dropbear SSH (already released) and libssh are done (release next week). Only OpenSSH is left as TODO.

[egberts]

Perhaps a simple output of encountered SSH versions can be written to a file for a second script tool to interactively read then consult via-API to retrieve CVE?