search

arthepsy / ssh-audit

SSH server auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)
MIT License
2.95k stars 268 forks source link

Feature Request: Parseable Output #5

Open mschilt opened 8 years ago

mschilt commented 8 years ago

Would be great to have the output in some format that is easy to parse. I am thinking of something like the 'greppable' output of nmap (-oG).

arthepsy commented 8 years ago

Could You elaborate? NMap's greppable output is deprecated and, personally, seems clumsy. What's wrong with current output? Or could You give me an example, what kind of output You would like to see?

I was actually planning to implement JSON/XML output, for integration with external tools. Currently I'm grepping output as it is, but if there is a room for improvement, that's welcomed.

mschilt commented 7 years ago

I agree NMaps greppable out put is a bit deprecated. I am thinking of of running an ssh configuration check as part of a continous 'compliance audit' of our server farm. So what I would like to have is a way to do bulk scans (no problem so far: for in in $(cat all_my_hosts) ; do ssh-audit $i ; done) and somehow aggregate the scan results.

Maybe CSV would be ideal because it can be imported into excel so the guys that have to fix the configuration afterwards can get a list and directly work with that. JSON would be ideal because of the 'nature' of the data (variable lists of ciphers, etc).

arthepsy commented 7 years ago

Bulk scans are one of my goals. I am not sure about output format, though. If one does bulk scan and output is JSON/XML/CSV or other format, one would still need to somehow add "IP" in that output, i.e., write a wrapper. Maybe it would be better to handle it via command-line, e.g., accept network range and then output with IP's included. Haven't decided jet - pros/cons are in any case.

CSV actually is a great idea, but format would have to be carefully planned. For JSON/XML it's easy, as it's tree-like, but CSV is flat. If You have any ideas how CSV output should look like, please share.

besamelsosu commented 7 years ago

I will, hopefully soon :), get back to you with a pull request for JSON implementation, meanwhile we can discuss what ways we could use for CSV format.

arthepsy commented 7 years ago

@besamelsosu, I have started to implement it myself (some code refactoring parts are already in develop branch), it's more a question of output structure. If You have some thoughts the structure or comments for CSV structure, don't by shy to share them.

besamelsosu commented 7 years ago

@arthepsy I have sent an email to your way about this, let me know what would you like me to do.

arthepsy commented 7 years ago

@besamelsosu sure, replied.