HASSH is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of a small MD5 fingerprint.
BSD 3-Clause "New" or "Revised" License
529
stars
77
forks
source link
Bro 2.6 will fix SSH capabilities "is_server" flag #4
The bug fix at https://github.com/zeek/zeek/pull/191 now allows these workarounds to be updated:
https://github.com/salesforce/hassh/blob/a9f1854727a5676593dcc7438448e51f76979330/bro/hassh.bro#L114-L133
If you want things to keep working with both Bro 2.5.x and 2.6, you should be able to branch on
Version::info
.