Passive-SSH server and scanner version 1.1 released (2021-04-19)

In addition to the usual bug fixes, this version brings two new features:

• the ability to scan a list of IP from a file,
• the ability to get a list of onion hidden services for which we have a corresponding public IP in DB

Changes

• chg: [deanonymize_onion] return onion hosts with matched keys [Terrtia]
• chg: [ssh scanner] Scan all targets from the given file [Terrtia]

Fix

• fix: typo [Terrtia]
• fix: [deanonymize_onion] TypeError [Terrtia]
• fix: [ssh scanner parser helper] [Terrtia]
• fix: [documentation] Fixed API endpoint [chrisr3d]
• fix: [stats] typo too many typos [Alexandre Dulaunoy]
• fix: [stats] typo fixed for the encrypt stats [Alexandre Dulaunoy]
• new: [gitchangelog] added a default configuration for gitchangelog [Alexandre Dulaunoy]

Passive-SSH server and scanner version 1.0 released

Passive-SSH server and scanner version 1.0 released (2020-12-19)

Passive SSH is an open source framework composed of a scanner and server to store and lookup the SSH keys and fingerprints per host (IPv4/IPv6/onion).

The key materials along fingerprints and hosts are stored in a fast-lookup database. The system provides an historical view of SSH keys seen but also common key materials reused on different IP addresses.

Slides presented at FIRST.org conference in 2020 gives more details.

The project is part of the D4-Project and co-financed by the CEF Telecom Cybersecurity.

New

• [stats] compress, mac and encrypt statistics added. [Alexandre
  Dulaunoy]

• [stats] add encrypt, compress and mac algorithms stats. [Alexandre
  Dulaunoy]

  Additional statistics for compression algorithms, mac algorithms and
  symmetric encryption algorithms.
  The result is approximative as at each scan it will be updated but this gives
  an idea of the proportion of each of the algorithms.

  Fix #5

• [doc] logo added - because every project needs a logo. [Alexandre
  Dulaunoy]

Changes

• [debug] add IP address scanned if in verbose mode. [Alexandre
  Dulaunoy]

• [crypto] move the crypto parsing to the API side. [Jean-Louis Huynen]

• [crypto] fix ed25519. [Jean-Louis Huynen]

• [sample scanner] add --timeout flag. [Terrtia]

• [slides] final round. [Alexandre Dulaunoy]

• [doc] slides about attacker infrastructure and attribution. [Alexandre
  Dulaunoy]

• [README] update README. [Terrtia]

• [slides] updated. [Alexandre Dulaunoy]

• [slides] pivot from key fingerprint added. [Alexandre Dulaunoy]

• [slides] banner API example added. [Alexandre Dulaunoy]

• [doc] where is the Passive SSH collecting? [Alexandre Dulaunoy]

• [API] get all hasshs with scores. [Terrtia]

• [doc] overview of SSH handshakes. [Alexandre Dulaunoy]

• [slides] updated. [Alexandre Dulaunoy]

• [doc] first skeleton. [Alexandre Dulaunoy]

• [API] get hosts by banner. [Terrtia]

• [doc] README updated. [Alexandre Dulaunoy]

• [API + scanner] new endpoints: list of fingerprints - numbers of hosts

  • fix list of hosts by fingerprint. [Terrtia]

• [scanner] skip exception in ssh scanning. [Alexandre Dulaunoy]

• [requirements] netaddr added. [Alexandre Dulaunoy]

• [README] add basic README. [Terrtia]

• [API] nb banners + stats. [Terrtia]

• [output] is now JSON by default. [Alexandre Dulaunoy]

• [requirements] remove the official one. [Alexandre Dulaunoy]

• [option] add the ability to scan a CIDR block. [Alexandre Dulaunoy]

  --trange option added to add your subnet for scanning.

• [requirements] too many socks in Python. [Alexandre Dulaunoy]

• [requirements] socks was missing. [Alexandre Dulaunoy]

• [API] response fields. [Terrtia]

• [API] get hosts by hassh + get hosts by fingerprint. [Terrtia]

• Initial import. [Terrtia]

Fix

• [pkey] skip incomplete tuples. [Alexandre Dulaunoy]
• [scanner] add SSH client timeout. [Terrtia]
• [scanner] catch EOFError. [Terrtia]
• [API] get all hosts by key type and fingerprint. [Terrtia]
• [scanner] banner + handshake timeout. [Terrtia]
• [slides] typo. [Terrtia]
• [API + README] update REDAME + rename ednpoint get all fingerprints.
  [Terrtia]
• Typo. [Terrtia]
• [API] get all hasshs with scores: add update script. [Terrtia]
• [API] fix get all hosts by banner path. [Terrtia]
• [API] get all hasshs with scores. [Terrtia]
• [API] get hosts by banner. [Terrtia]
• [API] get hosts by fingerprint. [Terrtia]
• [install] fix requirements. [Terrtia]

Other

• CIRCL Passive SSH access. [Alexandre Dulaunoy]

• Merge branch 'main' of https://github.com/D4-project/passive-ssh into
  main. [Terrtia]

• Merge pull request #4 from gallypette/main. [Alexandre Dulaunoy]

  Parse Cryptographic Material

• Add: [crypto] parsing crypto material. [Jean-Louis Huynen]

• Merge branch 'main' of github.com:D4-project/analyzer-d4-passivessh
  into main. [Alexandre Dulaunoy]

• Merge branch 'main' of github.com:D4-project/analyzer-d4-passivessh
  into main. [Alexandre Dulaunoy]

• Merge branch 'main' of github.com:D4-project/analyzer-d4-passivessh
  into main. [Alexandre Dulaunoy]

• Merge branch 'main' of https://github.com/D4-project/passive-ssh into
  main. [Terrtia]

• Set theme jekyll-theme-minimal. [Alexandre Dulaunoy]

• Update README.md. [Alexandre Dulaunoy]

• Update README.md. [Alexandre Dulaunoy]

• Merge branch 'main' of
  https://github.com/D4-project/analyzer-d4-passivessh into main.
  [Terrtia]

• Initial commit. [Thirion Aurélien]