diff --git a/.travis.yml b/.travis.yml index 8d491af9..86c2e431 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,37 +11,44 @@ matrix: - LABEL=unit_tests after_success: - coveralls - - rvm: 2.5.8 + - rvm: 2.6.7 env: - LABEL=unit_tests - - rvm: 2.6.6 + - rvm: 2.7.3 env: - LABEL=unit_tests - - rvm: 2.7.2 + - rvm: 3.0.1 env: - LABEL=unit_tests - - rvm: 2.5.8 + - rvm: 2.6.7 env: - LABEL=gem_integration_tests script: - gem install ssh_scan - chmod 755 ./spec/ssh_scan/integration.sh - ./spec/ssh_scan/integration.sh - - rvm: 2.6.6 + - rvm: 2.7.3 env: - LABEL=gem_integration_tests script: - gem install ssh_scan - chmod 755 ./spec/ssh_scan/integration.sh - ./spec/ssh_scan/integration.sh - - rvm: 2.7.2 + - rvm: 3.0.1 + env: + - LABEL=gem_integration_tests + script: + - gem install ssh_scan + - chmod 755 ./spec/ssh_scan/integration.sh + - ./spec/ssh_scan/integration.sh + - rvm: 2.7.3 env: - LABEL=src_integration_tests script: - bundle install - chmod 755 ./spec/ssh_scan/integration.sh - ./spec/ssh_scan/integration.sh - - rvm: 2.7.2 + - rvm: 3.0.1 env: - LABEL=docker_integration_tests services: @@ -49,7 +56,7 @@ matrix: script: - docker build -t mozilla/ssh_scan . - docker run -it mozilla/ssh_scan /app/spec/ssh_scan/integration.sh - - rvm: 2.7.2 + - rvm: 3.0.1 env: - LABEL=docker_build_and_push services: diff --git a/Dockerfile b/Dockerfile index bffa7436..35ebf2da 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7.2-alpine3.12 +FROM ruby:3.0.1-alpine3.13 MAINTAINER Jonathan Claudius ENV PROJECT=github.com/mozilla/ssh_scan diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 00000000..845be890 --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,97 @@ +PATH + remote: . + specs: + ssh_scan (0.0.43) + bcrypt_pbkdf (= 1.0.1) + bindata (= 2.4.3) + ed25519 (= 1.2.4) + net-ssh (= 6.0.2) + netaddr (= 2.0.4) + sshkey + +GEM + remote: https://rubygems.org/ + specs: + ast (2.4.2) + bcrypt_pbkdf (1.0.1) + bindata (2.4.3) + coderay (1.1.3) + coveralls (0.8.23) + json (>= 1.8, < 3) + simplecov (~> 0.16.1) + term-ansicolor (~> 1.3) + thor (>= 0.19.4, < 2.0) + tins (~> 1.6) + diff-lcs (1.4.4) + docile (1.4.0) + ed25519 (1.2.4) + json (2.5.1) + method_source (0.9.2) + net-ssh (6.0.2) + netaddr (2.0.4) + parallel (1.20.1) + parser (3.0.1.1) + ast (~> 2.4.1) + pry (0.11.3) + coderay (~> 1.1.0) + method_source (~> 0.9.0) + rainbow (3.0.0) + rake (13.0.3) + regexp_parser (2.1.1) + rexml (3.2.5) + rspec (3.7.0) + rspec-core (~> 3.7.0) + rspec-expectations (~> 3.7.0) + rspec-mocks (~> 3.7.0) + rspec-core (3.7.1) + rspec-support (~> 3.7.0) + rspec-expectations (3.7.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.7.0) + rspec-its (1.2.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.7.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.7.0) + rspec-support (3.7.1) + rubocop (1.15.0) + parallel (~> 1.10) + parser (>= 3.0.0.0) + rainbow (>= 2.2.2, < 4.0) + regexp_parser (>= 1.8, < 3.0) + rexml + rubocop-ast (>= 1.5.0, < 2.0) + ruby-progressbar (~> 1.7) + unicode-display_width (>= 1.4.0, < 3.0) + rubocop-ast (1.5.0) + parser (>= 3.0.1.1) + ruby-progressbar (1.11.0) + simplecov (0.16.1) + docile (~> 1.1) + json (>= 1.8, < 3) + simplecov-html (~> 0.10.0) + simplecov-html (0.10.2) + sshkey (2.0.0) + sync (0.5.0) + term-ansicolor (1.7.1) + tins (~> 1.0) + thor (1.1.0) + tins (1.29.1) + sync + unicode-display_width (2.0.0) + +PLATFORMS + ruby + +DEPENDENCIES + coveralls + pry (= 0.11.3) + rake (>= 12.3.3) + rspec (= 3.7.0) + rspec-its (= 1.2.0) + rubocop + ssh_scan! + +BUNDLED WITH + 2.2.15 diff --git a/bin/ssh_scan b/bin/ssh_scan index 6035635f..319dc321 100755 --- a/bin/ssh_scan +++ b/bin/ssh_scan @@ -4,7 +4,6 @@ $:.unshift File.join(File.dirname(__FILE__), "../lib") require 'json' -require 'netaddr' require 'optparse' require 'ssh_scan' require 'logger' diff --git a/lib/ssh_scan/scan_engine.rb b/lib/ssh_scan/scan_engine.rb index d692aabd..f552407d 100644 --- a/lib/ssh_scan/scan_engine.rb +++ b/lib/ssh_scan/scan_engine.rb @@ -98,7 +98,7 @@ def scan_target(socket, opts) target, :port => port, :timeout => timeout, - :paranoid => false + :verify_host_key => :never ) raise SSHScan::Error::ClosedConnection.new if net_ssh_session.closed? auth_session = Net::SSH::Authentication::Session.new( diff --git a/lib/ssh_scan/target_parser.rb b/lib/ssh_scan/target_parser.rb index cc48e448..40fee9dd 100644 --- a/lib/ssh_scan/target_parser.rb +++ b/lib/ssh_scan/target_parser.rb @@ -8,7 +8,7 @@ class TargetParser # @param ip [String] IP address # @param port [Fixnum] port # @return [Array] array of enumerated addresses - def enumerateIPRange(ip,port) + def enumerateIPRange(ip,port=nil) if ip.fqdn? if port.nil? socket = ip @@ -17,29 +17,22 @@ def enumerateIPRange(ip,port) end return [socket] else - if ip.include? "-" - octets = ip.split('.') - range = octets.pop.split('-') - lower = NetAddr::CIDR.create(octets.join('.') + "." + range[0]) - upper = NetAddr::CIDR.create(octets.join('.') + "." + range[1]) - ip_array = NetAddr.range(lower, upper,:Inclusive => true) - if !port.nil? - ip_array.map! { |i| i.concat(":").concat(port.to_s) } - end - return ip_array - elsif ip.include? "/" + if ip.include? "/" begin - cidr = NetAddr::CIDR.create(ip) + ip_net = NetAddr::IPv4Net.parse(ip) rescue raise ArgumentError, "Invalid target: #{ip}" end - ip_array = cidr.enumerate - ip_array.delete(cidr.network) - ip_array.delete(cidr.last) + + sock_array = [] + 1.upto(ip_net.len - 2) do |i| + sock_array << ip_net.nth(i).to_s + end + if !port.nil? - ip_array.map! { |i| i.concat(":").concat(port.to_s) } + sock_array.map! { |i| i.concat(":").concat(port.to_s) } end - return ip_array + return sock_array else if port.nil? socket = ip diff --git a/lib/string_ext.rb b/lib/string_ext.rb index d90545b5..37d8e81d 100644 --- a/lib/string_ext.rb +++ b/lib/string_ext.rb @@ -55,7 +55,11 @@ def resolve_fqdn_as_ipv4(timeout = 3) end def resolve_fqdn - TCPSocket.gethostbyname(self)[3] + begin + IPSocket.getaddress(self) + rescue SocketError + nil # Can return anything you want here + end end def resolve_ptr(timeout = 3) diff --git a/spec/ssh_scan/target_parser_spec.rb b/spec/ssh_scan/target_parser_spec.rb index 8ec06d86..e47729b3 100644 --- a/spec/ssh_scan/target_parser_spec.rb +++ b/spec/ssh_scan/target_parser_spec.rb @@ -39,24 +39,6 @@ end end - context "IPv4 Range seperated by '-' without port" do - it "should return an array containing all the IPv4 in that range" do - target_parser = SSHScan::TargetParser.new() - expect(target_parser.enumerateIPRange("192.168.1.1-2", nil)).to eq( - ["192.168.1.1", "192.168.1.2"] - ) - end - end - - context "IPv4 Range seperated by '-' with port" do - it "should return an array containing all the IPv4 in that range" do - target_parser = SSHScan::TargetParser.new() - expect(target_parser.enumerateIPRange("192.168.1.1-2", 33)).to eq( - ["192.168.1.1:33", "192.168.1.2:33"] - ) - end - end - context "IPv4 with subnet mask specified without port" do it "should return an array containing all the IPv4 in that range" do target_parser = SSHScan::TargetParser.new() diff --git a/ssh_scan.gemspec b/ssh_scan.gemspec index c61f6478..5e1febc3 100644 --- a/ssh_scan.gemspec +++ b/ssh_scan.gemspec @@ -31,14 +31,14 @@ Gem::Specification.new do |s| s.metadata["yard.run"] = "yri" # use "yard" to build full HTML docs s.add_dependency('bindata', '2.4.3') - s.add_dependency('netaddr', '1.5.1') - s.add_dependency('net-ssh', '5.2.0') + s.add_dependency('netaddr', '2.0.4') + s.add_dependency('net-ssh', '6.0.2') s.add_dependency('ed25519', '1.2.4') s.add_dependency('bcrypt_pbkdf', '1.0.1') s.add_dependency('sshkey') s.add_development_dependency('pry', '0.11.3') s.add_development_dependency('rspec', '3.7.0') s.add_development_dependency('rspec-its', '1.2.0') - s.add_development_dependency('rake', '12.3.1') + s.add_development_dependency "rake", ">= 12.3.3" s.add_development_dependency('rubocop') end