bin/ssh_scan in ssh_scan-0.0.6 vs bin/ssh_scan in ssh_scan-0.0.7
- old
+ new
@@ -8,18 +8,19 @@
#Default options
options = {
:target => nil,
:port => 22,
- :policy => File.expand_path("../../policies/mozilla_modern.yml", __FILE__)
+ :policy => File.expand_path("../../policies/mozilla_modern.yml", __FILE__),
+ :unit_test => false
}
opt_parser = OptionParser.new do |opts|
opts.banner = "ssh_scan v#{SSHScan::VERSION} (https://github.com/claudijd/ssh_scan)\n\n" +
"Usage: ssh_scan [options]"
- opts.on("-t", "--target [IP]",
- "IP") do |ip|
+ opts.on("-t", "--target [IP/Hostname]",
+ "IP/Hostname") do |ip|
options[:target] = ip
end
opts.on("-p", "--port [PORT]",
"Port (Default: 22)") do |port|
@@ -29,16 +30,30 @@
opts.on("-P", "--policy [FILE]",
"Policy file (Default: Mozilla Modern)") do |policy|
options[:policy] = policy
end
+ opts.on("-u", "--unit-test [FILE]",
+ "Throw appropriate exit codes based on compliance status") do
+ options[:unit_test] = true
+ end
+
+ opts.on("-v", "--version",
+ "Display just version info") do
+ puts SSHScan::VERSION
+ exit
+ end
+
opts.on_tail("-h", "--help", "Show this message") do
puts opts
puts "\nExamples:"
puts "\n ssh_scan -t 192.168.1.1"
+ puts " ssh_scan -t server.example.com"
puts " ssh_scan -t 192.168.1.1 -p 22222"
puts " ssh_scan -t 192.168.1.1 -P custom_policy.yml"
+ puts " ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml"
+ puts ""
exit
end
end
opt_parser.parse!
@@ -47,10 +62,16 @@
puts opt_parser.help
puts "\nReason: no target specified"
exit
end
+unless options[:target].ip_addr? || options[:target].fqdn?
+ puts opt_parser.help
+ puts "\nReason: #{options[:target]} is not a valid target"
+ exit
+end
+
unless (0..65535).include?(options[:port])
puts opt_parser.help
puts "\nReason: port supplied is not within acceptable range"
exit
end
@@ -59,12 +80,18 @@
puts opt_parser.help
puts "\nReason: policy file supplied is not a file"
exit
end
-policy = SSHScan::Policy.from_file(options[:policy])
+options[:policy_file] = SSHScan::Policy.from_file(options[:policy])
# Perform scan and get results
scan_engine = SSHScan::ScanEngine.new()
-result = scan_engine.scan(options[:target], options[:port], policy)
+result = scan_engine.scan(options)
puts JSON.pretty_generate(result)
+
+if result["compliance"] && result["compliance"][:compliant] == false
+ exit 1 #non-zero means a false
+else
+ exit 0 #non-zero means pass
+end