hassh

Crates.iohassh
lib.rshassh
version0.1.0
sourcesrc
created_at2021-01-05 06:55:09.580258
updated_at2021-01-05 06:55:09.580258
descriptionA SSH fingerprinting library written in Rust
homepage
repositoryhttps://github.com/flier/hassh-rs
max_upload_size
id331948
size67,264
Flier Lu (flier)

documentation

https://docs.rs/hassh

README

hassh - A SSH fingerprinting library written in Rust

License: BSD 3-Clause License crates.io Build Status Documentation

This crate enables a consumer to fingerprint the Key Exchange portion of a SSH handshake. It can hash SSH handshakes over IPv4 and IPv6. It heavily depends on the ssh-parser project from Rusticata.

"HASSH" is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.

See the original HASSH project for more information.

Example

Example of fingerprinting a packet capture file:

use hassh::pcap;

for hassh in pcap::open("test.pcap")? {
    println!("{:x}", hassh.client_hash());
}

Example of fingerprinting a live capture:

use hassh::live;

for hassh in live::capture("en0")? {
    println!("{:x}", hassh.server_hash());
}

See the hassh example for more information.

$ cargo run --example hassh -- -i en0

[+] Client SSH_MSG_KEXINIT detected
    [ 192.168.1.8:57278 -> 192.168.1.31:22 ]
        [-] Identification String: SSH-2.0-OpenSSH_8.1
        [-] hassh: ec7378c1a92f5a8dde7e8b7a1ddf33d1
        [-] hassh Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib

[+] Server SSH_MSG_KEXINIT detected
    [ 192.168.1.31:22 -> 192.168.1.8:57278 ]
        [-] Identification String: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
        [-] hasshServer: 3ccd1778a76049721c71ad7d2bf62bbc
        [-] hasshServer Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com

C API binding

This crate C API binding, you could to specify the capi feature at compile time to generate the header file.

cargo build --features capi

Reference

Credits:

hassh and hasshServer were conceived and developed by Ben Reardon (@benreardon) within the Detection Cloud Team at Salesforce, with inspiration and contributions from Adel Karimi (@0x4d31) and the JA3 crew crew:John B. Althouse , Jeff Atkinson and Josh Atkins

Commit count: 10

cargo fmt