Crates.io | hassh |
lib.rs | hassh |
version | 0.1.0 |
source | src |
created_at | 2021-01-05 06:55:09.580258 |
updated_at | 2021-01-05 06:55:09.580258 |
description | A SSH fingerprinting library written in Rust |
homepage | |
repository | https://github.com/flier/hassh-rs |
max_upload_size | |
id | 331948 |
size | 67,264 |
This crate enables a consumer to fingerprint the Key Exchange portion of a SSH handshake. It can hash SSH handshakes over IPv4 and IPv6. It heavily depends on the ssh-parser project from Rusticata.
"HASSH" is a network fingerprinting standard which can be used to identify specific Client and Server SSH implementations. The fingerprints can be easily stored, searched and shared in the form of an MD5 fingerprint.
See the original HASSH project for more information.
Example of fingerprinting a packet capture file:
use hassh::pcap;
for hassh in pcap::open("test.pcap")? {
println!("{:x}", hassh.client_hash());
}
Example of fingerprinting a live capture:
use hassh::live;
for hassh in live::capture("en0")? {
println!("{:x}", hassh.server_hash());
}
See the hassh example for more information.
$ cargo run --example hassh -- -i en0
[+] Client SSH_MSG_KEXINIT detected
[ 192.168.1.8:57278 -> 192.168.1.31:22 ]
[-] Identification String: SSH-2.0-OpenSSH_8.1
[-] hassh: ec7378c1a92f5a8dde7e8b7a1ddf33d1
[-] hassh Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib
[+] Server SSH_MSG_KEXINIT detected
[ 192.168.1.31:22 -> 192.168.1.8:57278 ]
[-] Identification String: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.1
[-] hasshServer: 3ccd1778a76049721c71ad7d2bf62bbc
[-] hasshServer Algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com
This crate C API binding, you could to specify the capi
feature at compile time to generate the header file.
cargo build --features capi
hassh and hasshServer were conceived and developed by Ben Reardon (@benreardon) within the Detection Cloud Team at Salesforce, with inspiration and contributions from Adel Karimi (@0x4d31) and the JA3 crew crew:John B. Althouse , Jeff Atkinson and Josh Atkins