awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·
jtesta avatar

jtesta/ssh-audit

0
View on GitHub↗
4,218 estrellas·217 forks·Python·MIT·3 vistas

Ssh Audit

Este proyecto es una herramienta de auditoría de seguridad SSH diseñada para analizar configuraciones de servidores y clientes. Funciona como un analizador criptográfico que evalúa algoritmos de intercambio de claves, MAC y cifrado para identificar primitivas débiles o heredadas y asegurar el cumplimiento de la seguridad.

La herramienta se distingue por proporcionar una guía de endurecimiento (hardening) con instrucciones de configuración específicas de la plataforma y recomendaciones de algoritmos para remediar las vulnerabilidades detectadas. También incluye un probador de denegación de servicio que mide la resiliencia del servidor contra el agotamiento de CPU y ataques de conexión de socket concurrentes.

Las capacidades amplias cubren la auditoría de seguridad y las pruebas de vulnerabilidad, incluyendo la validación de políticas de seguridad y la identificación de versiones de software. El proyecto también realiza validación criptográfica mediante pruebas de tamaño de módulo Diffie-Hellman y evalúa el comportamiento del software cliente mediante análisis basado en listeners.

Features

  • Cryptographic Configuration Analyzers - Analyzes key exchange, MAC, and encryption algorithms used by SSH implementations for security compliance.
  • SSH Server Auditing - Identifies weak encryption algorithms and configuration vulnerabilities in servers to ensure secure communication standards.
  • Vulnerability Mapping - Links detected encryption and key-exchange algorithms to high-level security standards and hardening guides.
  • Cryptographic Primitive Validation - Checks key exchange, encryption, and MAC algorithms against security standards to ensure only safe primitives are used.
  • Security and Compliance - Verifies that SSH configurations adhere to predefined hardening standards and organizational security requirements.
  • Configuration Policy Validation - Scans configurations against predefined hardening standards or custom policies to ensure adherence to security requirements.
  • Cryptographic Algorithm Auditing - Evaluates key-exchange, host-key, encryption, and MAC algorithms to determine if they are unsafe or legacy.
  • Security Auditing Tools - Analyzes SSH server and client configurations to identify weak encryption algorithms and security vulnerabilities.
  • SSH Security Configurations - Analyzes server and client settings to identify weak encryption algorithms and general configuration vulnerabilities.
  • SSH Server Security Scanning - Scans SSH servers to identify weak encryption algorithms and outdated configurations to improve security.
  • SSH Client Security Auditing - Evaluates SSH client configurations and software to detect deprecated cryptographic primitives and insecure settings.
  • SSH Handshake Probing - Sends specific SSH handshakes to servers to identify supported cryptographic algorithms.
  • Client Configuration Auditing - Analyzes SSH client configurations to detect insecure settings and deprecated cryptographic primitives.
  • SSH Version Fingerprinting - Identifies the specific SSH software version by matching supported algorithms and banner strings against a known database.
  • SSH Banner Identification - Extracts banner information to determine the device, operating system, and specific software version being used.
  • Hardening Guides - Provides platform-specific configuration instructions and algorithm recommendations to remediate insecure SSH settings.
  • Client Behavior Analysis - Operates a listener to evaluate the configuration and behavior of software attempting to establish a connection.
  • Algorithm Hardening Recommendations - Suggests specific encryption and key-exchange algorithms to add or remove based on the detected software version.
  • Configuration Hardening - Provides detailed remediation steps and modified algorithm lists to secure SSH installations.
  • Payload-Based Exhaustion Techniques - Simulates high-frequency requests to detect susceptibility to CPU exhaustion and other denial-of-service vectors.
  • Diffie-Hellman Modulus Validation - Verifies if the server correctly validates and rejects insecure Diffie-Hellman modulus lengths.
  • SSH Client Analysis Listeners - Operates a mock SSH server to intercept and analyze the configuration of connecting client software.
  • Denial of Service Tools - Measures server resilience against concurrent sockets and CPU exhaustion to identify availability vulnerabilities.
  • Connection-Based DoS Testing - Measures how a server handles concurrent sockets to determine susceptibility to denial-of-service vulnerabilities.
  • Software Fingerprinting - Determines software compatibility by evaluating supported algorithms and unique fingerprints to identify potential vulnerabilities.
  • CPU Exhaustion Testing - Simulates CPU exhaustion attacks to determine if a target is vulnerable to specific denial-of-service vectors.
  • Network Perimeter Defense - Audits SSH server configurations to provide security posture recommendations.
  • SSH Security Tools - Tool for auditing SSH server and client configurations.

Historial de estrellas

Gráfico del historial de estrellas de jtesta/ssh-auditGráfico del historial de estrellas de jtesta/ssh-audit

Búsqueda con IA

Explora más repositorios increíbles

Describe lo que necesitas en lenguaje sencillo: la IA clasifica miles de proyectos open-source curados por relevancia.

Start searching with AI

Alternativas open-source a Ssh Audit

Proyectos open-source similares, clasificados según cuántas características comparten con Ssh Audit.
  • cisofy/lynisAvatar de CISOfy

    CISOfy/lynis

    15,284Ver en GitHub↗

    Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses. The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom

    Shellauditingcompliancedevops
    Ver en GitHub↗15,284
  • owasp/owasp-mstgAvatar de OWASP

    OWASP/owasp-mstg

    12,973Ver en GitHub↗

    The Mobile Application Security Testing Guide is a comprehensive manual and compliance framework for verifying the security of mobile applications. It provides a standardized reference for identifying and validating common software security weaknesses and performing reverse engineering based on industry standards. The project provides a structured set of technical processes and checklists used to audit applications against established security weakness enumerations. It encompasses guidance for analyzing application binaries and runtime behavior to identify hidden functionality and security ga

    Python
    Ver en GitHub↗12,973
  • forter/security-101-for-saas-startupsAvatar de forter

    forter/security-101-for-saas-startups

    4,643Ver en GitHub↗

    This project is a comprehensive set of guides and frameworks designed to secure software-as-a-service infrastructure and company operations. It provides a collection of technical checklists, architectural patterns, and best practices for hardening cloud applications against cyber attacks. The project differentiates itself by providing specialized manuals for risk management and compliance readiness. It offers structured approaches to threat modeling, incident response planning, and the preparation of audit evidence required to meet industry security certifications and enterprise customer requ

    chinesesecuritysecurity-considerations
    Ver en GitHub↗4,643
  • andresriancho/w3afAvatar de andresriancho

    andresriancho/w3af

    4,850Ver en GitHub↗

    w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities in web applications. It functions as a vulnerability scanner that crawls targets to find injection points and a fuzzer used to discover hidden endpoints and test input validation. The project distinguishes itself by providing an intercepting HTTP proxy for capturing and modifying traffic, combined with a knowledge-base driven exploitation system. It enables the execution of security exploits to gain remote shell access and supports post-exploitation activities, such as routing

    Pythonappseccross-site-scriptingscanner
    Ver en GitHub↗4,850
Ver las 30 alternativas a Ssh Audit→

Preguntas frecuentes

¿Qué hace jtesta/ssh-audit?

Este proyecto es una herramienta de auditoría de seguridad SSH diseñada para analizar configuraciones de servidores y clientes. Funciona como un analizador criptográfico que evalúa algoritmos de intercambio de claves, MAC y cifrado para identificar primitivas débiles o heredadas y asegurar el cumplimiento de la seguridad.

¿Cuáles son las características principales de jtesta/ssh-audit?

Las características principales de jtesta/ssh-audit son: Cryptographic Configuration Analyzers, SSH Server Auditing, Vulnerability Mapping, Cryptographic Primitive Validation, Security and Compliance, Configuration Policy Validation, Cryptographic Algorithm Auditing, Security Auditing Tools.

¿Qué alternativas de código abierto existen para jtesta/ssh-audit?

Las alternativas de código abierto para jtesta/ssh-audit incluyen: cisofy/lynis — Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It… owasp/owasp-mstg — The Mobile Application Security Testing Guide is a comprehensive manual and compliance framework for verifying the… forter/security-101-for-saas-startups — This project is a comprehensive set of guides and frameworks designed to secure software-as-a-service infrastructure… andresriancho/w3af — w3af is a web penetration testing suite and security audit framework designed to identify and exploit vulnerabilities… carlospolop/peass-ng — PEASS-ng is a Linux privilege escalation scanner and post-exploitation enumeration tool. It identifies security… dev-sec/ansible-collection-hardening — This is an Ansible collection that automates security hardening for Linux operating systems, databases, web servers,…