SSH Server Audit

This tool performs a passive client-side audit of a remote SSH service.

It checks:

• SSH banner and obvious metadata leaks
• SSH port discovery across common alternate ports when --port is omitted
• Advertised authentication methods from an unauthenticated client
• Offered key exchange, host key, cipher, and MAC algorithms
• Collected host keys and basic size checks
• Passive CVE matching from the exposed OpenSSH version and distro revision
• Structured operation logging in text and JSON

It does not perform intrusive checks such as brute-force authentication, username enumeration, timing attacks, or active exploit probes.

Usage

python3 ssh-server-audit/audit_ssh_server.py 192.0.2.10
python3 ssh-server-audit/audit_ssh_server.py 192.0.2.10 --port 2222 --log-file out.txt --json-log out.json

Notes

• password_auth_offered means the server advertises the password method. The tool does not attempt valid logins.
• publickey_auth_offered means the server advertises the publickey method. The tool does not attempt authentication with a private key.
• Host keys are collected with ssh-keyscan.
• Authentication method discovery uses the local OpenSSH client in a non-authenticating mode.
• CVE results are passive inferences from banner/version data. Vendor backports can make upstream-only version checks misleading, so the tool marks confidence explicitly.