The best way to scan for weak ssh passwords on your network
ssh-auditor will automatically:
scan_interval
- default 14 days.It's designed so that you can run ssh-auditor discover
+ ssh-auditor scan
from cron every hour to to perform a constant audit.
$ brew install go # or however you want to install the go compiler
$ go get github.com/ncsa/ssh-auditor
$ go build
$ make static
$ ulimit -n 4096
$ ./ssh-auditor discover -p 22 -p 2222 192.168.1.0/24 10.0.0.1/24
$ ./ssh-auditor addcredential root root
$ ./ssh-auditor addcredential admin admin
$ ./ssh-auditor addcredential guest guest --scan-interval 1 #check this once per day
$ ./ssh-auditor scan
$ ./ssh-auditor vuln
$ ./ssh-auditor rescan
$ ./ssh-auditor dupes
This query that ssh-auditor vuln
runs is
select
hc.hostport, hc.user, hc.password, hc.result, hc.last_tested, h.version
from
host_creds hc, hosts h
where
h.hostport = hc.hostport
and result!='' order by last_tested asc