Last active
October 25, 2017 03:19
-
-
Save claudijd/57f972148643292776e91f6b357b7453 to your computer and use it in GitHub Desktop.
A quick bit of code to enumerate duplicate hostkey usage within the SSH Observatory for offline reporting of dups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| require 'mongo' | |
| require 'set' | |
| Mongo::Logger.logger.level = ::Logger::FATAL | |
| client = Mongo::Client.new([ '127.0.0.1:27018' ], :database => 'ssh_scan') | |
| collection = client['ssh_scan'] | |
| collection.distinct("scan.fingerprints.rsa.sha256").each do |sha256_fingerprint| | |
| targets = Set.new | |
| collection.find("scan.fingerprints.rsa.sha256": sha256_fingerprint).each do |item| | |
| targets << {:ip => item["scan"]["ip"], :hostname => item["scan"]["hostname"]} | |
| end | |
| if targets.count > 1 | |
| if targets.map {|item| item[:ip]}.uniq.size > 1 | |
| puts "These hosts share this hostkey: #{sha256_fingerprint}" | |
| targets.each do |target| | |
| puts "\t" + target[:ip] + "(" + target[:hostname] + ")" | |
| end | |
| end | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment