./security/terrapin-scanner, Scan SSH servers and clients for Terrapin vulnerability

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.0.3nb8, Package name: terrapin-scanner-1.0.3nb8, Maintainer: pkgsrc-users

The Terrapin Vulnerability Scanner is a small utility program written in
Go, which can be used to determine the vulnerability of an SSH client or
server against the Terrapin Attack. The vulnerability scanner requires a
single connection with the peer to gather all supported algorithms.
However, it does not perform a fully fledged SSH key exchange, will
never attempt authentication on a server, and does not perform the
attack in practice. Instead, vulnerability is determined by checking the
supported algorithms and support for known countermeasures (strict key
exchange). This may falsely claim vulnerability in case the peer
supports countermeasures unknown to this tool.


Master sites:

Filesize: 9.248 KB

Version history: (Expand)


CVS history: (Expand)


   2024-04-05 21:14:14 by Benny Siegert | Files touched by this commit (161) | Package updated
Log message:
Revbump all Go packages after go121 update
   2024-02-07 15:51:04 by Benny Siegert | Files touched by this commit (156) | Package updated
Log message:
Revbump all Go packages after go121 update
   2024-01-10 20:14:43 by Benny Siegert | Files touched by this commit (152) | Package updated
Log message:
Revbump all Go packages after go121 update
   2023-12-20 19:47:06 by David Brownlee | Files touched by this commit (1)
Log message:
Fix build on case sensitive filesystems

No PKGREVISION bump as no change in any built packages
   2023-12-20 17:43:04 by Amitai Schleier | Files touched by this commit (4)
Log message:
Add terrapin-scanner: Scan SSH servers and clients for Terrapin vulnerability

The Terrapin Vulnerability Scanner is a small utility program written in
Go, which can be used to determine the vulnerability of an SSH client or
server against the Terrapin Attack. The vulnerability scanner requires a
single connection with the peer to gather all supported algorithms.
However, it does not perform a fully fledged SSH key exchange, will
never attempt authentication on a server, and does not perform the
attack in practice. Instead, vulnerability is determined by checking the
supported algorithms and support for known countermeasures (strict key
exchange). This may falsely claim vulnerability in case the peer
supports countermeasures unknown to this tool.