feature-request : support options in any order

[noraj]

warning : read the update section

related to #37

ssh-audit display the wrong banner instead of displaying the real one or saying he doesn't know this one:

ssh-audit x.x.x.x -p 2222                                                                                                            
# general                                                                                                                                              
(gen) banner: SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6                                                                                                  
(gen) software: OpenSSH 7.2p2                                                                                                                          
(gen) compatibility: OpenSSH 7.2+, Dropbear SSH 2013.62+                                                                                               
(gen) compression: enabled ([email protected])

But when doing ssh -v or sftp -v (because it is a sftp server) I can see: debug1: Remote protocol version 2.0, remote software version mod_sftp/0.9.9.

To be sure I used nmap:

nmap -Pn -p 2222 x.x.x.x -sVC                                                                         
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-28 11:06 CET
Nmap scan report for x.com (x.x.x.x)                                                                  
Host is up (0.023s latency).

PORT     STATE SERVICE VERSION
2222/tcp open  ssh     ProFTPD mod_sftp 0.9.9 (protocol 2.0)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .                                                        
Nmap done: 1 IP address (1 host up) scanned in 62.67 seconds

So:

1. You need to display the real banner, the one grabbed not making an internal match or something and displying a wrong banner when the ssh provider is not known from ssh-audit because it can lead to severe mistakes.
2. As Add ProFTPd to known SSH softwares #37 said, adding mod_sftp support (module sftp support in ProFTPD).

Update Also a real SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.6 is running on port 22 so I suspect that ssh-audit is ignoring the option for port 2222.

ssh-audit/ssh-audit.py

Lines 155 to 185 in 22b671e

	elif o in ('-p', '--port'):
	oport = a
	elif o in ('-b', '--batch'):
	aconf.batch = True
	aconf.verbose = True
	elif o in ('-n', '--no-colors'):
	aconf.colors = False
	elif o in ('-v', '--verbose'):
	aconf.verbose = True
	elif o in ('-l', '--level'):
	if a not in ('info', 'warn', 'fail'):
	usage_cb('level {0} is not valid'.format(a))
	aconf.minlevel = a
	if len(args) == 0:
	usage_cb()
	if oport is not None:
	host = args[0]
	port = utils.parse_int(oport)
	else:
	s = args[0].split(':')
	host = s[0].strip()
	if len(s) == 2:
	oport, port = s[1], utils.parse_int(s[1])
	else:
	oport, port = '22', 22
	if not host:
	usage_cb('host is empty')
	if port <= 0 or port > 65535:
	usage_cb('port {0} is not valid'.format(oport))
	aconf.host = host
	aconf.port = port

==> this is it, if I put ssh-audit -p 2222 x.x.x.x instead of ssh-audit x.x.x.x -p 2222 i have the good banner:

(gen) banner: SSH-2.0-mod_sftp/0.9.9                                                                                                                   
(gen) compatibility: OpenSSH 5.9-6.6, Dropbear SSH 2013.62+ (some functionality from 0.52)                                                             
(gen) compression: enabled ([email protected], zlib)

So I suggest to support options in any order even after the host like nmap and many other tools are doing.