Class: Dap::Filter::FilterDecodeSSHKeyscan

Inherits:
Object
  • Object
show all
Includes:
BaseDecoder
Defined in:
lib/dap/filter/ssh_keyscan.rb

Instance Attribute Summary

Attributes included from Base

#name, #opts

Instance Method Summary collapse

Methods included from BaseDecoder

#process

Methods included from Base

#initialize, #process

Instance Method Details

#decode(data) ⇒ Object 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'lib/dap/filter/ssh_keyscan.rb', line 9

def decode(data)
  save  = {}

  data.split(/\n/).each do |line|
    case line.strip
    when /^# [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s+(.*)/m
      banner = $1
      save['banner'] = banner
      if banner =~ /^SSH-([\d\.]+)-([^\s]+)\s+(.*)/m
        save['ssh-protocol'] = $1
        save['ssh-version']  = $2
        save['ssh-vendor']   = $3
        save['ssh-recog']    = $2 + " " + $3
      end

    when /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\s+((ssh|ecdsa)[^\s]+)\s+(.*)/m
      ktype = $1
      kdata = $3
      save['hkey-' + ktype] = kdata
      save['hkey-' + ktype + '-fp'] = Digest::MD5.hexdigest(kdata.unpack('m*').first).scan(/../).join(':')
    end
  end

  save
end