This repository was archived by the owner on Jan 24, 2022. It is now read-only.

Move away from using ssh-keyscan directly #344

Closed

claudijd opened this issue Mar 21, 2017 · 1 comment

Contributor

claudijd commented Mar 21, 2017 •

edited

Loading

https://github.com/mozilla/ssh_scan/blob/master/lib/ssh_scan/scan_engine.rb#L83

This produces potential command injection issues if targets are not properly validated before making it to the above line.

claudijd mentioned this issue

Add support to scan .onion addresses #406

Closed

Contributor Author

claudijd commented Aug 31, 2017

https://github.com/mozilla/ssh_scan/blob/master/lib/ssh_scan/scan_engine.rb#L123

This was referenced Sep 6, 2017

Move to open3 for ssh-keyscan #417

Merged

Verify certain chars are invalid mozilla/ssh_scan_api#109

Merged

claudijd closed this as completed in #417

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.