pub/compliance-scan
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add SSH scan support with BSI TR-02102-4 compliance

Browse Source 
- SSH scanning via ssh-audit (KEX, encryption, MAC, host keys)
- BSI TR-02102-4 and IANA compliance validation for SSH
- CSV/Markdown/reST reports for SSH results
- Unified compliance schema and database views
- Code optimization: modular query/writer architecture
This commit is contained in:
Heiko
2026-01-23 11:05:01 +01:00
parent 2b27138b2a
commit f60de7c2da
68 changed files with 7189 additions and 2835 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
tests/fixtures/iana_xml/ikev2-parameters-minimal.xml vendored
View File

@@ -1,4 +1,4 @@
<?xml version='1.0' encoding='UTF-8'?>
<?xml version='1.0' encoding='UTF-8' ?>
<registry xmlns="http://www.iana.org/assignments" id="ikev2-parameters">
<title>Internet Key Exchange Version 2 (IKEv2) Parameters</title>
<created>2005-01-18</created>
@@ -11,21 +11,65 @@
<description>ENCR_AES_CBC</description>
<esp>Y</esp>
<ikev2>Y</ikev2>
<xref type="rfc" data="rfc3602"/>
<xref type="rfc" data="rfc3602" />
</record>
<record>
<value>20</value>
<description>ENCR_AES_GCM_16</description>
<esp>Y</esp>
<ikev2>Y</ikev2>
<xref type="rfc" data="rfc4106"/>
<xref type="rfc" data="rfc4106" />
</record>
<record>
<value>28</value>
<description>ENCR_CHACHA20_POLY1305</description>
<esp>Y</esp>
<ikev2>Y</ikev2>
<xref type="rfc" data="rfc7634"/>
<xref type="rfc" data="rfc7634" />
</record>
</registry>
<registry id="ikev2-parameters-6">
<title>Transform Type 2 - Pseudorandom Function Transform IDs</title>
<record>
<value>2</value>
<description>PRF_HMAC_SHA1</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc2104" />
</record>
<record>
<value>5</value>
<description>PRF_HMAC_SHA2_256</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc4868" />
</record>
<record>
<value>6</value>
<description>PRF_HMAC_SHA2_384</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc4868" />
</record>
</registry>
<registry id="ikev2-parameters-7">
<title>Transform Type 3 - Integrity Algorithm Transform IDs</title>
<record>
<value>2</value>
<description>AUTH_HMAC_SHA1_96</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc2104" />
</record>
<record>
<value>12</value>
<description>AUTH_HMAC_SHA2_256_128</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc4868" />
</record>
<record>
<value>13</value>
<description>AUTH_HMAC_SHA2_384_192</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc4868" />
</record>
</registry>
@@ -35,19 +79,19 @@
<value>14</value>
<description>2048-bit MODP Group</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc3526"/>
<xref type="rfc" data="rfc3526" />
</record>
<record>
<value>19</value>
<description>256-bit random ECP group</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc5903"/>
<xref type="rfc" data="rfc5903" />
</record>
<record>
<value>31</value>
<description>Curve25519</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc8031"/>
<xref type="rfc" data="rfc8031" />
</record>
</registry>
@@ -57,13 +101,13 @@
<value>1</value>
<description>RSA Digital Signature</description>
<status>DEPRECATED</status>
<xref type="rfc" data="rfc7427"/>
<xref type="rfc" data="rfc7427" />
</record>
<record>
<value>14</value>
<description>Digital Signature</description>
<status>RECOMMENDED</status>
<xref type="rfc" data="rfc7427"/>
<xref type="rfc" data="rfc7427" />
</record>
</registry>
</registry>