From 632adc076a8e18d36b57030209ab56498a997093 Mon Sep 17 00:00:00 2001
From: Joe Testa <jtesta@positronsecurity.com>
Date: Sun, 27 Sep 2020 11:48:15 -0400
Subject: [PATCH] Policy check output now prints port number, if applicable.

---
 ssh-audit.py                                  | 31 +++++++++++++------
 .../openssh_5.6p1_policy_test1.txt            |  2 +-
 .../openssh_5.6p1_policy_test10.txt           |  2 +-
 .../openssh_5.6p1_policy_test2.txt            |  2 +-
 .../openssh_5.6p1_policy_test3.txt            |  2 +-
 .../openssh_5.6p1_policy_test4.txt            |  2 +-
 .../openssh_5.6p1_policy_test5.txt            |  2 +-
 .../openssh_5.6p1_policy_test7.txt            |  2 +-
 .../openssh_5.6p1_policy_test8.txt            |  2 +-
 .../openssh_5.6p1_policy_test9.txt            |  2 +-
 .../openssh_8.0p1_policy_test11.txt           |  2 +-
 .../openssh_8.0p1_policy_test12.txt           |  2 +-
 .../openssh_8.0p1_policy_test13.txt           |  2 +-
 .../openssh_8.0p1_policy_test14.txt           |  2 +-
 .../openssh_8.0p1_policy_test6.txt            |  2 +-
 15 files changed, 36 insertions(+), 23 deletions(-)

diff --git a/ssh-audit.py b/ssh-audit.py
index da93560..51b9569 100755
--- a/ssh-audit.py
+++ b/ssh-audit.py
@@ -44,7 +44,7 @@ import traceback
 from typing import Dict, List, Set, Sequence, Tuple, Iterable
 from typing import Callable, Optional, Union, Any
 
-VERSION = 'v2.2.1-dev'
+VERSION = 'v2.3.0'
 SSH_HEADER = 'SSH-{0}-OpenSSH_8.2'  # SSH software to impersonate
 GITHUB_ISSUES_URL = 'https://github.com/jtesta/ssh-audit/issues'  # The URL to the Github issues tracker.
 
@@ -3292,13 +3292,7 @@ def output(aconf: AuditConf, banner: Optional[SSH.Banner], header: List[str], cl
             if aconf.port != 22:
 
                 # Check if this is an IPv6 address, as that is printed in a different format.
-                is_ipv6 = True
-                try:
-                    ipaddress.IPv6Address(aconf.host)
-                except ipaddress.AddressValueError:
-                    is_ipv6 = False
-
-                if is_ipv6:
+                if Utils.is_ipv6_address(aconf.host):
                     host = '[%s]:%d' % (aconf.host, aconf.port)
                 else:
                     host = '%s:%d' % (aconf.host, aconf.port)
@@ -3383,7 +3377,15 @@ def evaluate_policy(aconf: AuditConf, banner: Optional['SSH.Banner'], client_hos
             print("Client IP: %s" % client_host)
             spacing = "   "  # So the fields below line up with 'Client IP: '.
         else:
-            print("Host:   %s" % aconf.host)
+            host = aconf.host
+            if aconf.port != 22:
+                # Check if this is an IPv6 address, as that is printed in a different format.
+                if Utils.is_ipv6_address(aconf.host):
+                    host = '[%s]:%d' % (aconf.host, aconf.port)
+                else:
+                    host = '%s:%d' % (aconf.host, aconf.port)
+
+            print("Host:   %s" % host)
         print("Policy: %s%s" % (spacing, aconf.policy.get_name_and_version()))
         print("Result: %s" % spacing, end='')
         if passed:
@@ -3590,6 +3592,17 @@ class Utils:
 
         return host, port
 
+    @staticmethod
+    def is_ipv6_address(address: str) -> bool:
+        '''Returns True if address is an IPv6 address, otherwise False.'''
+        is_ipv6 = True
+        try:
+            ipaddress.IPv6Address(address)
+        except ipaddress.AddressValueError:
+            is_ipv6 = False
+
+        return is_ipv6
+
 
 def build_struct(banner: Optional['SSH.Banner'], kex: Optional['SSH2.Kex'] = None, pkm: Optional['SSH1.PublicKeyMessage'] = None, client_host: Optional[str] = None) -> Any:
 
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test1.txt b/test/docker/expected_results/openssh_5.6p1_policy_test1.txt
index f570f84..01146f8 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test1.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test1.txt
@@ -1,3 +1,3 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test1 (version 1)
 Result: [0;32m✔ Passed[0m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test10.txt b/test/docker/expected_results/openssh_5.6p1_policy_test10.txt
index 8f11f44..e7ee571 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test10.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test10.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker poliicy: test10 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test2.txt b/test/docker/expected_results/openssh_5.6p1_policy_test2.txt
index 5941b4d..b4d8cdc 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test2.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test2.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test2 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test3.txt b/test/docker/expected_results/openssh_5.6p1_policy_test3.txt
index 5062d47..a0586cc 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test3.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test3.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test3 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test4.txt b/test/docker/expected_results/openssh_5.6p1_policy_test4.txt
index 670851b..9438e4f 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test4.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test4.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test4 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test5.txt b/test/docker/expected_results/openssh_5.6p1_policy_test5.txt
index 109e7b0..d20e9fb 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test5.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test5.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test5 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test7.txt b/test/docker/expected_results/openssh_5.6p1_policy_test7.txt
index 30baa8d..4014b23 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test7.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test7.txt
@@ -1,3 +1,3 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker poliicy: test7 (version 1)
 Result: [0;32m✔ Passed[0m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test8.txt b/test/docker/expected_results/openssh_5.6p1_policy_test8.txt
index f6b1806..888d404 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test8.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test8.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker poliicy: test8 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_5.6p1_policy_test9.txt b/test/docker/expected_results/openssh_5.6p1_policy_test9.txt
index e740083..2761478 100644
--- a/test/docker/expected_results/openssh_5.6p1_policy_test9.txt
+++ b/test/docker/expected_results/openssh_5.6p1_policy_test9.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker poliicy: test9 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test11.txt b/test/docker/expected_results/openssh_8.0p1_policy_test11.txt
index 99edc15..024bcb9 100644
--- a/test/docker/expected_results/openssh_8.0p1_policy_test11.txt
+++ b/test/docker/expected_results/openssh_8.0p1_policy_test11.txt
@@ -1,3 +1,3 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test11 (version 1)
 Result: [0;32m✔ Passed[0m
diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test12.txt b/test/docker/expected_results/openssh_8.0p1_policy_test12.txt
index 3e6abab..5baa42d 100644
--- a/test/docker/expected_results/openssh_8.0p1_policy_test12.txt
+++ b/test/docker/expected_results/openssh_8.0p1_policy_test12.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test12 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test13.txt b/test/docker/expected_results/openssh_8.0p1_policy_test13.txt
index 7e4cc61..b8b4b25 100644
--- a/test/docker/expected_results/openssh_8.0p1_policy_test13.txt
+++ b/test/docker/expected_results/openssh_8.0p1_policy_test13.txt
@@ -1,3 +1,3 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test13 (version 1)
 Result: [0;32m✔ Passed[0m
diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test14.txt b/test/docker/expected_results/openssh_8.0p1_policy_test14.txt
index e73ef6c..b2ea4ee 100644
--- a/test/docker/expected_results/openssh_8.0p1_policy_test14.txt
+++ b/test/docker/expected_results/openssh_8.0p1_policy_test14.txt
@@ -1,4 +1,4 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test14 (version 1)
 Result: [0;31m❌ Failed![0m
 [0;33m
diff --git a/test/docker/expected_results/openssh_8.0p1_policy_test6.txt b/test/docker/expected_results/openssh_8.0p1_policy_test6.txt
index a32ef6d..b0e9441 100644
--- a/test/docker/expected_results/openssh_8.0p1_policy_test6.txt
+++ b/test/docker/expected_results/openssh_8.0p1_policy_test6.txt
@@ -1,3 +1,3 @@
-Host:   localhost
+Host:   localhost:2222
 Policy: Docker policy: test6 (version 1)
 Result: [0;32m✔ Passed[0m