ssh-audit.py

#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
   The MIT License (MIT)
   
   Copyright (C) 2016 Andris Raugulis (moo@arthepsy.eu)
   
   Permission is hereby granted, free of charge, to any person obtaining a copy
   of this software and associated documentation files (the "Software"), to deal
   in the Software without restriction, including without limitation the rights
   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
   copies of the Software, and to permit persons to whom the Software is
   furnished to do so, subject to the following conditions:
   
   The above copyright notice and this permission notice shall be included in
   all copies or substantial portions of the Software.
   
   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
   THE SOFTWARE.
"""
from __future__ import print_function
import os, io, sys, socket, struct, random, errno, getopt, re, hashlib, base64

VERSION = 'v1.7.0'

if sys.version_info >= (3,):  # pragma: nocover
	StringIO, BytesIO = io.StringIO, io.BytesIO
	text_type = str
	binary_type = bytes
else:  # pragma: nocover
	import StringIO as _StringIO  # pylint: disable=import-error
	StringIO = BytesIO = _StringIO.StringIO
	text_type = unicode  # pylint: disable=undefined-variable
	binary_type = str
try:  # pragma: nocover
	# pylint: disable=unused-import
	from typing import List, Set, Sequence, Tuple, Iterable
	from typing import Callable, Optional, Union, Any
except ImportError:  # pragma: nocover
	pass
try:  # pragma: nocover
	from colorama import init as colorama_init
	colorama_init()  # pragma: nocover
except ImportError:  # pragma: nocover
	pass


def usage(err=None):
	# type: (Optional[str]) -> None
	uout = Output()
	p = os.path.basename(sys.argv[0])
	uout.head('# {0} {1}, moo@arthepsy.eu\n'.format(p, VERSION))
	if err is not None:
		uout.fail('\n' + err)
	uout.info('usage: {0} [-1246pbnvl] <host>\n'.format(p))
	uout.info('   -h,  --help             print this help')
	uout.info('   -1,  --ssh1             force ssh version 1 only')
	uout.info('   -2,  --ssh2             force ssh version 2 only')
	uout.info('   -4,  --ipv4             enable IPv4 (order of precedence)')
	uout.info('   -6,  --ipv6             enable IPv6 (order of precedence)')
	uout.info('   -p,  --port=<port>      port to connect')
	uout.info('   -b,  --batch            batch output')
	uout.info('   -n,  --no-colors        disable colors')
	uout.info('   -v,  --verbose          verbose output')
	uout.info('   -l,  --level=<level>    minimum output level (info|warn|fail)')
	uout.sep()
	sys.exit(1)


class AuditConf(object):
	# pylint: disable=too-many-instance-attributes
	def __init__(self, host=None, port=22):
		# type: (Optional[str], int) -> None
		self.host = host
		self.port = port
		self.ssh1 = True
		self.ssh2 = True
		self.batch = False
		self.colors = True
		self.verbose = False
		self.minlevel = 'info'
		self.ipvo = ()  # type: Sequence[int]
		self.ipv4 = False
		self.ipv6 = False
	
	def __setattr__(self, name, value):
		# type: (str, Union[str, int, bool, Sequence[int]]) -> None
		valid = False
		if name in ['ssh1', 'ssh2', 'batch', 'colors', 'verbose']:
			valid, value = True, True if value else False
		elif name in ['ipv4', 'ipv6']:
			valid = False
			value = True if value else False
			ipv = 4 if name == 'ipv4' else 6
			if value:
				value = tuple(list(self.ipvo) + [ipv])
			else:
				if len(self.ipvo) == 0:
					value = (6,) if ipv == 4 else (4,)
				else:
					value = tuple(filter(lambda x: x != ipv, self.ipvo))
			self.__setattr__('ipvo', value)
		elif name == 'ipvo':
			if isinstance(value, (tuple, list)):
				uniq_value = utils.unique_seq(value)
				value = tuple(filter(lambda x: x in (4, 6), uniq_value))
				valid = True
				ipv_both = len(value) == 0
				object.__setattr__(self, 'ipv4', ipv_both or 4 in value)
				object.__setattr__(self, 'ipv6', ipv_both or 6 in value)
		elif name == 'port':
			valid, port = True, utils.parse_int(value)
			if port < 1 or port > 65535:
				raise ValueError('invalid port: {0}'.format(value))
			value = port
		elif name in ['minlevel']:
			if value not in ('info', 'warn', 'fail'):
				raise ValueError('invalid level: {0}'.format(value))
			valid = True
		elif name == 'host':
			valid = True
		if valid:
			object.__setattr__(self, name, value)
	
	@classmethod
	def from_cmdline(cls, args, usage_cb):
		# type: (List[str], Callable[..., None]) -> AuditConf
		# pylint: disable=too-many-branches
		aconf = cls()
		try:
			sopts = 'h1246p:bnvl:'
			lopts = ['help', 'ssh1', 'ssh2', 'ipv4', 'ipv6', 'port',
			         'batch', 'no-colors', 'verbose', 'level=']
			opts, args = getopt.getopt(args, sopts, lopts)
		except getopt.GetoptError as err:
			usage_cb(str(err))
		aconf.ssh1, aconf.ssh2 = False, False
		oport = None
		for o, a in opts:
			if o in ('-h', '--help'):
				usage_cb()
			elif o in ('-1', '--ssh1'):
				aconf.ssh1 = True
			elif o in ('-2', '--ssh2'):
				aconf.ssh2 = True
			elif o in ('-4', '--ipv4'):
				aconf.ipv4 = True
			elif o in ('-6', '--ipv6'):
				aconf.ipv6 = True
			elif o in ('-p', '--port'):
				oport = a
			elif o in ('-b', '--batch'):
				aconf.batch = True
				aconf.verbose = True
			elif o in ('-n', '--no-colors'):
				aconf.colors = False
			elif o in ('-v', '--verbose'):
				aconf.verbose = True
			elif o in ('-l', '--level'):
				if a not in ('info', 'warn', 'fail'):
					usage_cb('level {0} is not valid'.format(a))
				aconf.minlevel = a
		if len(args) == 0:
			usage_cb()
		if oport is not None:
			host = args[0]
			port = utils.parse_int(oport)
		else:
			s = args[0].split(':')
			host = s[0].strip()
			if len(s) == 2:
				oport, port = s[1], utils.parse_int(s[1])
			else:
				oport, port = '22', 22
		if not host:
			usage_cb('host is empty')
		if port <= 0 or port > 65535:
			usage_cb('port {0} is not valid'.format(oport))
		aconf.host = host
		aconf.port = port
		if not (aconf.ssh1 or aconf.ssh2):
			aconf.ssh1, aconf.ssh2 = True, True
		return aconf


class Output(object):
	LEVELS = ['info', 'warn', 'fail']
	COLORS = {'head': 36, 'good': 32, 'warn': 33, 'fail': 31}
	
	def __init__(self):
		# type: () -> None
		self.batch = False
		self.colors = True
		self.verbose = False
		self.__minlevel = 0
	
	@property
	def minlevel(self):
		# type: () -> str
		if self.__minlevel < len(self.LEVELS):
			return self.LEVELS[self.__minlevel]
		return 'unknown'
	
	@minlevel.setter
	def minlevel(self, name):
		# type: (str) -> None
		self.__minlevel = self.getlevel(name)
	
	def getlevel(self, name):
		# type: (str) -> int
		cname = 'info' if name == 'good' else name
		if cname not in self.LEVELS:
			return sys.maxsize
		return self.LEVELS.index(cname)
	
	def sep(self):
		# type: () -> None
		if not self.batch:
			print()
	
	@property
	def colors_supported(self):
		# type: () -> bool
		return 'colorama' in sys.modules or os.name == 'posix'
	
	@staticmethod
	def _colorized(color):
		# type: (str) -> Callable[[text_type], None]
		return lambda x: print(u'{0}{1}\033[0m'.format(color, x))
	
	def __getattr__(self, name):
		# type: (str) -> Callable[[text_type], None]
		if name == 'head' and self.batch:
			return lambda x: None
		if not self.getlevel(name) >= self.__minlevel:
			return lambda x: None
		if self.colors and self.colors_supported and name in self.COLORS:
			color = '\033[0;{0}m'.format(self.COLORS[name])
			return self._colorized(color)
		else:
			return lambda x: print(u'{0}'.format(x))


class OutputBuffer(list):
	def __enter__(self):
		# type: () -> OutputBuffer
		# pylint: disable=attribute-defined-outside-init
		self.__buf = StringIO()
		self.__stdout = sys.stdout
		sys.stdout = self.__buf
		return self
	
	def flush(self):
		# type: () -> None
		for line in self:
			print(line)
	
	def __exit__(self, *args):
		# type: (*Any) -> None
		self.extend(self.__buf.getvalue().splitlines())
		sys.stdout = self.__stdout


class SSH2(object):  # pylint: disable=too-few-public-methods
	class KexParty(object):
		def __init__(self, enc, mac, compression, languages):
			# type: (List[text_type], List[text_type], List[text_type], List[text_type]) -> None
			self.__enc = enc
			self.__mac = mac
			self.__compression = compression
			self.__languages = languages
		
		@property
		def encryption(self):
			# type: () -> List[text_type]
			return self.__enc
		
		@property
		def mac(self):
			# type: () -> List[text_type]
			return self.__mac
		
		@property
		def compression(self):
			# type: () -> List[text_type]
			return self.__compression
		
		@property
		def languages(self):
			# type: () -> List[text_type]
			return self.__languages
	
	class Kex(object):
		def __init__(self, cookie, kex_algs, key_algs, cli, srv, follows, unused=0):
			# type: (binary_type, List[text_type], List[text_type], SSH2.KexParty, SSH2.KexParty, bool, int) -> None
			self.__cookie = cookie
			self.__kex_algs = kex_algs
			self.__key_algs = key_algs
			self.__client = cli
			self.__server = srv
			self.__follows = follows
			self.__unused = unused
		
		@property
		def cookie(self):
			# type: () -> binary_type
			return self.__cookie
		
		@property
		def kex_algorithms(self):
			# type: () -> List[text_type]
			return self.__kex_algs
		
		@property
		def key_algorithms(self):
			# type: () -> List[text_type]
			return self.__key_algs
		
		# client_to_server
		@property
		def client(self):
			# type: () -> SSH2.KexParty
			return self.__client
		
		# server_to_client
		@property
		def server(self):
			# type: () -> SSH2.KexParty
			return self.__server
		
		@property
		def follows(self):
			# type: () -> bool
			return self.__follows
		
		@property
		def unused(self):
			# type: () -> int
			return self.__unused
		
		def write(self, wbuf):
			# type: (WriteBuf) -> None
			wbuf.write(self.cookie)
			wbuf.write_list(self.kex_algorithms)
			wbuf.write_list(self.key_algorithms)
			wbuf.write_list(self.client.encryption)
			wbuf.write_list(self.server.encryption)
			wbuf.write_list(self.client.mac)
			wbuf.write_list(self.server.mac)
			wbuf.write_list(self.client.compression)
			wbuf.write_list(self.server.compression)
			wbuf.write_list(self.client.languages)
			wbuf.write_list(self.server.languages)
			wbuf.write_bool(self.follows)
			wbuf.write_int(self.__unused)
		
		@property
		def payload(self):
			# type: () -> binary_type
			wbuf = WriteBuf()
			self.write(wbuf)
			return wbuf.write_flush()
		
		@classmethod
		def parse(cls, payload):
			# type: (binary_type) -> SSH2.Kex
			buf = ReadBuf(payload)
			cookie = buf.read(16)
			kex_algs = buf.read_list()
			key_algs = buf.read_list()
			cli_enc = buf.read_list()
			srv_enc = buf.read_list()
			cli_mac = buf.read_list()
			srv_mac = buf.read_list()
			cli_compression = buf.read_list()
			srv_compression = buf.read_list()
			cli_languages = buf.read_list()
			srv_languages = buf.read_list()
			follows = buf.read_bool()
			unused = buf.read_int()
			cli = SSH2.KexParty(cli_enc, cli_mac, cli_compression, cli_languages)
			srv = SSH2.KexParty(srv_enc, srv_mac, srv_compression, srv_languages)
			kex = cls(cookie, kex_algs, key_algs, cli, srv, follows, unused)
			return kex


class SSH1(object):
	class CRC32(object):
		def __init__(self):
			# type: () -> None
			self._table = [0] * 256
			for i in range(256):
				crc = 0
				n = i
				for _ in range(8):
					x = (crc ^ n) & 1
					crc = (crc >> 1) ^ (x * 0xedb88320)
					n = n >> 1
				self._table[i] = crc
		
		def calc(self, v):
			# type: (binary_type) -> int
			crc, l = 0, len(v)
			for i in range(l):
				n = ord(v[i:i + 1])
				n = n ^ (crc & 0xff)
				crc = (crc >> 8) ^ self._table[n]
			return crc
	
	_crc32 = None  # type: Optional[SSH1.CRC32]
	CIPHERS = ['none', 'idea', 'des', '3des', 'tss', 'rc4', 'blowfish']
	AUTHS = [None, 'rhosts', 'rsa', 'password', 'rhosts_rsa', 'tis', 'kerberos']
	
	@classmethod
	def crc32(cls, v):
		# type: (binary_type) -> int
		if cls._crc32 is None:
			cls._crc32 = cls.CRC32()
		return cls._crc32.calc(v)
	
	class KexDB(object):  # pylint: disable=too-few-public-methods
		# pylint: disable=bad-whitespace
		FAIL_PLAINTEXT        = 'no encryption/integrity'
		FAIL_OPENSSH37_REMOVE = 'removed since OpenSSH 3.7'
		FAIL_NA_BROKEN        = 'not implemented in OpenSSH, broken algorithm'
		FAIL_NA_UNSAFE        = 'not implemented in OpenSSH (server), unsafe algorithm'
		TEXT_CIPHER_IDEA      = 'cipher used by commercial SSH'
		
		ALGORITHMS = {
			'key': {
				'ssh-rsa1': [['1.2.2']],
			},
			'enc': {
				'none': [['1.2.2'], [FAIL_PLAINTEXT]],
				'idea': [[None], [], [], [TEXT_CIPHER_IDEA]],
				'des': [['2.3.0C'], [FAIL_NA_UNSAFE]],
				'3des': [['1.2.2']],
				'tss': [[''], [FAIL_NA_BROKEN]],
				'rc4': [[], [FAIL_NA_BROKEN]],
				'blowfish': [['1.2.2']],
			},
			'aut': {
				'rhosts': [['1.2.2', '3.6'], [FAIL_OPENSSH37_REMOVE]],
				'rsa': [['1.2.2']],
				'password': [['1.2.2']],
				'rhosts_rsa': [['1.2.2']],
				'tis': [['1.2.2']],
				'kerberos': [['1.2.2', '3.6'], [FAIL_OPENSSH37_REMOVE]],
			}
		}  # type: Dict[str, Dict[str, List[List[str]]]]
	
	class PublicKeyMessage(object):
		def __init__(self, cookie, skey, hkey, pflags, cmask, amask):
			# type: (binary_type, Tuple[int, int, int], Tuple[int, int, int], int, int, int) -> None
			assert len(skey) == 3
			assert len(hkey) == 3
			self.__cookie = cookie
			self.__server_key = skey
			self.__host_key = hkey
			self.__protocol_flags = pflags
			self.__supported_ciphers_mask = cmask
			self.__supported_authentications_mask = amask
		
		@property
		def cookie(self):
			# type: () -> binary_type
			return self.__cookie
		
		@property
		def server_key_bits(self):
			# type: () -> int
			return self.__server_key[0]
		
		@property
		def server_key_public_exponent(self):
			# type: () -> int
			return self.__server_key[1]
		
		@property
		def server_key_public_modulus(self):
			# type: () -> int
			return self.__server_key[2]
		
		@property
		def host_key_bits(self):
			# type: () -> int
			return self.__host_key[0]
		
		@property
		def host_key_public_exponent(self):
			# type: () -> int
			return self.__host_key[1]
		
		@property
		def host_key_public_modulus(self):
			# type: () -> int
			return self.__host_key[2]
		
		@property
		def host_key_fingerprint_data(self):
			# type: () -> binary_type
			# pylint: disable=protected-access
			mod = WriteBuf._create_mpint(self.host_key_public_modulus, False)
			e = WriteBuf._create_mpint(self.host_key_public_exponent, False)
			return mod + e
		
		@property
		def protocol_flags(self):
			# type: () -> int
			return self.__protocol_flags
		
		@property
		def supported_ciphers_mask(self):
			# type: () -> int
			return self.__supported_ciphers_mask
		
		@property
		def supported_ciphers(self):
			# type: () -> List[text_type]
			ciphers = []
			for i in range(len(SSH1.CIPHERS)):
				if self.__supported_ciphers_mask & (1 << i) != 0:
					ciphers.append(utils.to_utext(SSH1.CIPHERS[i]))
			return ciphers
		
		@property
		def supported_authentications_mask(self):
			# type: () -> int
			return self.__supported_authentications_mask
		
		@property
		def supported_authentications(self):
			# type: () -> List[text_type]
			auths = []
			for i in range(1, len(SSH1.AUTHS)):
				if self.__supported_authentications_mask & (1 << i) != 0:
					auths.append(utils.to_utext(SSH1.AUTHS[i]))
			return auths
		
		def write(self, wbuf):
			# type: (WriteBuf) -> None
			wbuf.write(self.cookie)
			wbuf.write_int(self.server_key_bits)
			wbuf.write_mpint1(self.server_key_public_exponent)
			wbuf.write_mpint1(self.server_key_public_modulus)
			wbuf.write_int(self.host_key_bits)
			wbuf.write_mpint1(self.host_key_public_exponent)
			wbuf.write_mpint1(self.host_key_public_modulus)
			wbuf.write_int(self.protocol_flags)
			wbuf.write_int(self.supported_ciphers_mask)
			wbuf.write_int(self.supported_authentications_mask)
		
		@property
		def payload(self):
			# type: () -> binary_type
			wbuf = WriteBuf()
			self.write(wbuf)
			return wbuf.write_flush()
		
		@classmethod
		def parse(cls, payload):
			# type: (binary_type) -> SSH1.PublicKeyMessage
			buf = ReadBuf(payload)
			cookie = buf.read(8)
			server_key_bits = buf.read_int()
			server_key_exponent = buf.read_mpint1()
			server_key_modulus = buf.read_mpint1()
			skey = (server_key_bits, server_key_exponent, server_key_modulus)
			host_key_bits = buf.read_int()
			host_key_exponent = buf.read_mpint1()
			host_key_modulus = buf.read_mpint1()
			hkey = (host_key_bits, host_key_exponent, host_key_modulus)
			pflags = buf.read_int()
			cmask = buf.read_int()
			amask = buf.read_int()
			pkm = cls(cookie, skey, hkey, pflags, cmask, amask)
			return pkm


class ReadBuf(object):
	def __init__(self, data=None):
		# type: (Optional[binary_type]) -> None
		super(ReadBuf, self).__init__()
		self._buf = BytesIO(data) if data else BytesIO()
		self._len = len(data) if data else 0
	
	@property
	def unread_len(self):
		# type: () -> int
		return self._len - self._buf.tell()
	
	def read(self, size):
		# type: (int) -> binary_type
		return self._buf.read(size)
	
	def read_byte(self):
		# type: () -> int
		return struct.unpack('B', self.read(1))[0]
	
	def read_bool(self):
		# type: () -> bool
		return self.read_byte() != 0
	
	def read_int(self):
		# type: () -> int
		return struct.unpack('>I', self.read(4))[0]
	
	def read_list(self):
		# type: () -> List[text_type]
		list_size = self.read_int()
		return self.read(list_size).decode('utf-8', 'replace').split(',')
	
	def read_string(self):
		# type: () -> binary_type
		n = self.read_int()
		return self.read(n)
	
	@classmethod
	def _parse_mpint(cls, v, pad, sf):
		# type: (binary_type, binary_type, str) -> int
		r = 0
		if len(v) % 4:
			v = pad * (4 - (len(v) % 4)) + v
		for i in range(0, len(v), 4):
			r = (r << 32) | struct.unpack(sf, v[i:i + 4])[0]
		return r
		
	def read_mpint1(self):
		# type: () -> int
		# NOTE: Data Type Enc @ http://www.snailbook.com/docs/protocol-1.5.txt
		bits = struct.unpack('>H', self.read(2))[0]
		n = (bits + 7) // 8
		return self._parse_mpint(self.read(n), b'\x00', '>I')
	
	def read_mpint2(self):
		# type: () -> int
		# NOTE: Section 5 @ https://www.ietf.org/rfc/rfc4251.txt
		v = self.read_string()
		if len(v) == 0:
			return 0
		pad, sf = (b'\xff', '>i') if ord(v[0:1]) & 0x80 else (b'\x00', '>I')
		return self._parse_mpint(v, pad, sf)
	
	def read_line(self):
		# type: () -> text_type
		return self._buf.readline().rstrip().decode('utf-8', 'replace')


class WriteBuf(object):
	def __init__(self, data=None):
		# type: (Optional[binary_type]) -> None
		super(WriteBuf, self).__init__()
		self._wbuf = BytesIO(data) if data else BytesIO()
	
	def write(self, data):
		# type: (binary_type) -> WriteBuf
		self._wbuf.write(data)
		return self
	
	def write_byte(self, v):
		# type: (int) -> WriteBuf
		return self.write(struct.pack('B', v))
	
	def write_bool(self, v):
		# type: (bool) -> WriteBuf
		return self.write_byte(1 if v else 0)
	
	def write_int(self, v):
		# type: (int) -> WriteBuf
		return self.write(struct.pack('>I', v))
	
	def write_string(self, v):
		# type: (Union[binary_type, text_type]) -> WriteBuf
		if not isinstance(v, bytes):
			v = bytes(bytearray(v, 'utf-8'))
		self.write_int(len(v))
		return self.write(v)
	
	def write_list(self, v):
		# type: (List[text_type]) -> WriteBuf
		return self.write_string(u','.join(v))
	
	@classmethod
	def _bitlength(cls, n):
		# type: (int) -> int
		try:
			return n.bit_length()
		except AttributeError:
			return len(bin(n)) - (2 if n > 0 else 3)
		
	@classmethod
	def _create_mpint(cls, n, signed=True, bits=None):
		# type: (int, bool, Optional[int]) -> binary_type
		if bits is None:
			bits = cls._bitlength(n)
		length = bits // 8 + (1 if n != 0 else 0)
		ql = (length + 7) // 8
		fmt, v2 = '>{0}Q'.format(ql), [0] * ql
		for i in range(ql):
			v2[ql - i - 1] = (n & 0xffffffffffffffff)
			n >>= 64
		data = bytes(struct.pack(fmt, *v2)[-length:])
		if not signed:
			data = data.lstrip(b'\x00')
		elif data.startswith(b'\xff\x80'):
			data = data[1:]
		return data
	
	def write_mpint1(self, n):
		# type: (int) -> WriteBuf
		# NOTE: Data Type Enc @ http://www.snailbook.com/docs/protocol-1.5.txt
		bits = self._bitlength(n)
		data = self._create_mpint(n, False, bits)
		self.write(struct.pack('>H', bits))
		return self.write(data)
	
	def write_mpint2(self, n):
		# type: (int) -> WriteBuf
		# NOTE: Section 5 @ https://www.ietf.org/rfc/rfc4251.txt
		data = self._create_mpint(n)
		return self.write_string(data)
	
	def write_line(self, v):
		# type: (Union[binary_type, str]) -> WriteBuf
		if not isinstance(v, bytes):
			v = bytes(bytearray(v, 'utf-8'))
		v += b'\r\n'
		return self.write(v)
	
	def write_flush(self):
		# type: () -> binary_type
		payload = self._wbuf.getvalue()
		self._wbuf.truncate(0)
		self._wbuf.seek(0)
		return payload


class SSH(object):  # pylint: disable=too-few-public-methods
	class Protocol(object):  # pylint: disable=too-few-public-methods
		# pylint: disable=bad-whitespace
		SMSG_PUBLIC_KEY = 2
		MSG_KEXINIT     = 20
		MSG_NEWKEYS     = 21
		MSG_KEXDH_INIT  = 30
		MSG_KEXDH_REPLY = 32
	
	class Product(object):  # pylint: disable=too-few-public-methods
		OpenSSH = 'OpenSSH'
		DropbearSSH = 'Dropbear SSH'
		LibSSH = 'libssh'
	
	class Software(object):
		def __init__(self, vendor, product, version, patch, os_version):
			# type: (Optional[str], str, str, Optional[str], Optional[str]) -> None
			self.__vendor = vendor
			self.__product = product
			self.__version = version
			self.__patch = patch
			self.__os = os_version
		
		@property
		def vendor(self):
			# type: () -> Optional[str]
			return self.__vendor
		
		@property
		def product(self):
			# type: () -> str
			return self.__product
		
		@property
		def version(self):
			# type: () -> str
			return self.__version
		
		@property
		def patch(self):
			# type: () -> Optional[str]
			return self.__patch
		
		@property
		def os(self):
			# type: () -> Optional[str]
			return self.__os
		
		def compare_version(self, other):
			# type: (Union[None, SSH.Software, text_type]) -> int
			# pylint: disable=too-many-branches
			if other is None:
				return 1
			if isinstance(other, SSH.Software):
				other = '{0}{1}'.format(other.version, other.patch or '')
			else:
				other = str(other)
			mx = re.match(r'^([\d\.]+\d+)(.*)$', other)
			if mx:
				oversion, opatch = mx.group(1), mx.group(2).strip()
			else:
				oversion, opatch = other, ''
			if self.version < oversion:
				return -1
			elif self.version > oversion:
				return 1
			spatch = self.patch or ''
			if self.product == SSH.Product.DropbearSSH:
				if not re.match(r'^test\d.*$', opatch):
					opatch = 'z{0}'.format(opatch)
				if not re.match(r'^test\d.*$', spatch):
					spatch = 'z{0}'.format(spatch)
			elif self.product == SSH.Product.OpenSSH:
				mx1 = re.match(r'^p\d(.*)', opatch)
				mx2 = re.match(r'^p\d(.*)', spatch)
				if not (mx1 and mx2):
					if mx1:
						opatch = mx1.group(1)
					if mx2:
						spatch = mx2.group(1)
			if spatch < opatch:
				return -1
			elif spatch > opatch:
				return 1
			return 0
		
		def between_versions(self, vfrom, vtill):
			# type: (str, str) -> bool
			if vfrom and self.compare_version(vfrom) < 0:
				return False
			if vtill and self.compare_version(vtill) > 0:
				return False
			return True
		
		def display(self, full=True):
			# type: (bool) -> str
			r = '{0} '.format(self.vendor) if self.vendor else ''
			r += self.product
			if self.version:
				r += ' {0}'.format(self.version)
			if full:
				patch = self.patch or ''
				if self.product == SSH.Product.OpenSSH:
					mx = re.match(r'^(p\d)(.*)$', patch)
					if mx is not None:
						r += mx.group(1)
						patch = mx.group(2).strip()
				if patch:
					r += ' ({0})'.format(patch)
				if self.os:
					r += ' running on {0}'.format(self.os)
			return r
		
		def __str__(self):
			# type: () -> str
			return self.display()
		
		def __repr__(self):
			# type: () -> str
			r = 'vendor={0}'.format(self.vendor) if self.vendor else ''
			if self.product:
				if self.vendor:
					r += ', '
				r += 'product={0}'.format(self.product)
			if self.version:
				r += ', version={0}'.format(self.version)
			if self.patch:
				r += ', patch={0}'.format(self.patch)
			if self.os:
				r += ', os={0}'.format(self.os)
			return '<{0}({1})>'.format(self.__class__.__name__, r)
		
		@staticmethod
		def _fix_patch(patch):
			# type: (str) -> Optional[str]
			return re.sub(r'^[-_\.]+', '', patch) or None
		
		@staticmethod
		def _fix_date(d):
			# type: (str) -> Optional[str]
			if d is not None and len(d) == 8:
				return '{0}-{1}-{2}'.format(d[:4], d[4:6], d[6:8])
			else:
				return None
		
		@classmethod
		def _extract_os_version(cls, c):
			# type: (Optional[str]) -> str
			if c is None:
				return None
			mx = re.match(r'^NetBSD(?:_Secure_Shell)?(?:[\s-]+(\d{8})(.*))?$', c)
			if mx:
				d = cls._fix_date(mx.group(1))
				return 'NetBSD' if d is None else 'NetBSD ({0})'.format(d)
			mx = re.match(r'^FreeBSD(?:\slocalisations)?[\s-]+(\d{8})(.*)$', c)
			if not mx:
				mx = re.match(r'^[^@]+@FreeBSD\.org[\s-]+(\d{8})(.*)$', c)
			if mx:
				d = cls._fix_date(mx.group(1))
				return 'FreeBSD' if d is None else 'FreeBSD ({0})'.format(d)
			w = ['RemotelyAnywhere', 'DesktopAuthority', 'RemoteSupportManager']
			for win_soft in w:
				mx = re.match(r'^in ' + win_soft + r' ([\d\.]+\d)$', c)
				if mx:
					ver = mx.group(1)
					return 'Microsoft Windows ({0} {1})'.format(win_soft, ver)
			generic = ['NetBSD', 'FreeBSD']
			for g in generic:
				if c.startswith(g) or c.endswith(g):
					return g
			return None
		
		@classmethod
		def parse(cls, banner):
			# type: (SSH.Banner) -> SSH.Software
			# pylint: disable=too-many-return-statements
			software = str(banner.software)
			mx = re.match(r'^dropbear_([\d\.]+\d+)(.*)', software)
			if mx:
				patch = cls._fix_patch(mx.group(2))
				v, p = 'Matt Johnston', SSH.Product.DropbearSSH
				v = None
				return cls(v, p, mx.group(1), patch, None)
			mx = re.match(r'^OpenSSH[_\.-]+([\d\.]+\d+)(.*)', software)
			if mx:
				patch = cls._fix_patch(mx.group(2))
				v, p = 'OpenBSD', SSH.Product.OpenSSH
				v = None
				os_version = cls._extract_os_version(banner.comments)
				return cls(v, p, mx.group(1), patch, os_version)
			mx = re.match(r'^libssh-([\d\.]+\d+)(.*)', software)
			if mx:
				patch = cls._fix_patch(mx.group(2))
				v, p = None, SSH.Product.LibSSH
				os_version = cls._extract_os_version(banner.comments)
				return cls(v, p, mx.group(1), patch, os_version)
			mx = re.match(r'^RomSShell_([\d\.]+\d+)(.*)', software)
			if mx:
				patch = cls._fix_patch(mx.group(2))
				v, p = 'Allegro Software', 'RomSShell'
				return cls(v, p, mx.group(1), patch, None)
			mx = re.match(r'^mpSSH_([\d\.]+\d+)', software)
			if mx:
				v, p = 'HP', 'iLO (Integrated Lights-Out) sshd'
				return cls(v, p, mx.group(1), None, None)
			mx = re.match(r'^Cisco-([\d\.]+\d+)', software)
			if mx:
				v, p = 'Cisco', 'IOS/PIX sshd'
				return cls(v, p, mx.group(1), None, None)
			return None
	
	class Banner(object):
		_RXP, _RXR = r'SSH-\d\.\s*?\d+', r'(-\s*([^\s]*)(?:\s+(.*))?)?'
		RX_PROTOCOL = re.compile(re.sub(r'\\d(\+?)', r'(\\d\g<1>)', _RXP))
		RX_BANNER = re.compile(r'^({0}(?:(?:-{0})*)){1}$'.format(_RXP, _RXR))
		
		def __init__(self, protocol, software, comments, valid_ascii):
			# type: (Tuple[int, int], str, str, bool) -> None
			self.__protocol = protocol
			self.__software = software
			self.__comments = comments
			self.__valid_ascii = valid_ascii
		
		@property
		def protocol(self):
			# type: () -> Tuple[int, int]
			return self.__protocol
		
		@property
		def software(self):
			# type: () -> str
			return self.__software
		
		@property
		def comments(self):
			# type: () -> str
			return self.__comments
		
		@property
		def valid_ascii(self):
			# type: () -> bool
			return self.__valid_ascii
		
		def __str__(self):
			# type: () -> str
			r = 'SSH-{0}.{1}'.format(self.protocol[0], self.protocol[1])
			if self.software is not None:
				r += '-{0}'.format(self.software)
			if self.comments:
				r += ' {0}'.format(self.comments)
			return r
		
		def __repr__(self):
			# type: () -> str
			p = '{0}.{1}'.format(self.protocol[0], self.protocol[1])
			r = 'protocol={0}'.format(p)
			if self.software:
				r += ', software={0}'.format(self.software)
			if self.comments:
				r += ', comments={0}'.format(self.comments)
			return '<{0}({1})>'.format(self.__class__.__name__, r)
		
		@classmethod
		def parse(cls, banner):
			# type: (text_type) -> SSH.Banner
			valid_ascii = utils.is_ascii(banner)
			ascii_banner = utils.to_ascii(banner)
			mx = cls.RX_BANNER.match(ascii_banner)
			if mx is None:
				return None
			protocol = min(re.findall(cls.RX_PROTOCOL, mx.group(1)))
			protocol = (int(protocol[0]), int(protocol[1]))
			software = (mx.group(3) or '').strip() or None
			if software is None and (mx.group(2) or '').startswith('-'):
				software = ''
			comments = (mx.group(4) or '').strip() or None
			if comments is not None:
				comments = re.sub(r'\s+', ' ', comments)
			return cls(protocol, software, comments, valid_ascii)
	
	class Fingerprint(object):
		def __init__(self, fpd):
			# type: (binary_type) -> None
			self.__fpd = fpd
		
		@property
		def md5(self):
			# type: () -> text_type
			h = hashlib.md5(self.__fpd).hexdigest()
			r = u':'.join(h[i:i + 2] for i in range(0, len(h), 2))
			return u'MD5:{0}'.format(r)
		
		@property
		def sha256(self):
			# type: () -> text_type
			h = base64.b64encode(hashlib.sha256(self.__fpd).digest())
			r = h.decode('ascii').rstrip('=')
			return u'SHA256:{0}'.format(r)
	
	class Security(object):  # pylint: disable=too-few-public-methods
		# pylint: disable=bad-whitespace
		CVE = {
			'Dropbear SSH': [
				['0.44', '2015.71', 1, 'CVE-2016-3116', 5.5, 'bypass command restrictions via xauth command injection'],
				['0.28', '2013.58', 1, 'CVE-2013-4434', 5.0, 'discover valid usernames through different time delays'],
				['0.28', '2013.58', 1, 'CVE-2013-4421', 5.0, 'cause DoS (memory consumption) via a compressed packet'],
				['0.52', '2011.54', 1, 'CVE-2012-0920', 7.1, 'execute arbitrary code or bypass command restrictions'],
				['0.40', '0.48.1',  1, 'CVE-2007-1099', 7.5, 'conduct a MitM attack (no warning for hostkey mismatch)'],
				['0.28', '0.47',    1, 'CVE-2006-1206', 7.5, 'cause DoS (slot exhaustion) via large number of connections'],
				['0.39', '0.47',    1, 'CVE-2006-0225', 4.6, 'execute arbitrary commands via scp with crafted filenames'],
				['0.28', '0.46',    1, 'CVE-2005-4178', 6.5, 'execute arbitrary code via buffer overflow vulnerability'],
				['0.28', '0.42',    1, 'CVE-2004-2486', 7.5, 'execute arbitrary code via DSS verification code']],
			'libssh': [
				['0.1',   '0.7.2',  1, 'CVE-2016-0739', 4.3, 'conduct a MitM attack (weakness in DH key generation)'],
				['0.5.1', '0.6.4',  1, 'CVE-2015-3146', 5.0, 'cause DoS via kex packets (null pointer dereference)'],
				['0.5.1', '0.6.3',  1, 'CVE-2014-8132', 5.0, 'cause DoS via kex init packet (dangling pointer)'],
				['0.4.7', '0.6.2',  1, 'CVE-2014-0017', 1.9, 'leak data via PRNG state reuse on forking servers'],
				['0.4.7', '0.5.3',  1, 'CVE-2013-0176', 4.3, 'cause DoS via kex packet (null pointer dereference)'],
				['0.4.7', '0.5.2',  1, 'CVE-2012-6063', 7.5, 'cause DoS or execute arbitrary code via sftp (double free)'],
				['0.4.7', '0.5.2',  1, 'CVE-2012-4562', 7.5, 'cause DoS or execute arbitrary code (overflow check)'],
				['0.4.7', '0.5.2',  1, 'CVE-2012-4561', 5.0, 'cause DoS via unspecified vectors (invalid pointer)'],
				['0.4.7', '0.5.2',  1, 'CVE-2012-4560', 7.5, 'cause DoS or execute arbitrary code (buffer overflow)'],
				['0.4.7', '0.5.2',  1, 'CVE-2012-4559', 6.8, 'cause DoS or execute arbitrary code (double free)']]
		}  # type: Dict[str, List[List[Any]]]
		TXT = {
			'Dropbear SSH': [
				['0.28', '0.34', 1, 'remote root exploit', 'remote format string buffer overflow exploit (exploit-db#387)']],
			'libssh': [
				['0.3.3', '0.3.3', 1, 'null pointer check', 'missing null pointer check in "crypt_set_algorithms_server"'],
				['0.3.3', '0.3.3', 1, 'integer overflow',   'integer overflow in "buffer_get_data"'],
				['0.3.3', '0.3.3', 3, 'heap overflow',      'heap overflow in "packet_decrypt"']]
		}  # type: Dict[str, List[List[Any]]]
	
	class Socket(ReadBuf, WriteBuf):
		class InsufficientReadException(Exception):
			pass
		
		SM_BANNER_SENT = 1
		
		def __init__(self, host, port):
			# type: (str, int) -> None
			super(SSH.Socket, self).__init__()
			self.__block_size = 8
			self.__state = 0
			self.__header = []  # type: List[text_type]
			self.__banner = None  # type: Optional[SSH.Banner]
			self.__host = host
			self.__port = port
			self.__sock = None  # type: socket.socket
		
		def __enter__(self):
			# type: () -> SSH.Socket
			return self
		
		def _resolve(self, ipvo):
			# type: (Sequence[int]) -> Iterable[Tuple[int, Tuple[Any, ...]]]
			ipvo = tuple(filter(lambda x: x in (4, 6), utils.unique_seq(ipvo)))
			ipvo_len = len(ipvo)
			prefer_ipvo = ipvo_len > 0
			prefer_ipv4 = prefer_ipvo and ipvo[0] == 4
			if len(ipvo) == 1:
				family = {4: socket.AF_INET, 6: socket.AF_INET6}.get(ipvo[0])
			else:
				family = socket.AF_UNSPEC
			try:
				stype = socket.SOCK_STREAM
				r = socket.getaddrinfo(self.__host, self.__port, family, stype)
				if prefer_ipvo:
					r = sorted(r, key=lambda x: x[0], reverse=not prefer_ipv4)
				check = any(stype == rline[2] for rline in r)
				for (af, socktype, proto, canonname, addr) in r:
					if not check or socktype == socket.SOCK_STREAM:
						yield (af, addr)
			except socket.error as e:
				out.fail('[exception] {0}'.format(e))
				sys.exit(1)
		
		def connect(self, ipvo=(), cto=3.0, rto=5.0):
			# type: (Sequence[int], float, float) -> None
			err = None
			for (af, addr) in self._resolve(ipvo):
				s = None
				try:
					s = socket.socket(af, socket.SOCK_STREAM)
					s.settimeout(cto)
					s.connect(addr)
					s.settimeout(rto)
					self.__sock = s
					return
				except socket.error as e:
					err = e
					self._close_socket(s)
			if err is None:
				errm = 'host {0} has no DNS records'.format(self.__host)
			else:
				errt = (self.__host, self.__port, err)
				errm = 'cannot connect to {0} port {1}: {2}'.format(*errt)
			out.fail('[exception] {0}'.format(errm))
			sys.exit(1)
		
		def get_banner(self, sshv=2):
			# type: (int) -> Tuple[Optional[SSH.Banner], List[text_type]]
			banner = 'SSH-{0}-OpenSSH_7.3'.format('1.5' if sshv == 1 else '2.0')
			rto = self.__sock.gettimeout()
			self.__sock.settimeout(0.7)
			s, e = self.recv()
			self.__sock.settimeout(rto)
			if s < 0:
				return self.__banner, self.__header
			if self.__state < self.SM_BANNER_SENT:
				self.send_banner(banner)
			while self.__banner is None:
				if not s > 0:
					s, e = self.recv()
					if s < 0:
						break
				while self.__banner is None and self.unread_len > 0:
					line = self.read_line()
					if len(line.strip()) == 0:
						continue
					if self.__banner is None:
						self.__banner = SSH.Banner.parse(line)
						if self.__banner is not None:
							continue
					self.__header.append(line)
				s = 0
			return self.__banner, self.__header
		
		def recv(self, size=2048):
			# type: (int) -> Tuple[int, Optional[str]]
			try:
				data = self.__sock.recv(size)
			except socket.timeout:
				return (-1, 'timeout')
			except socket.error as e:
				if e.args[0] in (errno.EAGAIN, errno.EWOULDBLOCK):
					return (0, 'retry')
				return (-1, str(e.args[-1]))
			if len(data) == 0:
				return (-1, None)
			pos = self._buf.tell()
			self._buf.seek(0, 2)
			self._buf.write(data)
			self._len += len(data)
			self._buf.seek(pos, 0)
			return (len(data), None)
		
		def send(self, data):
			# type: (binary_type) -> Tuple[int, Optional[str]]
			try:
				self.__sock.send(data)
				return (0, None)
			except socket.error as e:
				return (-1, str(e.args[-1]))
			self.__sock.send(data)
		
		def send_banner(self, banner):
			# type: (str) -> None
			self.send(banner.encode() + b'\r\n')
			if self.__state < self.SM_BANNER_SENT:
				self.__state = self.SM_BANNER_SENT
		
		def ensure_read(self, size):
			# type: (int) -> None
			while self.unread_len < size:
				s, e = self.recv()
				if s < 0:
					raise SSH.Socket.InsufficientReadException(e)
		
		def read_packet(self, sshv=2):
			# type: (int) -> Tuple[int, binary_type]
			try:
				header = WriteBuf()
				self.ensure_read(4)
				packet_length = self.read_int()
				header.write_int(packet_length)
				# XXX: validate length
				if sshv == 1:
					padding_length = (8 - packet_length % 8)
					self.ensure_read(padding_length)
					padding = self.read(padding_length)
					header.write(padding)
					payload_length = packet_length
					check_size = padding_length + payload_length
				else:
					self.ensure_read(1)
					padding_length = self.read_byte()
					header.write_byte(padding_length)
					payload_length = packet_length - padding_length - 1
					check_size = 4 + 1 + payload_length + padding_length
				if check_size % self.__block_size != 0:
					out.fail('[exception] invalid ssh packet (block size)')
					sys.exit(1)
				self.ensure_read(payload_length)
				if sshv == 1:
					payload = self.read(payload_length - 4)
					header.write(payload)
					crc = self.read_int()
					header.write_int(crc)
				else:
					payload = self.read(payload_length)
					header.write(payload)
				packet_type = ord(payload[0:1])
				if sshv == 1:
					rcrc = SSH1.crc32(padding + payload)
					if crc != rcrc:
						out.fail('[exception] packet checksum CRC32 mismatch.')
						sys.exit(1)
				else:
					self.ensure_read(padding_length)
					padding = self.read(padding_length)
				payload = payload[1:]
				return packet_type, payload
			except SSH.Socket.InsufficientReadException as ex:
				if ex.args[0] is None:
					header.write(self.read(self.unread_len))
					e = header.write_flush().strip()
				else:
					e = ex.args[0].encode('utf-8')
				return (-1, e)
		
		def send_packet(self):
			# type: () -> Tuple[int, Optional[str]]
			payload = self.write_flush()
			padding = -(len(payload) + 5) % 8
			if padding < 4:
				padding += 8
			plen = len(payload) + padding + 1
			pad_bytes = b'\x00' * padding
			data = struct.pack('>Ib', plen, padding) + payload + pad_bytes
			return self.send(data)
		
		def _close_socket(self, s):
			# type: (Optional[socket.socket]) -> None
			try:
				if s is not None:
					s.shutdown(socket.SHUT_RDWR)
					s.close()
			except:  # pylint: disable=bare-except
				pass
		
		def __del__(self):
			# type: () -> None
			self.__cleanup()
		
		def __exit__(self, *args):
			# type: (*Any) -> None
			self.__cleanup()
		
		def __cleanup(self):
			# type: () -> None
			self._close_socket(self.__sock)


class KexDH(object):
	def __init__(self, alg, g, p):
		# type: (str, int, int) -> None
		self.__alg = alg
		self.__g = g
		self.__p = p
		self.__q = (self.__p - 1) // 2
		self.__x = None  # type: Optional[int]
		self.__e = None  # type: Optional[int]
	
	def send_init(self, s):
		# type: (SSH.Socket) -> None
		r = random.SystemRandom()
		self.__x = r.randrange(2, self.__q)
		self.__e = pow(self.__g, self.__x, self.__p)
		s.write_byte(SSH.Protocol.MSG_KEXDH_INIT)
		s.write_mpint2(self.__e)
		s.send_packet()


class KexGroup1(KexDH):
	def __init__(self):
		# type: () -> None
		# rfc2409: second oakley group
		p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
		        'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
		        'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
		        '5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece65381'
		        'ffffffffffffffff', 16)
		super(KexGroup1, self).__init__('sha1', 2, p)


class KexGroup14(KexDH):
	def __init__(self):
		# type: () -> None
		# rfc3526: 2048-bit modp group
		p = int('ffffffffffffffffc90fdaa22168c234c4c6628b80dc1cd129024e088a67'
		        'cc74020bbea63b139b22514a08798e3404ddef9519b3cd3a431b302b0a6d'
		        'f25f14374fe1356d6d51c245e485b576625e7ec6f44c42e9a637ed6b0bff'
		        '5cb6f406b7edee386bfb5a899fa5ae9f24117c4b1fe649286651ece45b3d'
		        'c2007cb8a163bf0598da48361c55d39a69163fa8fd24cf5f83655d23dca3'
		        'ad961c62f356208552bb9ed529077096966d670c354e4abc9804f1746c08'
		        'ca18217c32905e462e36ce3be39e772c180e86039b2783a2ec07a28fb5c5'
		        '5df06f4c52c9de2bcbf6955817183995497cea956ae515d2261898fa0510'
		        '15728e5a8aacaa68ffffffffffffffff', 16)
		super(KexGroup14, self).__init__('sha1', 2, p)


class KexDB(object):  # pylint: disable=too-few-public-methods
	# pylint: disable=bad-whitespace
	WARN_OPENSSH72_LEGACY = 'disabled (in client) since OpenSSH 7.2, legacy algorithm'
	FAIL_OPENSSH70_LEGACY = 'removed since OpenSSH 7.0, legacy algorithm'
	FAIL_OPENSSH70_WEAK   = 'removed (in server) and disabled (in client) since OpenSSH 7.0, weak algorithm'
	FAIL_OPENSSH70_LOGJAM = 'disabled (in client) since OpenSSH 7.0, logjam attack'
	INFO_OPENSSH69_CHACHA = 'default cipher since OpenSSH 6.9.'
	FAIL_OPENSSH67_UNSAFE = 'removed (in server) since OpenSSH 6.7, unsafe algorithm'
	FAIL_OPENSSH61_REMOVE = 'removed since OpenSSH 6.1, removed from specification'
	FAIL_OPENSSH31_REMOVE = 'removed since OpenSSH 3.1'
	FAIL_DBEAR67_DISABLED = 'disabled since Dropbear SSH 2015.67'
	FAIL_DBEAR53_DISABLED = 'disabled since Dropbear SSH 0.53'
	FAIL_PLAINTEXT        = 'no encryption/integrity'
	WARN_CURVES_WEAK      = 'using weak elliptic curves'
	WARN_RNDSIG_KEY       = 'using weak random number generator could reveal the key'
	WARN_MODULUS_SIZE     = 'using small 1024-bit modulus'
	WARN_MODULUS_CUSTOM   = 'using custom size modulus (possibly weak)'
	WARN_HASH_WEAK        = 'using weak hashing algorithm'
	WARN_CIPHER_MODE      = 'using weak cipher mode'
	WARN_BLOCK_SIZE       = 'using small 64-bit block size'
	WARN_CIPHER_WEAK      = 'using weak cipher'
	WARN_ENCRYPT_AND_MAC  = 'using encrypt-and-MAC mode'
	WARN_TAG_SIZE         = 'using small 64-bit tag size'

	ALGORITHMS = {
		'kex': {
			'diffie-hellman-group1-sha1': [['2.3.0,d0.28,l10.2', '6.6', '6.9'], [FAIL_OPENSSH67_UNSAFE, FAIL_OPENSSH70_LOGJAM], [WARN_MODULUS_SIZE, WARN_HASH_WEAK]],
			'diffie-hellman-group14-sha1': [['3.9,d0.53,l10.6.0'], [], [WARN_HASH_WEAK]],
			'diffie-hellman-group14-sha256': [['7.3,d2016.73']],
			'diffie-hellman-group16-sha512': [['7.3,d2016.73']],
			'diffie-hellman-group18-sha512': [['7.3']],
			'diffie-hellman-group-exchange-sha1': [['2.3.0', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]],
			'diffie-hellman-group-exchange-sha256': [['4.4'], [], [WARN_MODULUS_CUSTOM]],
			'ecdh-sha2-nistp256': [['5.7,d2013.62,l10.6.0'], [WARN_CURVES_WEAK]],
			'ecdh-sha2-nistp384': [['5.7,d2013.62'], [WARN_CURVES_WEAK]],
			'ecdh-sha2-nistp521': [['5.7,d2013.62'], [WARN_CURVES_WEAK]],
			'curve25519-sha256@libssh.org': [['6.5,d2013.62,l10.6.0']],
			'kexguess2@matt.ucc.asn.au': [['d2013.57']],
		},
		'key': {
			'rsa-sha2-256': [['7.2']],
			'rsa-sha2-512': [['7.2']],
			'ssh-ed25519': [['6.5,l10.7.0']],
			'ssh-ed25519-cert-v01@openssh.com': [['6.5']],
			'ssh-rsa': [['2.5.0,d0.28,l10.2']],
			'ssh-dss': [['2.1.0,d0.28,l10.2', '6.9'], [FAIL_OPENSSH70_WEAK], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
			'ecdsa-sha2-nistp256': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
			'ecdsa-sha2-nistp384': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
			'ecdsa-sha2-nistp521': [['5.7,d2013.62,l10.6.4'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
			'ssh-rsa-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_OPENSSH70_LEGACY], []],
			'ssh-dss-cert-v00@openssh.com': [['5.4', '6.9'], [FAIL_OPENSSH70_LEGACY], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
			'ssh-rsa-cert-v01@openssh.com': [['5.6']],
			'ssh-dss-cert-v01@openssh.com': [['5.6', '6.9'], [FAIL_OPENSSH70_WEAK], [WARN_MODULUS_SIZE, WARN_RNDSIG_KEY]],
			'ecdsa-sha2-nistp256-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
			'ecdsa-sha2-nistp384-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
			'ecdsa-sha2-nistp521-cert-v01@openssh.com': [['5.7'], [WARN_CURVES_WEAK], [WARN_RNDSIG_KEY]],
		},
		'enc': {
			'none': [['1.2.2,d2013.56,l10.2'], [FAIL_PLAINTEXT]],
			'3des-cbc': [['1.2.2,d0.28,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_WEAK, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
			'3des-ctr': [['d0.52']],
			'blowfish-cbc': [['1.2.2,d0.28,l10.2', '6.6,d0.52', '7.1,d0.52'], [FAIL_OPENSSH67_UNSAFE, FAIL_DBEAR53_DISABLED], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
			'twofish-cbc': [['d0.28', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]],
			'twofish128-cbc': [['d0.47', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]],
			'twofish256-cbc': [['d0.47', 'd2014.66'], [FAIL_DBEAR67_DISABLED], [WARN_CIPHER_MODE]],
			'twofish128-ctr': [['d2015.68']],
			'twofish256-ctr': [['d2015.68']],
			'cast128-cbc': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE, WARN_BLOCK_SIZE]],
			'arcfour': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]],
			'arcfour128': [['4.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]],
			'arcfour256': [['4.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_WEAK]],
			'aes128-cbc': [['2.3.0,d0.28,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]],
			'aes192-cbc': [['2.3.0,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]],
			'aes256-cbc': [['2.3.0,d0.47,l10.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_CIPHER_MODE]],
			'rijndael128-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]],
			'rijndael192-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]],
			'rijndael256-cbc': [['2.3.0', '3.0.2'], [FAIL_OPENSSH31_REMOVE], [WARN_CIPHER_MODE]],
			'rijndael-cbc@lysator.liu.se': [['2.3.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_CIPHER_MODE]],
			'aes128-ctr': [['3.7,d0.52,l10.4.1']],
			'aes192-ctr': [['3.7,l10.4.1']],
			'aes256-ctr': [['3.7,d0.52,l10.4.1']],
			'aes128-gcm@openssh.com': [['6.2']],
			'aes256-gcm@openssh.com': [['6.2']],
			'chacha20-poly1305@openssh.com': [['6.5'], [], [], [INFO_OPENSSH69_CHACHA]],
		},
		'mac': {
			'none': [['d2013.56'], [FAIL_PLAINTEXT]],
			'hmac-sha1': [['2.1.0,d0.28,l10.2'], [], [WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
			'hmac-sha1-96': [['2.5.0,d0.47', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
			'hmac-sha2-256': [['5.9,d2013.56,l10.7.0'], [], [WARN_ENCRYPT_AND_MAC]],
			'hmac-sha2-256-96': [['5.9', '6.0'], [FAIL_OPENSSH61_REMOVE], [WARN_ENCRYPT_AND_MAC]],
			'hmac-sha2-512': [['5.9,d2013.56,l10.7.0'], [], [WARN_ENCRYPT_AND_MAC]],
			'hmac-sha2-512-96': [['5.9', '6.0'], [FAIL_OPENSSH61_REMOVE], [WARN_ENCRYPT_AND_MAC]],
			'hmac-md5': [['2.1.0,d0.28', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
			'hmac-md5-96': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC, WARN_HASH_WEAK]],
			'hmac-ripemd160': [['2.5.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]],
			'hmac-ripemd160@openssh.com': [['2.1.0', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_ENCRYPT_AND_MAC]],
			'umac-64@openssh.com': [['4.7'], [], [WARN_ENCRYPT_AND_MAC, WARN_TAG_SIZE]],
			'umac-128@openssh.com': [['6.2'], [], [WARN_ENCRYPT_AND_MAC]],
			'hmac-sha1-etm@openssh.com': [['6.2'], [], [WARN_HASH_WEAK]],
			'hmac-sha1-96-etm@openssh.com': [['6.2', '6.6', None], [FAIL_OPENSSH67_UNSAFE], [WARN_HASH_WEAK]],
			'hmac-sha2-256-etm@openssh.com': [['6.2']],
			'hmac-sha2-512-etm@openssh.com': [['6.2']],
			'hmac-md5-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_HASH_WEAK]],
			'hmac-md5-96-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY, WARN_HASH_WEAK]],
			'hmac-ripemd160-etm@openssh.com': [['6.2', '6.6', '7.1'], [FAIL_OPENSSH67_UNSAFE], [WARN_OPENSSH72_LEGACY]],
			'umac-64-etm@openssh.com': [['6.2'], [], [WARN_TAG_SIZE]],
			'umac-128-etm@openssh.com': [['6.2']],
		}
	}  # type: Dict[str, Dict[str, List[List[str]]]]


def get_ssh_version(version_desc):
	# type: (str) -> Tuple[str, str]
	if version_desc.startswith('d'):
		return (SSH.Product.DropbearSSH, version_desc[1:])
	elif version_desc.startswith('l1'):
		return (SSH.Product.LibSSH, version_desc[2:])
	else:
		return (SSH.Product.OpenSSH, version_desc)


def get_alg_timeframe(versions, for_server=True, result=None):
	# type: (List[str], bool, Optional[Dict[str, List[Optional[str]]]]) -> Dict[str, List[Optional[str]]]
	result = result or {}
	vlen = len(versions)
	for i in range(3):
		if i > vlen - 1:
			if i == 2 and vlen > 1:
				cversions = versions[1]
			else:
				continue
		else:
			cversions = versions[i]
		if cversions is None:
			continue
		for v in cversions.split(','):
			ssh_prefix, ssh_version = get_ssh_version(v)
			if not ssh_version:
				continue
			if ssh_version.endswith('C'):
				if for_server:
					continue
				ssh_version = ssh_version[:-1]
			if ssh_prefix not in result:
				result[ssh_prefix] = [None, None, None]
			prev, push = result[ssh_prefix][i], False
			if prev is None:
				push = True
			elif i == 0 and prev < ssh_version:
				push = True
			elif i > 0 and prev > ssh_version:
				push = True
			if push:
				result[ssh_prefix][i] = ssh_version
	return result


def get_ssh_timeframe(alg_pairs, for_server=True):
	# type: (List[Tuple[int, Dict[str, Dict[str, List[List[str]]]], List[Tuple[str, List[text_type]]]]], bool) -> Dict[str, List[Optional[str]]]
	timeframe = {}  # type: Dict[str, List[Optional[str]]]
	for alg_pair in alg_pairs:
		alg_db = alg_pair[1]
		for alg_set in alg_pair[2]:
			alg_type, alg_list = alg_set
			for alg_name in alg_list:
				alg_name_native = utils.to_ntext(alg_name)
				alg_desc = alg_db[alg_type].get(alg_name_native)
				if alg_desc is None:
					continue
				versions = alg_desc[0]
				timeframe = get_alg_timeframe(versions, for_server, timeframe)
	return timeframe


def get_alg_since_text(versions):
	# type: (List[str]) -> text_type
	tv = []
	if len(versions) == 0 or versions[0] is None:
		return None
	for v in versions[0].split(','):
		ssh_prefix, ssh_version = get_ssh_version(v)
		if not ssh_version:
			continue
		if ssh_prefix in [SSH.Product.LibSSH]:
			continue
		if ssh_version.endswith('C'):
			ssh_version = '{0} (client only)'.format(ssh_version[:-1])
		tv.append('{0} {1}'.format(ssh_prefix, ssh_version))
	if len(tv) == 0:
		return None
	return 'available since ' + ', '.join(tv).rstrip(', ')


def get_alg_pairs(kex, pkm):
	# type: (Optional[SSH2.Kex], Optional[SSH1.PublicKeyMessage]) -> List[Tuple[int, Dict[str, Dict[str, List[List[str]]]], List[Tuple[str, List[text_type]]]]]
	alg_pairs = []
	if pkm is not None:
		alg_pairs.append((1, SSH1.KexDB.ALGORITHMS,
		                  [('key', [u'ssh-rsa1']),
		                   ('enc', pkm.supported_ciphers),
		                   ('aut', pkm.supported_authentications)]))
	if kex is not None:
		alg_pairs.append((2, KexDB.ALGORITHMS,
		                  [('kex', kex.kex_algorithms),
		                   ('key', kex.key_algorithms),
		                   ('enc', kex.server.encryption),
		                   ('mac', kex.server.mac)]))
	return alg_pairs


def get_alg_recommendations(software, kex, pkm, for_server=True):
	# type: (SSH.Software, SSH2.Kex, SSH1.PublicKeyMessage, bool) -> Tuple[SSH.Software, Dict[int, Dict[str, Dict[str, Dict[str, int]]]]]
	# pylint: disable=too-many-locals,too-many-statements
	alg_pairs = get_alg_pairs(kex, pkm)
	vproducts = [SSH.Product.OpenSSH,
	             SSH.Product.DropbearSSH,
	             SSH.Product.LibSSH]
	if software is not None:
		if software.product not in vproducts:
			software = None
	if software is None:
		ssh_timeframe = get_ssh_timeframe(alg_pairs, for_server)
		for product in vproducts:
			if product not in ssh_timeframe:
				continue
			version = ssh_timeframe[product][0]
			if version is not None:
				software = SSH.Software(None, product, version, None, None)
				break
	rec = {}  # type: Dict[int, Dict[str, Dict[str, Dict[str, int]]]]
	if software is None:
		return software, rec
	for alg_pair in alg_pairs:
		sshv, alg_db = alg_pair[0], alg_pair[1]
		rec[sshv] = {}
		for alg_set in alg_pair[2]:
			alg_type, alg_list = alg_set
			if alg_type == 'aut':
				continue
			rec[sshv][alg_type] = {'add': {}, 'del': {}}
			for n, alg_desc in alg_db[alg_type].items():
				if alg_type == 'key' and '-cert-' in n:
					continue
				versions = alg_desc[0]
				if len(versions) == 0 or versions[0] is None:
					continue
				matches = False
				for v in versions[0].split(','):
					ssh_prefix, ssh_version = get_ssh_version(v)
					if not ssh_version:
						continue
					if ssh_prefix != software.product:
						continue
					if ssh_version.endswith('C'):
						if for_server:
							continue
						ssh_version = ssh_version[:-1]
					if software.compare_version(ssh_version) < 0:
						continue
					matches = True
					break
				if not matches:
					continue
				adl, faults = len(alg_desc), 0
				for i in range(1, 3):
					if not adl > i:
						continue
					fc = len(alg_desc[i])
					if fc > 0:
						faults += pow(10, 2 - i) * fc
				if n not in alg_list:
					if faults > 0:
						continue
					rec[sshv][alg_type]['add'][n] = 0
				else:
					if faults == 0:
						continue
					if n == 'diffie-hellman-group-exchange-sha256':
						if software.compare_version('7.3') < 0:
							continue
					rec[sshv][alg_type]['del'][n] = faults
			add_count = len(rec[sshv][alg_type]['add'])
			del_count = len(rec[sshv][alg_type]['del'])
			new_alg_count = len(alg_list) + add_count - del_count
			if new_alg_count < 1 and del_count > 0:
				mf = min(rec[sshv][alg_type]['del'].values())
				new_del = {}
				for k, cf in rec[sshv][alg_type]['del'].items():
					if cf != mf:
						new_del[k] = cf
				if del_count != len(new_del):
					rec[sshv][alg_type]['del'] = new_del
					new_alg_count += del_count - len(new_del)
			if new_alg_count < 1:
				del rec[sshv][alg_type]
			else:
				if add_count == 0:
					del rec[sshv][alg_type]['add']
				if del_count == 0:
					del rec[sshv][alg_type]['del']
				if len(rec[sshv][alg_type]) == 0:
					del rec[sshv][alg_type]
		if len(rec[sshv]) == 0:
			del rec[sshv]
	return software, rec


def output_algorithms(title, alg_db, alg_type, algorithms, maxlen=0):
	# type: (str, Dict[str, Dict[str, List[List[str]]]], str, List[text_type], int) -> None
	with OutputBuffer() as obuf:
		for algorithm in algorithms:
			output_algorithm(alg_db, alg_type, algorithm, maxlen)
	if len(obuf) > 0:
		out.head('# ' + title)
		obuf.flush()
		out.sep()


def output_algorithm(alg_db, alg_type, alg_name, alg_max_len=0):
	# type: (Dict[str, Dict[str, List[List[str]]]], str, text_type, int) -> None
	prefix = '(' + alg_type + ') '
	if alg_max_len == 0:
		alg_max_len = len(alg_name)
	padding = '' if out.batch else ' ' * (alg_max_len - len(alg_name))
	texts = []
	if len(alg_name.strip()) == 0:
		return
	alg_name_native = utils.to_ntext(alg_name)
	if alg_name_native in alg_db[alg_type]:
		alg_desc = alg_db[alg_type][alg_name_native]
		ldesc = len(alg_desc)
		for idx, level in enumerate(['fail', 'warn', 'info']):
			if level == 'info':
				versions = alg_desc[0]
				since_text = get_alg_since_text(versions)
				if since_text:
					texts.append((level, since_text))
			idx = idx + 1
			if ldesc > idx:
				for t in alg_desc[idx]:
					texts.append((level, t))
		if len(texts) == 0:
			texts.append(('info', ''))
	else:
		texts.append(('warn', 'unknown algorithm'))
	first = True
	for (level, text) in texts:
		f = getattr(out, level)
		text = '[' + level + '] ' + text
		if first:
			if first and level == 'info':
				f = out.good
			f(prefix + alg_name + padding + ' -- ' + text)
			first = False
		else:
			if out.verbose:
				f(prefix + alg_name + padding + ' -- ' + text)
			else:
				f(' ' * len(prefix + alg_name) + padding + ' `- ' + text)


def output_compatibility(kex, pkm, for_server=True):
	# type: (Optional[SSH2.Kex], Optional[SSH1.PublicKeyMessage], bool) -> None
	alg_pairs = get_alg_pairs(kex, pkm)
	ssh_timeframe = get_ssh_timeframe(alg_pairs, for_server)
	vp = 1 if for_server else 2
	comp_text = []
	for sshd_name in [SSH.Product.OpenSSH, SSH.Product.DropbearSSH]:
		if sshd_name not in ssh_timeframe:
			continue
		v = ssh_timeframe[sshd_name]
		if v[vp] is None:
			comp_text.append('{0} {1}+'.format(sshd_name, v[0]))
		elif v[0] == v[vp]:
			comp_text.append('{0} {1}'.format(sshd_name, v[0]))
		else:
			if v[vp] < v[0]:
				tfmt = '{0} {1}+ (some functionality from {2})'
			else:
				tfmt = '{0} {1}-{2}'
			comp_text.append(tfmt.format(sshd_name, v[0], v[vp]))
	if len(comp_text) > 0:
		out.good('(gen) compatibility: ' + ', '.join(comp_text))


def output_security_sub(sub, software, padlen):
	# type: (str, SSH.Software, int) -> None
	secdb = SSH.Security.CVE if sub == 'cve' else SSH.Security.TXT
	if software is None or software.product not in secdb:
		return
	for line in secdb[software.product]:
		vfrom, vtill = line[0:2]  # type: str, str
		if not software.between_versions(vfrom, vtill):
			continue
		target, name = line[2:4]  # type: int, str
		is_server, is_client = target & 1 == 1, target & 2 == 2
		is_local = target & 4 == 4
		if not is_server:
			continue
		p = '' if out.batch else ' ' * (padlen - len(name))
		if sub == 'cve':
			cvss, descr = line[4:6]  # type: float, str
			out.fail('(cve) {0}{1} -- ({2}) {3}'.format(name, p, cvss, descr))
		else:
			descr = line[4]
			out.fail('(sec) {0}{1} -- {2}'.format(name, p, descr))


def output_security(banner, padlen):
	# type: (SSH.Banner, int) -> None
	with OutputBuffer() as obuf:
		if banner:
			software = SSH.Software.parse(banner)
			output_security_sub('cve', software, padlen)
			output_security_sub('txt', software, padlen)
	if len(obuf) > 0:
		out.head('# security')
		obuf.flush()
		out.sep()


def output_fingerprint(kex, pkm, sha256=True, padlen=0):
	# type: (Optional[SSH2.Kex], Optional[SSH1.PublicKeyMessage], bool, int) -> None
	with OutputBuffer() as obuf:
		fps = []
		if pkm is not None:
			name = 'ssh-rsa1'
			fp = SSH.Fingerprint(pkm.host_key_fingerprint_data)
			bits = pkm.host_key_bits
			fps.append((name, fp, bits))
		for fpp in fps:
			name, fp, bits = fpp
			fpo = fp.sha256 if sha256 else fp.md5
			p = '' if out.batch else ' ' * (padlen - len(name))
			out.good('(fin) {0}{1} -- {2} {3}'.format(name, p, bits, fpo))
	if len(obuf) > 0:
		out.head('# fingerprints')
		obuf.flush()
		out.sep()


def output_recommendations(software, kex, pkm, padlen=0):
	# type: (SSH.Software, SSH2.Kex, SSH1.PublicKeyMessage, int) -> None
	for_server = True
	with OutputBuffer() as obuf:
		software, alg_rec = get_alg_recommendations(software, kex, pkm, for_server)
		for sshv in range(2, 0, -1):
			if sshv not in alg_rec:
				continue
			for alg_type in ['kex', 'key', 'enc', 'mac']:
				if alg_type not in alg_rec[sshv]:
					continue
				for action in ['del', 'add']:
					if action not in alg_rec[sshv][alg_type]:
						continue
					for name in alg_rec[sshv][alg_type][action]:
						p = '' if out.batch else ' ' * (padlen - len(name))
						if action == 'del':
							an, sg, fn = 'remove', '-', out.warn
							if alg_rec[sshv][alg_type][action][name] >= 10:
								fn = out.fail
						else:
							an, sg, fn = 'append', '+', out.good
						b = '(SSH{0})'.format(sshv) if sshv == 1 else ''
						fm = '(rec) {0}{1}{2}-- {3} algorithm to {4} {5}'
						fn(fm.format(sg, name, p, alg_type, an, b))
	if len(obuf) > 0:
		title = '(for {0})'.format(software.display(False)) if software else ''
		out.head('# algorithm recommendations {0}'.format(title))
		obuf.flush()
		out.sep()


def output(banner, header, kex=None, pkm=None):
	# type: (Optional[SSH.Banner], List[text_type], Optional[SSH2.Kex], Optional[SSH1.PublicKeyMessage]) -> None
	sshv = 1 if pkm else 2
	with OutputBuffer() as obuf:
		if len(header) > 0:
			out.info('(gen) header: ' + '\n'.join(header))
		if banner is not None:
			out.good('(gen) banner: {0}'.format(banner))
			if not banner.valid_ascii:
				# NOTE: RFC 4253, Section 4.2
				out.warn('(gen) banner contains non-printable ASCII')
			if sshv == 1 or banner.protocol[0] == 1:
				out.fail('(gen) protocol SSH1 enabled')
			software = SSH.Software.parse(banner)
			if software is not None:
				out.good('(gen) software: {0}'.format(software))
		else:
			software = None
		output_compatibility(kex, pkm)
		if kex is not None:
			compressions = [x for x in kex.server.compression if x != 'none']
			if len(compressions) > 0:
				cmptxt = 'enabled ({0})'.format(', '.join(compressions))
			else:
				cmptxt = 'disabled'
			out.good('(gen) compression: {0}'.format(cmptxt))
	if len(obuf) > 0:
		out.head('# general')
		obuf.flush()
		out.sep()
	ml, maxlen = lambda l: max(len(i) for i in l), 0
	if pkm is not None:
		maxlen = max(ml(pkm.supported_ciphers),
		             ml(pkm.supported_authentications),
		             maxlen)
	if kex is not None:
		maxlen = max(ml(kex.kex_algorithms),
		             ml(kex.key_algorithms),
		             ml(kex.server.encryption),
		             ml(kex.server.mac),
		             maxlen)
	maxlen += 1
	output_security(banner, maxlen)
	if pkm is not None:
		adb = SSH1.KexDB.ALGORITHMS
		ciphers = pkm.supported_ciphers
		auths = pkm.supported_authentications
		title, atype = 'SSH1 host-key algorithms', 'key'
		output_algorithms(title, adb, atype, ['ssh-rsa1'], maxlen)
		title, atype = 'SSH1 encryption algorithms (ciphers)', 'enc'
		output_algorithms(title, adb, atype, ciphers, maxlen)
		title, atype = 'SSH1 authentication types', 'aut'
		output_algorithms(title, adb, atype, auths, maxlen)
	if kex is not None:
		adb = KexDB.ALGORITHMS
		title, atype = 'key exchange algorithms', 'kex'
		output_algorithms(title, adb, atype, kex.kex_algorithms, maxlen)
		title, atype = 'host-key algorithms', 'key'
		output_algorithms(title, adb, atype, kex.key_algorithms, maxlen)
		title, atype = 'encryption algorithms (ciphers)', 'enc'
		output_algorithms(title, adb, atype, kex.server.encryption, maxlen)
		title, atype = 'message authentication code algorithms', 'mac'
		output_algorithms(title, adb, atype, kex.server.mac, maxlen)
	output_recommendations(software, kex, pkm, maxlen)
	output_fingerprint(kex, pkm, True, maxlen)


class Utils(object):
	@classmethod
	def _type_err(cls, v, target):
		# type: (Any, text_type) -> TypeError
		return TypeError('cannot convert {0} to {1}'.format(type(v), target))
	
	@classmethod
	def to_bytes(cls, v, enc='utf-8'):
		# type: (Union[binary_type, text_type], str) -> binary_type
		if isinstance(v, binary_type):
			return v
		elif isinstance(v, text_type):
			return v.encode(enc)
		raise cls._type_err(v, 'bytes')
	
	@classmethod
	def to_utext(cls, v, enc='utf-8'):
		# type: (Union[text_type, binary_type], str) -> text_type
		if isinstance(v, text_type):
			return v
		elif isinstance(v, binary_type):
			return v.decode(enc)
		raise cls._type_err(v, 'unicode text')
	
	@classmethod
	def to_ntext(cls, v, enc='utf-8'):
		# type: (Union[text_type, binary_type], str) -> str
		if isinstance(v, str):
			return v
		elif isinstance(v, text_type):
			return v.encode(enc)
		elif isinstance(v, binary_type):
			return v.decode(enc)
		raise cls._type_err(v, 'native text')
	
	@classmethod
	def is_ascii(cls, v):
		# type: (Union[text_type, str]) -> bool
		try:
			if isinstance(v, (text_type, str)):
				v.encode('ascii')
				return True
		except UnicodeEncodeError:
			pass
		return False
	
	@classmethod
	def to_ascii(cls, v, errors='replace'):
		# type: (Union[text_type, str], str) -> str
		if isinstance(v, (text_type, str)):
			return cls.to_ntext(v.encode('ascii', errors))
		raise cls._type_err(v, 'ascii')
	
	@classmethod
	def unique_seq(cls, seq):
		# type: (Sequence[Any]) -> Sequence[Any]
		seen = set()  # type: Set[Any]
		
		def _seen_add(x):
			# type: (Any) -> bool
			seen.add(x)
			return False
		
		if isinstance(seq, tuple):
			return tuple(x for x in seq if x not in seen and not _seen_add(x))
		else:
			return [x for x in seq if x not in seen and not _seen_add(x)]
		
	@staticmethod
	def parse_int(v):
		# type: (Any) -> int
		try:
			return int(v)
		except:  # pylint: disable=bare-except
			return 0


def audit(aconf, sshv=None):
	# type: (AuditConf, Optional[int]) -> None
	out.batch = aconf.batch
	out.colors = aconf.colors
	out.verbose = aconf.verbose
	out.minlevel = aconf.minlevel
	s = SSH.Socket(aconf.host, aconf.port)
	s.connect(aconf.ipvo)
	if sshv is None:
		sshv = 2 if aconf.ssh2 else 1
	err = None
	banner, header = s.get_banner(sshv)
	if banner is None:
		err = '[exception] did not receive banner.'
	if err is None:
		packet_type, payload = s.read_packet(sshv)
		if packet_type < 0:
			try:
				payload_txt = payload.decode('utf-8') if payload else u'empty'
			except UnicodeDecodeError:
				payload_txt = u'"{0}"'.format(repr(payload).lstrip('b')[1:-1])
			if payload_txt == u'Protocol major versions differ.':
				if sshv == 2 and aconf.ssh1:
					audit(aconf, 1)
					return
			err = '[exception] error reading packet ({0})'.format(payload_txt)
		else:
			err_pair = None
			if sshv == 1 and packet_type != SSH.Protocol.SMSG_PUBLIC_KEY:
				err_pair = ('SMSG_PUBLIC_KEY', SSH.Protocol.SMSG_PUBLIC_KEY)
			elif sshv == 2 and packet_type != SSH.Protocol.MSG_KEXINIT:
				err_pair = ('MSG_KEXINIT', SSH.Protocol.MSG_KEXINIT)
			if err_pair is not None:
				fmt = '[exception] did not receive {0} ({1}), ' + \
				      'instead received unknown message ({2})'
				err = fmt.format(err_pair[0], err_pair[1], packet_type)
	if err:
		output(banner, header)
		out.fail(err)
		sys.exit(1)
	if sshv == 1:
		pkm = SSH1.PublicKeyMessage.parse(payload)
		output(banner, header, pkm=pkm)
	elif sshv == 2:
		kex = SSH2.Kex.parse(payload)
		output(banner, header, kex=kex)


utils = Utils()
out = Output()
if __name__ == '__main__':  # pragma: nocover
	conf = AuditConf.from_cmdline(sys.argv[1:], usage)
	audit(conf)