badkeys


Namebadkeys JSON
Version 0.0.12 PyPI version JSON
download
home_pageNone
SummaryCheck cryptographic keys for known weaknesses
upload_time2024-09-15 11:34:03
maintainerNone
docs_urlNone
authorHanno Böck
requires_python>=3.9
licenseMIT
keywords security cryptography rsa
VCS
bugtrack_url
requirements cryptography gmpy2
Travis-CI No Travis.
coveralls test coverage No coveralls.
            # badkeys

Tool and library to check cryptographic public keys for known vulnerabilities

# what?

badkeys checks public keys in various formats for known vulnerabilities. A web version
can be found at [badkeys.info](https://badkeys.info/).

# install

badkeys can be installed [via pip](https://pypi.org/project/badkeys/):
```
pip3 install badkeys
```

You may want to use a virtual environment. For details about different installation
options, please [check the official Python documentation](
https://packaging.python.org/en/latest/tutorials/installing-packages/). Alternatively,
you can directly call _./badkeys-cli_ directly from the git repository.

# usage

Before using badkeys, you need to download the blocklist data:
```
badkeys --update-bl
```

After that, you can call _badkeys_ and pass files with cryptographic public keys as the
parameter:
```
badkeys test.crt my.key
```

It will automatically try to detect the file format. Supported are public and private
keys in PEM format (both PKCS #1 and PKCS #8), X.509 certificates, certificate signing
requests (CSRs) and SSH public keys. You can find some test keys in the _tests/data_
directory.

By default, badkeys will only output information about vulnerable keys, meaning no
output will be generated if no vulnerabilities are found. The _-a_ parameter creates
output for all keys.

# scanning

badkeys can scan SSH and TLS hosts and automatically check their public keys. This can
be enabled with the parameters _-s_ (SSH) and _-t_ (TLS). By default, SSH will be
scanned on port 22 and TLS will be scanned on several ports for common protocols
(https/443, smtps/465, ldaps/636, ftps/990, imaps/993, pop3s/995 and 8443, which is
commonly used as a non-standard https port).

Alternative ports can be configured with _--tls-ports_ and _--ssh-ports_.

TLS and SSH scanning can be combined:
```
badkeys -ts example.org
```

Note that the scanning modes have limitations. It is often more desirable to use other
tools to collect TLS/SSH keys and scan them locally with badkeys.

SSH scanning needs [paramiko](https://www.paramiko.org/) as an additional dependency.

TLS scanning can't detect multiple certificates on one host (e.g. ECDSA and RSA). This
is a [limitation of Python's ssl.get_server_certificate() function](
https://bugs.python.org/issue31892).

# Python module and API

badkeys can also be used as a Python module. However, currently the software is in beta
state and the API may change regularly.

# about

badkeys was written by [Hanno Böck](https://hboeck.de).

This work was initially funded in 2022 by Industriens Fond through the CIDI project
(Cybersecure IOT in Danish Industry) and the [Center for Information Security and Trust
(CISAT)](https://cisat.dk/) at the IT University of Copenhagen, Denmark.

            

Raw data

            {
    "_id": null,
    "home_page": null,
    "name": "badkeys",
    "maintainer": null,
    "docs_url": null,
    "requires_python": ">=3.9",
    "maintainer_email": null,
    "keywords": "security, cryptography, rsa",
    "author": "Hanno B\u00f6ck",
    "author_email": null,
    "download_url": "https://files.pythonhosted.org/packages/3f/51/e1acca1ebddf0dc44937e340690364051e2e79e6d4bd628aba9f30f56115/badkeys-0.0.12.tar.gz",
    "platform": null,
    "description": "# badkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\n# what?\n\nbadkeys checks public keys in various formats for known vulnerabilities. A web version\ncan be found at [badkeys.info](https://badkeys.info/).\n\n# install\n\nbadkeys can be installed [via pip](https://pypi.org/project/badkeys/):\n```\npip3 install badkeys\n```\n\nYou may want to use a virtual environment. For details about different installation\noptions, please [check the official Python documentation](\nhttps://packaging.python.org/en/latest/tutorials/installing-packages/). Alternatively,\nyou can directly call _./badkeys-cli_ directly from the git repository.\n\n# usage\n\nBefore using badkeys, you need to download the blocklist data:\n```\nbadkeys --update-bl\n```\n\nAfter that, you can call _badkeys_ and pass files with cryptographic public keys as the\nparameter:\n```\nbadkeys test.crt my.key\n```\n\nIt will automatically try to detect the file format. Supported are public and private\nkeys in PEM format (both PKCS #1 and PKCS #8), X.509 certificates, certificate signing\nrequests (CSRs) and SSH public keys. You can find some test keys in the _tests/data_\ndirectory.\n\nBy default, badkeys will only output information about vulnerable keys, meaning no\noutput will be generated if no vulnerabilities are found. The _-a_ parameter creates\noutput for all keys.\n\n# scanning\n\nbadkeys can scan SSH and TLS hosts and automatically check their public keys. This can\nbe enabled with the parameters _-s_ (SSH) and _-t_ (TLS). By default, SSH will be\nscanned on port 22 and TLS will be scanned on several ports for common protocols\n(https/443, smtps/465, ldaps/636, ftps/990, imaps/993, pop3s/995 and 8443, which is\ncommonly used as a non-standard https port).\n\nAlternative ports can be configured with _--tls-ports_ and _--ssh-ports_.\n\nTLS and SSH scanning can be combined:\n```\nbadkeys -ts example.org\n```\n\nNote that the scanning modes have limitations. It is often more desirable to use other\ntools to collect TLS/SSH keys and scan them locally with badkeys.\n\nSSH scanning needs [paramiko](https://www.paramiko.org/) as an additional dependency.\n\nTLS scanning can't detect multiple certificates on one host (e.g. ECDSA and RSA). This\nis a [limitation of Python's ssl.get_server_certificate() function](\nhttps://bugs.python.org/issue31892).\n\n# Python module and API\n\nbadkeys can also be used as a Python module. However, currently the software is in beta\nstate and the API may change regularly.\n\n# about\n\nbadkeys was written by [Hanno B\u00f6ck](https://hboeck.de).\n\nThis work was initially funded in 2022 by Industriens Fond through the CIDI project\n(Cybersecure IOT in Danish Industry) and the [Center for Information Security and Trust\n(CISAT)](https://cisat.dk/) at the IT University of Copenhagen, Denmark.\n",
    "bugtrack_url": null,
    "license": "MIT",
    "summary": "Check cryptographic keys for known weaknesses",
    "version": "0.0.12",
    "project_urls": {
        "Bug Tracker": "https://github.com/badkeys/badkeys/issues",
        "Homepage": "https://badkeys.info/",
        "Source": "https://github.com/badkeys/badkeys"
    },
    "split_keywords": [
        "security",
        " cryptography",
        " rsa"
    ],
    "urls": [
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "ab9764ae750093a44f011c20fef3d6e57a78f593e7c45ad59d963d4cdacae74d",
                "md5": "510257947f2e777354b28e320696abc2",
                "sha256": "512bfddefe504fa9fc8cad77e1f065951fcbd0954dbf9d6ac3ee5f9aee038c44"
            },
            "downloads": -1,
            "filename": "badkeys-0.0.12-py3-none-any.whl",
            "has_sig": false,
            "md5_digest": "510257947f2e777354b28e320696abc2",
            "packagetype": "bdist_wheel",
            "python_version": "py3",
            "requires_python": ">=3.9",
            "size": 365494,
            "upload_time": "2024-09-15T11:27:11",
            "upload_time_iso_8601": "2024-09-15T11:27:11.780682Z",
            "url": "https://files.pythonhosted.org/packages/ab/97/64ae750093a44f011c20fef3d6e57a78f593e7c45ad59d963d4cdacae74d/badkeys-0.0.12-py3-none-any.whl",
            "yanked": false,
            "yanked_reason": null
        },
        {
            "comment_text": "",
            "digests": {
                "blake2b_256": "3f51e1acca1ebddf0dc44937e340690364051e2e79e6d4bd628aba9f30f56115",
                "md5": "87aa7c6696fafcd5f5e9b2e85617ae91",
                "sha256": "2c80bbb84a39d0428082ee8f2990a91a6f30f6df85e9a75091c4a862c08611e1"
            },
            "downloads": -1,
            "filename": "badkeys-0.0.12.tar.gz",
            "has_sig": false,
            "md5_digest": "87aa7c6696fafcd5f5e9b2e85617ae91",
            "packagetype": "sdist",
            "python_version": "source",
            "requires_python": ">=3.9",
            "size": 374956,
            "upload_time": "2024-09-15T11:34:03",
            "upload_time_iso_8601": "2024-09-15T11:34:03.258605Z",
            "url": "https://files.pythonhosted.org/packages/3f/51/e1acca1ebddf0dc44937e340690364051e2e79e6d4bd628aba9f30f56115/badkeys-0.0.12.tar.gz",
            "yanked": false,
            "yanked_reason": null
        }
    ],
    "upload_time": "2024-09-15 11:34:03",
    "github": true,
    "gitlab": false,
    "bitbucket": false,
    "codeberg": false,
    "github_user": "badkeys",
    "github_project": "badkeys",
    "travis_ci": false,
    "coveralls": false,
    "github_actions": true,
    "requirements": [
        {
            "name": "cryptography",
            "specs": []
        },
        {
            "name": "gmpy2",
            "specs": []
        }
    ],
    "lcname": "badkeys"
}
        
Elapsed time: 0.47804s