Name | badkeys JSON |
Version |
0.0.9
JSON |
| download |
home_page | None |
Summary | Check cryptographic keys for known weaknesses |
upload_time | 2024-05-03 08:32:51 |
maintainer | None |
docs_url | None |
author | Hanno Böck |
requires_python | >=3.9 |
license | MIT |
keywords |
security
cryptography
rsa
|
VCS |
|
bugtrack_url |
|
requirements |
No requirements were recorded.
|
Travis-CI |
No Travis.
|
coveralls test coverage |
No coveralls.
|
# badkeys
Tool and library to check cryptographic public keys for known vulnerabilities
# what?
badkeys checks public keys in various formats for known vulnerabilities. A web version
can be found at [badkeys.info](https://badkeys.info/).
# install
badkeys can be installed [via pip](https://pypi.org/project/badkeys/):
```
pip3 install badkeys
```
Alternatively, you can call _./badkeys-cli_ directly from the git repository.
# usage
Before using badkeys, you need to download the blocklist data:
```
badkeys --update-bl
```
After that, you can call _badkeys_ and pass files with cryptographic public keys as the
parameter:
```
badkeys test.crt my.key
```
It will automatically try to detect the file format. Supported are public and private
keys in PEM format (both PKCS #1 and PKCS #8), X.509 certificates, certificate signing
requests (CSRs) and SSH public keys. You can find some test keys in the _tests/data_
directory.
By default, badkeys will only output information about vulnerable keys, meaning no
output will be generated if no vulnerabilities are found. The _-a_ parameter creates
output for all keys.
# scanning
badkeys can scan SSH and TLS hosts and automatically check their public keys. This can
be enabled with the parameters _-s_ (SSH) and _-t_ (TLS). By default, SSH will be
scanned on port 22 and TLS will be scanned on several ports for common protocols
(https/443, smtps/465, ldaps/636, ftps/990, imaps/993, pop3s/995 and 8443, which is
commonly used as a non-standard https port).
Alternative ports can be configured with _--tls-ports_ and _--ssh-ports_.
TLS and SSH scanning can be combined:
```
badkeys -ts example.org
```
Note that the scanning modes have limitations. It is often more desirable to use other
tools to collect TLS/SSH keys and scan them locally with badkeys.
SSH scanning needs [paramiko](https://www.paramiko.org/) as an additional dependency.
TLS scanning can't detect multiple certificates on one host (e.g. ECDSA and RSA). This
is a [limitation of Python's ssl.get_server_certificate() function](
https://bugs.python.org/issue31892).
# Python module and API
badkeys can also be used as a Python module. However, currently the software is in beta
state and the API may change regularly.
# about
badkeys was written by [Hanno Böck](https://hboeck.de).
This work was initially funded in 2022 by Industriens Fond through the CIDI project
(Cybersecure IOT in Danish Industry) and the [Center for Information Security and Trust
(CISAT)](https://cisat.dk/) at the IT University of Copenhagen, Denmark.
Raw data
{
"_id": null,
"home_page": null,
"name": "badkeys",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": null,
"keywords": "security, cryptography, rsa",
"author": "Hanno B\u00f6ck",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/88/1e/8f47852ae7030e034f5d2b1710e2e45c5fe1ae2233f2e2ae62acc93ffcc0/badkeys-0.0.9.tar.gz",
"platform": null,
"description": "# badkeys\n\nTool and library to check cryptographic public keys for known vulnerabilities\n\n# what?\n\nbadkeys checks public keys in various formats for known vulnerabilities. A web version\ncan be found at [badkeys.info](https://badkeys.info/).\n\n# install\n\nbadkeys can be installed [via pip](https://pypi.org/project/badkeys/):\n```\npip3 install badkeys\n```\n\nAlternatively, you can call _./badkeys-cli_ directly from the git repository.\n\n# usage\n\nBefore using badkeys, you need to download the blocklist data:\n```\nbadkeys --update-bl\n```\n\nAfter that, you can call _badkeys_ and pass files with cryptographic public keys as the\nparameter:\n```\nbadkeys test.crt my.key\n```\n\nIt will automatically try to detect the file format. Supported are public and private\nkeys in PEM format (both PKCS #1 and PKCS #8), X.509 certificates, certificate signing\nrequests (CSRs) and SSH public keys. You can find some test keys in the _tests/data_\ndirectory.\n\nBy default, badkeys will only output information about vulnerable keys, meaning no\noutput will be generated if no vulnerabilities are found. The _-a_ parameter creates\noutput for all keys.\n\n# scanning\n\nbadkeys can scan SSH and TLS hosts and automatically check their public keys. This can\nbe enabled with the parameters _-s_ (SSH) and _-t_ (TLS). By default, SSH will be\nscanned on port 22 and TLS will be scanned on several ports for common protocols\n(https/443, smtps/465, ldaps/636, ftps/990, imaps/993, pop3s/995 and 8443, which is\ncommonly used as a non-standard https port).\n\nAlternative ports can be configured with _--tls-ports_ and _--ssh-ports_.\n\nTLS and SSH scanning can be combined:\n```\nbadkeys -ts example.org\n```\n\nNote that the scanning modes have limitations. It is often more desirable to use other\ntools to collect TLS/SSH keys and scan them locally with badkeys.\n\nSSH scanning needs [paramiko](https://www.paramiko.org/) as an additional dependency.\n\nTLS scanning can't detect multiple certificates on one host (e.g. ECDSA and RSA). This\nis a [limitation of Python's ssl.get_server_certificate() function](\nhttps://bugs.python.org/issue31892).\n\n# Python module and API\n\nbadkeys can also be used as a Python module. However, currently the software is in beta\nstate and the API may change regularly.\n\n# about\n\nbadkeys was written by [Hanno B\u00f6ck](https://hboeck.de).\n\nThis work was initially funded in 2022 by Industriens Fond through the CIDI project\n(Cybersecure IOT in Danish Industry) and the [Center for Information Security and Trust\n(CISAT)](https://cisat.dk/) at the IT University of Copenhagen, Denmark.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Check cryptographic keys for known weaknesses",
"version": "0.0.9",
"project_urls": {
"Bug Tracker": "https://github.com/badkeys/badkeys/issues",
"Homepage": "https://badkeys.info/",
"Source": "https://github.com/badkeys/badkeys"
},
"split_keywords": [
"security",
" cryptography",
" rsa"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "178fbc7af8cd2440019a1271db49fd70a55face081791c97b8d6f3be5c7d43b7",
"md5": "de4f4299820a94fd1085003565ae547b",
"sha256": "5038adf5734e8a1851685cda8a5bfea15e878087cc5da9267cd2912588d9a5f2"
},
"downloads": -1,
"filename": "badkeys-0.0.9-py3-none-any.whl",
"has_sig": false,
"md5_digest": "de4f4299820a94fd1085003565ae547b",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 364623,
"upload_time": "2024-05-03T08:23:46",
"upload_time_iso_8601": "2024-05-03T08:23:46.695359Z",
"url": "https://files.pythonhosted.org/packages/17/8f/bc7af8cd2440019a1271db49fd70a55face081791c97b8d6f3be5c7d43b7/badkeys-0.0.9-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "881e8f47852ae7030e034f5d2b1710e2e45c5fe1ae2233f2e2ae62acc93ffcc0",
"md5": "a62174c36d1ff62c785bc481b0571a21",
"sha256": "c1aead663d8cc8a715669750fb39b3d0d1e6254b35c49c3f577bc13c20196292"
},
"downloads": -1,
"filename": "badkeys-0.0.9.tar.gz",
"has_sig": false,
"md5_digest": "a62174c36d1ff62c785bc481b0571a21",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 374144,
"upload_time": "2024-05-03T08:32:51",
"upload_time_iso_8601": "2024-05-03T08:32:51.134720Z",
"url": "https://files.pythonhosted.org/packages/88/1e/8f47852ae7030e034f5d2b1710e2e45c5fe1ae2233f2e2ae62acc93ffcc0/badkeys-0.0.9.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-03 08:32:51",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "badkeys",
"github_project": "badkeys",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "badkeys"
}