suricata
detect-ssh-software-version.c File Reference
#include "suricata-common.h"
#include "threads.h"
#include "debug.h"
#include "decode.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
#include "util-debug.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "app-layer.h"
#include "app-layer-parser.h"
#include "app-layer-ssh.h"
#include "detect-ssh-software-version.h"
#include "rust.h"
#include "stream-tcp.h"
#include "stream-tcp-reassemble.h"
#include "stream-tcp-util.h"
Include dependency graph for detect-ssh-software-version.c:

Go to the source code of this file.

Macros

#define PARSE_REGEX   "^\\s*\"?\\s*?([0-9a-zA-Z\\:\\.\\-\\_\\+\\s+]+)\\s*\"?\\s*$"
 Regex for parsing the softwareversion string. More...
 

Functions

void DetectSshSoftwareVersionRegister (void)
 Registration function for keyword: ssh.softwareversion. More...
 

Detailed Description

Author
Pablo Rincon pablo.nosp@m..rin.nosp@m.con.c.nosp@m.resp.nosp@m.o@gma.nosp@m.il.c.nosp@m.om

Implements the ssh.softwareversion keyword You can match over the software version string of ssh, and it will be compared from the beginning of the string so you can say for example ssh.softwareversion:"PuTTY" and it can match, or you can also specify the version, something like ssh.softwareversion:"PuTTY-Release-0.55" I find this useful to match over a known vulnerable server/client software version incombination to other checks, so you can know that the risk is higher

Definition in file detect-ssh-software-version.c.

Macro Definition Documentation

◆ PARSE_REGEX

#define PARSE_REGEX   "^\\s*\"?\\s*?([0-9a-zA-Z\\:\\.\\-\\_\\+\\s+]+)\\s*\"?\\s*$"

Regex for parsing the softwareversion string.

Definition at line 66 of file detect-ssh-software-version.c.

Function Documentation

◆ DetectSshSoftwareVersionRegister()

void DetectSshSoftwareVersionRegister ( void  )

Registration function for keyword: ssh.softwareversion.

Definition at line 92 of file detect-ssh-software-version.c.

References SigTableElmt_::AppLayerTxMatch, SigTableElmt_::desc, DETECT_AL_SSH_SOFTWAREVERSION, SigTableElmt_::name, sigmatch_table, and SigTableElmt_::url.

Referenced by SigTableSetup().

Here is the caller graph for this function: