Ssh-audit

This is primarily a bug-fix release.

Please note that this version is also available as a PyPI package (`pip3 install ssh-audit`), Snap package (`snap install ssh-audit`), or as a Windows executable (below).

The full change log is:

- Added multi-threaded scanning support.
- Added built-in Windows manual page (see `-m`/`--manual`); credit [Adam Russell](https://github.com/thecliguy).
- Added version check for OpenSSH user enumeration (CVE-2018-15473).
- Added deprecation note to host key types based on SHA-1.
- Added extra warnings for SSHv1.
- Added built-in hardened OpenSSH v8.5 policy.
- Upgraded warnings to failures for host key types based on SHA-1.
- Fixed crash when receiving unexpected response during host key test.
- Fixed hang against older Cisco devices during host key test & gex test.
- Fixed improper termination while scanning multiple targets when one target returns an error.
- Dropped support for Python 3.5 (which reached EOL in Sept. 2020).
- Added 1 new key exchange: `sntrup761x25519-sha512openssh.com`.

This release features better public key size parsing, as well as a major code re-organization (see 46 and 47), and other improvements.

Please note that this version is also available as a PyPI package (`pip3 install ssh-audit`), Snap package (`snap install ssh-audit`), or as a Windows executable (below).

The full change log is:
- Now parses public key sizes for `rsa-sha2-256-cert-v01openssh.com` and `rsa-sha2-512-cert-v01openssh.com` host key types.
- Flag `ssh-rsa-cert-v01openssh.com` as a failure due to SHA-1 hash.
- Fixed bug in recommendation output which suppressed some algorithms inappropriately.
- Built-in policies now include CA key requirements (if certificates are in use).
- Lookup function (`--lookup`) now performs case-insensitive lookups of similar algorithms; credit [Adam Russell](https://github.com/thecliguy).
- Migrated pre-made policies from external files to internal database.
- Split single 3,500 line script into many files (by class).
- Added setup.py support; credit [Ganden Schaffner](https://github.com/gschaffner).
- Added 1 new cipher: `des-cbcssh.com`.

The highlight of this release is support for policy scanning (this allows an admin to test a server against a hardened/standard configuration). See the tutorial link below for a more detailed description.

The full change log is:
- Added new policy auditing functionality to test adherence to a hardening guide/standard configuration (see `-L`/`--list-policies`, `-M`/`--make-policy` and `-P`/`--policy`). For an in-depth tutorial, see <https://www.positronsecurity.com/blog/2020-09-27-ssh-policy-configuration-checks-with-ssh-audit/>.
- Created new man page (see `ssh-audit.1` file).
- 1024-bit moduli upgraded from warnings to failures.
- Many Python 2 code clean-ups, testing framework improvements, pylint & flake8 fixes, and mypy type comments; credit [Jürgen Gmach](https://github.com/jugmac00).
- Added feature to look up algorithms in internal database (see `--lookup`); credit [Adam Russell](https://github.com/thecliguy).
- Suppress recommendation of token host key types.
- Added check for use-after-free vulnerability in PuTTY v0.73.
- Added 11 new host key types: `ssh-rsa1`, `ssh-dss-sha256ssh.com`, `ssh-gost2001`, `ssh-gost2012-256`, `ssh-gost2012-512`, `spki-sign-rsa`, `ssh-ed448`, `x509v3-ecdsa-sha2-nistp256`, `x509v3-ecdsa-sha2-nistp384`, `x509v3-ecdsa-sha2-nistp521`, `x509v3-rsa2048-sha256`.
- Added 8 new key exchanges: `diffie-hellman-group1-sha256`, `kexAlgoCurve25519SHA256`, `Curve25519SHA256`, `gss-group14-sha256-`, `gss-group15-sha512-`, `gss-group16-sha512-`, `gss-nistp256-sha256-`, `gss-curve25519-sha256-`.
- Added 5 new ciphers: `blowfish`, `AEAD_AES_128_GCM`, `AEAD_AES_256_GCM`, `crypticore128ssh.com`, `seed-cbcssh.com`.
- Added 3 new MACs: `chacha20-poly1305openssh.com`, `hmac-sha3-224`, `crypticore-macssh.com`.

This release re-classifies the very common `ssh-rsa` host key type as weak, due to practical SHA-1 attacks (see link below). Many new algorithms are also implemented.

- Marked host key type `ssh-rsa` as weak due to [practical SHA-1 collisions](https://eprint.iacr.org/2020/014.pdf).
- Added Windows builds.
- Added 10 new host key types: `ecdsa-sha2-1.3.132.0.10`, `x509v3-sign-dss`, `x509v3-sign-rsa`, `x509v3-sign-rsa-sha256ssh.com`, `x509v3-ssh-dss`, `x509v3-ssh-rsa`, `sk-ecdsa-sha2-nistp256-cert-v01openssh.com`, `sk-ecdsa-sha2-nistp256openssh.com`, `sk-ssh-ed25519-cert-v01openssh.com`, and `sk-ssh-ed25519openssh.com`.
- Added 18 new key exchanges: `diffie-hellman-group14-sha256ssh.com`, `diffie-hellman-group15-sha256ssh.com`, `diffie-hellman-group15-sha384ssh.com`, `diffie-hellman-group16-sha384ssh.com`, `diffie-hellman-group16-sha512ssh.com`, `diffie-hellman-group18-sha512ssh.com`, `ecdh-sha2-curve25519`, `ecdh-sha2-nistb233`, `ecdh-sha2-nistb409`, `ecdh-sha2-nistk163`, `ecdh-sha2-nistk233`, `ecdh-sha2-nistk283`, `ecdh-sha2-nistk409`, `ecdh-sha2-nistp192`, `ecdh-sha2-nistp224`, `ecdh-sha2-nistt571`, `gss-gex-sha1-`, and `gss-group1-sha1-`.
- Added 9 new ciphers: `camellia128-cbc`, `camellia128-ctr`, `camellia192-cbc`, `camellia192-ctr`, `camellia256-cbc`, `camellia256-ctr`, `aes128-gcm`, `aes256-gcm`, and `chacha20-poly1305`.
- Added 2 new MACs: `aes128-gcm` and `aes256-gcm`.

**Note** that pre-built packages are available for Windows (below), via PyPI (`pip3 install ssh-audit`), and via the snap repository (`snap install ssh-audit`).

This maintenance release focuses on improving support for client testing. The full changelog is:
- Added 2 new host key types: `rsa-sha2-256-cert-v01openssh.com`, `rsa-sha2-512-cert-v01openssh.com`.
- Added 2 new ciphers: `des`, `3des`.
- Added 3 new PuTTY vulnerabilities.
- During client testing, client IP address is now listed in output.

Also included is the first Windows release!

The highlights of this release include client-testing functionality to audit the protocols accepted by client software, a JSON output format, support for new algorithms, and bugfixes. Below is the full changelog:
- Added client software auditing functionality (see `-c` / `--client-audit` option).
- Added JSON output option (see `-j` / `--json` option; credit [Andreas Jaggi](https://github.com/x-way)).
- Fixed crash while scanning Solaris Sun_SSH.
- Added 9 new key exchanges: `gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group14-sha1-`, `gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group14-sha256-toWM5Slw5Ew8Mqkay+al2g==`, `gss-group15-sha512-toWM5Slw5Ew8Mqkay+al2g==`, `diffie-hellman-group15-sha256`, `ecdh-sha2-1.3.132.0.10`, `curve448-sha512`.
- Added 1 new host key type: `ecdsa-sha2-1.3.132.0.10`.
- Added 4 new ciphers: `idea-cbc`, `serpent128-cbc`, `serpent192-cbc`, `serpent256-cbc`.
- Added 6 new MACs: `hmac-sha2-256-96-etmopenssh.com`, `hmac-sha2-512-96-etmopenssh.com`, `hmac-ripemd`, `hmac-sha256-96ssh.com`, `umac-32openssh.com`, `umac-96openssh.com`.