nuclei-templates/javascript/misconfiguration/ssh/ssh-weak-mac-algo.yaml

id: ssh-weak-mac-algo

info:
  name: SSH Weak MAC Algorithms Enabled
  author: pussycat0x
  severity: low
  description: |
    The system's SSH configuration poses a security risk by allowing weak Message Authentication Code (MAC) algorithms, potentially exposing it to vulnerabilities and unauthorized access. It is crucial to update and strengthen the MAC algorithms for enhanced security.
  reference:
    - https://www.tenable.com/plugins/nessus/71049
  metadata:
    verified: true
    max-request: 2
    shodan-query: product:"OpenSSH"
  tags: js,enum,ssh,misconfig,network

javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      let m = require("nuclei/ssh");
      let c = m.SSHClient();
      let response = c.ConnectSSHInfoMode(Host, Port);
      Export(response);
    args:
      Host: "{{Host}}"
      Port: "22"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "server_to_client_macs"
          - "client_to_server_macs"
        condition: and

      - type: word
        words:
          - "hmac-md5"
          - "hmac-md5-96"
          - "hmac-sha1-96"
          - "hmac-md5"
          - "hmac-md5-96"
          - "hmac-sha1-96"
        condition: or
# digest: 490a0046304402207c21377a66b663801228ba58c7145a36f82f256dff404f6a7e1e4ea067d12cf3022031a5619499916f5cafd51c7cd121e33ae70d410631b1804802378813ab99f3fc:922c64590222798bb761d5b6d8e72950
SSH Weak MAC Algorithms Enabled 2023-11-12 10:55:01 +00:00			`id: ssh-weak-mac-algo`

			`info:`
			`name: SSH Weak MAC Algorithms Enabled`
			`author: pussycat0x`
			`severity: low`
			`description: \|`
			`The system's SSH configuration poses a security risk by allowing weak Message Authentication Code (MAC) algorithms, potentially exposing it to vulnerabilities and unauthorized access. It is crucial to update and strengthen the MAC algorithms for enhanced security.`
			`reference:`
			`- https://www.tenable.com/plugins/nessus/71049`
			`metadata:`
			`verified: true`
TemplateMan Update [Tue Dec 12 11:07:51 UTC 2023] :robot: 2023-12-12 11:07:52 +00:00			`max-request: 2`
SSH Weak MAC Algorithms Enabled 2023-11-12 10:55:01 +00:00			`shodan-query: product:"OpenSSH"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: js,enum,ssh,misconfig,network`
final lint fix 2024-01-04 06:46:23 +00:00
SSH Weak MAC Algorithms Enabled 2023-11-12 10:55:01 +00:00			`javascript:`
SSH: pre-condition 2023-12-01 13:18:05 +00:00			`- pre-condition: \|`
			`isPortOpen(Host,Port);`
			`code: \|`
SSH Weak MAC Algorithms Enabled 2023-11-12 10:55:01 +00:00			`let m = require("nuclei/ssh");`
			`let c = m.SSHClient();`
			`let response = c.ConnectSSHInfoMode(Host, Port);`
javascript templates with new syntax 2024-02-29 08:05:22 +00:00			`Export(response);`
SSH Weak MAC Algorithms Enabled 2023-11-12 10:55:01 +00:00			`args:`
			`Host: "{{Host}}"`
			`Port: "22"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`words:`
			`- "server_to_client_macs"`
			`- "client_to_server_macs"`
lint -fix 2023-11-12 10:58:36 +00:00			`condition: and`
SSH Weak MAC Algorithms Enabled 2023-11-12 10:55:01 +00:00
			`- type: word`
			`words:`
			`- "hmac-md5"`
			`- "hmac-md5-96"`
			`- "hmac-sha1-96"`
			`- "hmac-md5"`
			`- "hmac-md5-96"`
			`- "hmac-sha1-96"`
lint -fix 2023-11-12 10:58:36 +00:00			`condition: or`
Auto Template Signing [Thu Feb 29 08:16:55 UTC 2024] :robot: 2024-02-29 08:16:55 +00:00			`# digest: 490a0046304402207c21377a66b663801228ba58c7145a36f82f256dff404f6a7e1e4ea067d12cf3022031a5619499916f5cafd51c7cd121e33ae70d410631b1804802378813ab99f3fc:922c64590222798bb761d5b6d8e72950`