nuclei-templates/javascript/enumeration/ssh-weak-public-key.yaml

54 lines
1.7 KiB
YAML
Raw Normal View History

id: ssh-weak-public-key
info:
name: SSH Host Keys < 2048 Bits Considered Weak
author: pussycat0x
severity: low
description: |
SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
reference:
- https://www.tenable.com/plugins/nessus/153954
metadata:
verified: true
max-request: 2
shodan-query: product:"OpenSSH"
tags: javascript,ssh,misconfig,network
variables:
2023-11-13 09:55:40 +00:00
ecdsa_bit: '256' # 256 bytes = 2048 bits
rsa_bit: '2048' # 2048 bits
javascript:
2023-12-01 13:18:05 +00:00
- pre-condition: |
isPortOpen(Host,Port);
code: |
let m = require("nuclei/ssh");
let c = m.SSHClient();
let response = c.ConnectSSHInfoMode(Host, Port);
2023-11-13 09:55:40 +00:00
to_json(response);
args:
Host: "{{Host}}"
Port: "22"
matchers-condition: and
matchers:
- type: word
words:
- "server_host_key"
- type: dsl
dsl:
2023-11-13 09:55:40 +00:00
- 'len(ecdsa_keylen) != 0 && ecdsa_keylen < ecdsa_bit'
- 'len(rsa_keylen) !=0 && rsa_keylen < rsa_bit'
extractors:
- type: json
internal: true
2023-11-13 09:55:40 +00:00
name: ecdsa_keylen
json:
- '.DHKeyExchange.server_host_key.ecdsa_public_key.length'
2023-11-13 09:55:40 +00:00
- type: json
internal: true
name: rsa_keylen
json:
- '.DHKeyExchange.server_host_key.rsa_public_key.length'
# digest: 490a0046304402202fca69a48a0c58f1dca060833d9928f1fc4cbec96e3e8fde2ec08b5853a75c920220476a9a5b8b44fec198f954456f1cb5b8ed360ebb454f2b249083641bc0ffcf28:922c64590222798bb761d5b6d8e72950