2023-11-12 19:20:10 +00:00
id : ssh-weak-public-key
info :
name : SSH Host Keys < 2048 Bits Considered Weak
author : pussycat0x
severity : low
description : |
SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
reference :
- https://www.tenable.com/plugins/nessus/153954
metadata :
verified : true
2023-12-12 11:07:52 +00:00
max-request : 2
2023-11-12 19:20:10 +00:00
shodan-query : product:"OpenSSH"
2024-01-14 09:21:50 +00:00
tags : enum,js,ssh,misconfig,network
2023-12-12 23:25:50 +00:00
2023-11-12 19:20:10 +00:00
variables :
2023-11-13 09:55:40 +00:00
ecdsa_bit : '256' # 256 bytes = 2048 bits
rsa_bit : '2048' # 2048 bits
2024-01-04 06:46:23 +00:00
2023-11-12 19:20:10 +00:00
javascript :
2023-12-01 13:18:05 +00:00
- pre-condition : |
isPortOpen(Host,Port);
code : |
2023-11-12 19:20:10 +00:00
let m = require("nuclei/ssh");
let c = m.SSHClient();
let response = c.ConnectSSHInfoMode(Host, Port);
2024-02-29 08:05:22 +00:00
Export(response);
2023-11-12 19:20:10 +00:00
args :
Host : "{{Host}}"
Port : "22"
matchers-condition : and
matchers :
- type : word
words :
- "server_host_key"
- type : dsl
dsl :
2023-11-13 09:55:40 +00:00
- 'len(ecdsa_keylen) != 0 && ecdsa_keylen < ecdsa_bit'
- 'len(rsa_keylen) !=0 && rsa_keylen < rsa_bit'
2023-11-12 19:20:10 +00:00
extractors :
- type : json
internal : true
2023-11-13 09:55:40 +00:00
name : ecdsa_keylen
2023-11-12 19:20:10 +00:00
json :
- '.DHKeyExchange.server_host_key.ecdsa_public_key.length'
2023-11-13 09:55:40 +00:00
- type : json
internal : true
name : rsa_keylen
json :
- '.DHKeyExchange.server_host_key.rsa_public_key.length'
2024-02-29 08:16:55 +00:00
# digest: 4a0a00473045022100ea8b80af27d86935581b08d31adc9c4ee09d297f7c1f97af6f1bd02f1cc2e4f5022062872e1f08a379f7a69b14f975ca692a57cb28777c95d0b5eacb52573e0585e5:922c64590222798bb761d5b6d8e72950
