Merge pull request #9842 from projectdiscovery/removing-dropbear

remove-dropbear
patch-2
Dhiyaneshwaran 2024-05-22 10:31:38 +05:30 committed by GitHub
commit aa60568b4b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 0 additions and 104 deletions

View File

@ -1,33 +0,0 @@
id: dropbear-cbc-ciphers
info:
name: Dropbear sshd CBC Mode Ciphers Detection
author: pussycat0x
severity: low
description: |
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
reference: |
https://www.tenable.com/plugins/nessus/70658
remediation: |
Disable CBC Ciphers.
metadata:
max-request: 1
shodan-query: product:"Dropbear sshd"
verified: true
tags: network,ssh,dropbear,detect
tcp:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
port: 22
matchers:
- type: word
words:
- "cbc"
- "SSH-"
condition: and
# digest: 4a0a00473045022002fae16b256b4653ad2b98f85511cd26f00c12b388af06a773784c5a84485c17022100e96053936cf02101d8c3295bc5c5797df04c9fc0e666e5fda59f09208ff75826:922c64590222798bb761d5b6d8e72950

View File

@ -1,33 +0,0 @@
id: dropbear-weakalgo
info:
name: Dropbear sshd Weak Key Exchange Algorithms Enabled
author: pussycat0x
severity: low
description: |
The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server. Over time, some implementations of this algorithm have been identified as weak or vulnerable.
reference: |
https://www.virtuesecurity.com/kb/ssh-weak-key-exchange-algorithms-enabled
remediation: |
Disable the weak algorithms.
metadata:
max-request: 1
shodan-query: product:"Dropbear sshd"
verified: true
tags: network,ssh,dropbear,misconfig
tcp:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
port: 22
matchers:
- type: word
words:
- "diffie-hellman-group-exchange-sha1"
- "diffie-hellman-group1-sha1"
condition: or
# digest: 4a0a00473045022100c67a648de03e7a12d40987111db58dbe3c171939915e2f6c252204426551ad18022008ace27d961d279e82a266d8528612dd10fda1a23346679b3063892ba540ef48:922c64590222798bb761d5b6d8e72950

View File

@ -1,38 +0,0 @@
id: dropbear-weakmac
info:
name: Dropbear Weak MAC Algorithms Enabled
author: pussycat0x
severity: low
description: |
The mac-alg command specifies which MAC algorithms in the SSH client profile for SSH encryption negotiation with an SFTP server when the DataPower Gateway acts as an SFTP client.
reference: |
https://www.virtuesecurity.com/kb/ssh-weak-mac-algorithms-enabled
remediation: |
Disable MD5 and 96-bit MAC algorithms.
metadata:
max-request: 1
shodan-query: product:"Dropbear sshd"
verified: true
tags: network,ssh,dropbear,misconfig
tcp:
- inputs:
- data: "\n"
host:
- "{{Hostname}}"
port: 22
matchers-condition: and
matchers:
- type: word
words:
- "hmac-md5"
- "hmac-sha1"
condition: or
- type: word
words:
- "SSH-"
# digest: 4a0a0047304502201e312e2112fd02be44c3d23cd1171be0f3e848d31cb26cebf4fef752f3cd645a022100ec6214b3268a8c3179da31e03e230be9b84a0750e5ce1bf134e50d2dc5e9fe2d:922c64590222798bb761d5b6d8e72950