SSH Weak Key Exchange Algorithms Enabled

2023-11-11 23:02:04 +05:30 · 2023-11-11 23:02:04 +05:30 · c36471abad
parent fa1fadb290
commit c36471abad
1 changed files with 40 additions and 0 deletions
--- a/javascript/enumeration/ssh-weakkey-exchange-algo.yaml
+++ b/javascript/enumeration/ssh-weakkey-exchange-algo.yaml
@ -0,0 +1,40 @@
+id: ssh-server-fingerprint
+
+info:
+  name: SSH Weak Key Exchange Algorithms Enabled
+  author: pussycat0x
+  severity: low
+  description: |
+    "SSH Weak Key Exchange Algorithms Enabled" indicates that the SSH server or client is configured to allow the use of less secure key exchange methods, posing a potential security risk during the establishment of secure connections. It's crucial to update configurations to prioritize stronger key exchange algorithms.
+  reference:
+    - https://www.tenable.com/plugins/nessus/153953
+  metadata:
+    verified: true
+    shodan-query: product:"OpenSSH"
+
+javascript:
+  - code: |
+      let m = require("nuclei/ssh");
+      let c = m.SSHClient();
+      let response = c.ConnectSSHInfoMode(Host, Port);
+      to_json(response);
+
+    args:
+      Host: "{{Host}}"
+      Port: "22"
+
+    matchers-condition: and
+    matchers:
+      - type : word
+        words:
+          - "ServerKex"
+
+      - type : word
+        words:
+          - "diffie-hellman-group-exchange-sha1"
+          - "diffie-hellman-group1-sha1"
+          - "gss-gex-sha1"
+          - "gss-group1-sha1"
+          - "gss-group14-sha1"
+          - "rsa1024-sha1"
+        condition: or