From 453149fe210643e282a15640618edd3fd5830ac7 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Mon, 13 Nov 2023 00:50:10 +0530
Subject: [PATCH 1/2] SSH Host Keys < 2048 Bits Considered Weak

---
 .../enumeration/ssh-weak-public-key.yaml      | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 javascript/enumeration/ssh-weak-public-key.yaml

diff --git a/javascript/enumeration/ssh-weak-public-key.yaml b/javascript/enumeration/ssh-weak-public-key.yaml
new file mode 100644
index 0000000000..c2efc30131
--- /dev/null
+++ b/javascript/enumeration/ssh-weak-public-key.yaml
@@ -0,0 +1,46 @@
+id: ssh-weak-public-key
+
+info:
+  name: SSH Host Keys < 2048 Bits Considered Weak
+  author: pussycat0x
+  severity: low
+  description: |
+    SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
+  reference:
+    - https://www.tenable.com/plugins/nessus/153954
+  metadata:
+    verified: true
+    shodan-query: product:"OpenSSH"
+  tags: javascript,ssh,misconfig,network
+
+variables:
+  pubkeylen: '256'
+
+javascript:
+  - code: |
+      let m = require("nuclei/ssh");
+      let c = m.SSHClient();
+      let response = c.ConnectSSHInfoMode(Host, Port);
+      log(to_json(response));
+
+    args:
+      Host: "{{Host}}"
+      Port: "22"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "server_host_key"
+
+      - type: dsl
+        dsl:
+          - 'keylen < pubkeylen'
+
+    extractors:
+      - type: json
+        internal: true
+        name: keylen
+        json:
+          - '.DHKeyExchange.server_host_key.ecdsa_public_key.length'
+#          - '.DHKeyExchange.server_host_key.rsa_public_key.length'
\ No newline at end of file

From 419ed2258b25a5145e4fa633c052dcb89b39c209 Mon Sep 17 00:00:00 2001
From: pussycat0x <65701233+pussycat0x@users.noreply.github.com>
Date: Mon, 13 Nov 2023 15:25:40 +0530
Subject: [PATCH 2/2] Update ssh-weak-public-key.yaml

---
 javascript/enumeration/ssh-weak-public-key.yaml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/javascript/enumeration/ssh-weak-public-key.yaml b/javascript/enumeration/ssh-weak-public-key.yaml
index c2efc30131..246a237fda 100644
--- a/javascript/enumeration/ssh-weak-public-key.yaml
+++ b/javascript/enumeration/ssh-weak-public-key.yaml
@@ -14,14 +14,15 @@ info:
   tags: javascript,ssh,misconfig,network
 
 variables:
-  pubkeylen: '256'
+  ecdsa_bit: '256' # 256 bytes = 2048 bits
+  rsa_bit: '2048' # 2048 bits
 
 javascript:
   - code: |
       let m = require("nuclei/ssh");
       let c = m.SSHClient();
       let response = c.ConnectSSHInfoMode(Host, Port);
-      log(to_json(response));
+      to_json(response);
 
     args:
       Host: "{{Host}}"
@@ -35,12 +36,18 @@ javascript:
 
       - type: dsl
         dsl:
-          - 'keylen < pubkeylen'
+          - 'len(ecdsa_keylen) != 0 && ecdsa_keylen < ecdsa_bit'
+          - 'len(rsa_keylen) !=0 && rsa_keylen < rsa_bit'
 
     extractors:
       - type: json
         internal: true
-        name: keylen
+        name: ecdsa_keylen
         json:
           - '.DHKeyExchange.server_host_key.ecdsa_public_key.length'
-#          - '.DHKeyExchange.server_host_key.rsa_public_key.length'
\ No newline at end of file
+
+      - type: json
+        internal: true
+        name: rsa_keylen
+        json:
+          - '.DHKeyExchange.server_host_key.rsa_public_key.length'