id: ssh-weak-mac-algo

info:
  name: SSH Weak MAC Algorithms Enabled
  author: pussycat0x
  severity: low
  description: |
    The system's SSH configuration poses a security risk by allowing weak Message Authentication Code (MAC) algorithms, potentially exposing it to vulnerabilities and unauthorized access. It is crucial to update and strengthen the MAC algorithms for enhanced security.
  reference:
    - https://www.tenable.com/plugins/nessus/71049
  metadata:
    verified: true
    max-request: 2
    shodan-query: product:"OpenSSH"
  tags: js,enum,ssh,misconfig,network

javascript:
  - pre-condition: |
      isPortOpen(Host,Port);
    code: |
      let m = require("nuclei/ssh");
      let c = m.SSHClient();
      let response = c.ConnectSSHInfoMode(Host, Port);
      Export(response);
    args:
      Host: "{{Host}}"
      Port: "22"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "server_to_client_macs"
          - "client_to_server_macs"
        condition: and

      - type: word
        words:
          - "hmac-md5"
          - "hmac-md5-96"
          - "hmac-sha1-96"
          - "hmac-md5"
          - "hmac-md5-96"
          - "hmac-sha1-96"
        condition: or
# digest: 490a0046304402207c21377a66b663801228ba58c7145a36f82f256dff404f6a7e1e4ea067d12cf3022031a5619499916f5cafd51c7cd121e33ae70d410631b1804802378813ab99f3fc:922c64590222798bb761d5b6d8e72950