id: openssh-detection info: name: OpenSSH Detection author: r3dg33k,daffainfo,iamthefrogy severity: info reference: - http://www.openwall.com/lists/oss-security/2016/08/01/2 - http://www.openwall.com/lists/oss-security/2018/08/15/5 - https://nvd.nist.gov/vuln/detail/CVE-2016-6210 - https://nvd.nist.gov/vuln/detail/CVE-2018-15473 - http://seclists.org/fulldisclosure/2016/Jul/51 tags: network,ssh,openssh description: | OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options. network: - host: - "{{Hostname}}" - "{{Host}}:22" matchers: - type: regex regex: - '(?i)OpenSSH' extractors: - type: regex regex: - '(?i)SSH-(.*)-OpenSSH_[^\r]+'