32 lines
1019 B
YAML
32 lines
1019 B
YAML
id: openssh-detection
|
|
|
|
info:
|
|
name: OpenSSH Detection
|
|
author: r3dg33k,daffainfo,iamthefrogy
|
|
severity: info
|
|
reference:
|
|
- http://www.openwall.com/lists/oss-security/2016/08/01/2
|
|
- http://www.openwall.com/lists/oss-security/2018/08/15/5
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2016-6210
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2018-15473
|
|
- http://seclists.org/fulldisclosure/2016/Jul/51
|
|
tags: network,ssh,openssh
|
|
description: |
|
|
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options.
|
|
|
|
|
|
network:
|
|
- host:
|
|
- "{{Hostname}}"
|
|
- "{{Host}}:22"
|
|
|
|
matchers:
|
|
- type: regex
|
|
regex:
|
|
- '(?i)OpenSSH'
|
|
|
|
extractors:
|
|
- type: regex
|
|
regex:
|
|
- '(?i)SSH-(.*)-OpenSSH_[^\r]+'
|