Merge pull request #8605 from projectdiscovery/pussycat0x-patch-6

SSH Weak MAC Algorithms Enabled
projectdiscovery · Nov 14, 2023 · d82986a · d82986a
2 parents 658d3a5 + bf6f414
commit d82986a
Showing 1 changed file with 43 additions and 0 deletions.
diff --git a/javascript/enumeration/ssh-weak-mac-algo.yaml b/javascript/enumeration/ssh-weak-mac-algo.yaml
@@ -0,0 +1,43 @@
+id: ssh-weak-mac-algo
+
+info:
+  name: SSH Weak MAC Algorithms Enabled
+  author: pussycat0x
+  severity: low
+  description: |
+    The system's SSH configuration poses a security risk by allowing weak Message Authentication Code (MAC) algorithms, potentially exposing it to vulnerabilities and unauthorized access. It is crucial to update and strengthen the MAC algorithms for enhanced security.
+  reference:
+    - https://www.tenable.com/plugins/nessus/71049
+  metadata:
+    verified: true
+    shodan-query: product:"OpenSSH"
+  tags: javascript,ssh,misconfig,network
+
+javascript:
+  - code: |
+      let m = require("nuclei/ssh");
+      let c = m.SSHClient();
+      let response = c.ConnectSSHInfoMode(Host, Port);
+      to_json(response);
+
+    args:
+      Host: "{{Host}}"
+      Port: "22"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "server_to_client_macs"
+          - "client_to_server_macs"
+        condition: and
+
+      - type: word
+        words:
+          - "hmac-md5"
+          - "hmac-md5-96"
+          - "hmac-sha1-96"
+          - "hmac-md5"
+          - "hmac-md5-96"
+          - "hmac-sha1-96"
+        condition: or