Merge pull request #8607 from projectdiscovery/pussycat0x-patch-7

SSH Host Keys < 2048 Bits Considered Weak
projectdiscovery · Nov 14, 2023 · d9c3e48 · d9c3e48
2 parents 87f436d + ae53479
commit d9c3e48
Showing 1 changed file with 53 additions and 0 deletions.
diff --git a/javascript/enumeration/ssh-weak-public-key.yaml b/javascript/enumeration/ssh-weak-public-key.yaml
@@ -0,0 +1,53 @@
+id: ssh-weak-public-key
+
+info:
+  name: SSH Host Keys < 2048 Bits Considered Weak
+  author: pussycat0x
+  severity: low
+  description: |
+    SSH host keys with a bit length below 2048 are deemed weak, posing an increased vulnerability to security threats. Employing robust key lengths is crucial for fortifying the integrity of encrypted communication and thwarting potential exploits.
+  reference:
+    - https://www.tenable.com/plugins/nessus/153954
+  metadata:
+    verified: true
+    shodan-query: product:"OpenSSH"
+  tags: javascript,ssh,misconfig,network
+
+variables:
+  ecdsa_bit: '256' # 256 bytes = 2048 bits
+  rsa_bit: '2048' # 2048 bits
+
+javascript:
+  - code: |
+      let m = require("nuclei/ssh");
+      let c = m.SSHClient();
+      let response = c.ConnectSSHInfoMode(Host, Port);
+      to_json(response);
+
+    args:
+      Host: "{{Host}}"
+      Port: "22"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "server_host_key"
+
+      - type: dsl
+        dsl:
+          - 'len(ecdsa_keylen) != 0 && ecdsa_keylen < ecdsa_bit'
+          - 'len(rsa_keylen) !=0 && rsa_keylen < rsa_bit'
+
+    extractors:
+      - type: json
+        internal: true
+        name: ecdsa_keylen
+        json:
+          - '.DHKeyExchange.server_host_key.ecdsa_public_key.length'
+
+      - type: json
+        internal: true
+        name: rsa_keylen
+        json:
+          - '.DHKeyExchange.server_host_key.rsa_public_key.length'