AonCyberLabs/SSH-Weak-DH AonCyberLabs/SSH-Weak-DH

  • Stars
    star
    102
  • Rank 335,584 (Top 7 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated 4 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
AonCyberLabs/SSH-Weak-DH
github

AonCyberLabs

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

About

This tool establishes SSH connections to a server, thereby enumerating through various client configurations, in order to determine whether the server allows a Diffie-Hellman (DH) key exchange based on a weak group. We hope that our tool will be useful to check SSH servers for weak DH key exchange configurations.

Note that this tool tests a limited number of configurations and therefore potentially fails to detect some weak configurations. Moreover, the server possibly blocks connections before the scan completes.

For further information about our tool, visit https://www.aon.com/cyber-solutions/aon_cyber_labs/ssh-weak-diffie-hellman-group-identification-tool/.

Consult the Logjam info page for suggestions on how to configure SSH servers to protect them as well as their clients from attacks exploiting DH key exchanges using a weak group.

Installation

Install docker and execute the following command:

docker build -t ssh-weak-dh .

Usage

Run the following commands:

docker run --rm -v "$(pwd)/logs/":/logs/ ssh-weak-dh hostname [port]

where hostname is the host name or IP address of the SSH server to scan. The optional argument port allows you to specify the port on which the SSH server listens. If the argument is not specified, it will default to 22.

The scan results are printed on stdout.

More detailed results can be found in the ./logs/ directory under the subfolder whose name has the form hostname-port where hostname and port are the corresponding command line parameters.

The scan tool calls the script ssh-weak-dh-analyze.py to analyze the scan results stored in the aforementioned subfolder. This analysis script is a standalone tool.

For example, run the following command to analyze the results of a scan of the SSH server running on port 22 on scanme.example.com inside a container shell:

docker run --rm -v "$(pwd)/logs/":/logs/ -it --entrypoint bash ssh-weak-dh
python3 -u ssh-weak-dh-analyze.py /logs/scanme.example.com-22/

It is also possible to run the scan script inside a container shell as follows:

docker run --rm -v "$(pwd)/logs/":/logs/ -it --entrypoint bash ssh-weak-dh
./ssh-weak-dh-test.sh hostname [port]

where hostname and port are the scanner arguments as explained before.

Copyright

Fabian Foerg, Gotham Digital Science, 2015-2023

More Repositories

1

Windows-Exploit-Suggester

This tool compares a targets patch levels against the Microsoft vulnerability database in order to detect potential missing patches on the target. It also notifies the user if there are public exploits and Metasploit modules available for the missing bulletins.
Python
3,910
star
2

PadBuster

Automated script for performing Padding Oracle attacks
Perl
736
star
3

Docker-Secure-Deployment-Guidelines

Deployment checklist for securely deploying Docker
599
star
4

EvilAbigail

Automated Linux evil maid attack
Python
419
star
5

Cexigua

Linux based inter-process code injection without ptrace(2)
Shell
238
star
6

xxe-recursive-download

Python
228
star
7

D-Modem

A software SIP modem
C
96
star
8

Nmap-Scripts

Lua
46
star
9

Fizzer

Fizzer is an assessment tool for fuzzing FIX messages.
C#
28
star
10

mbedtls-fuzz

C
26
star
11

BadSamba

This module is used to exploit startup script execution through Windows Group Policy settings when configured to run off of a remote SMB share.
Ruby
22
star
12

MAM-Security-Checklist

Checklist intended to be used as a baseline for assessing, designing, and testing the security of a MAM (Application Wrapping) solution
19
star
13

BlazorTrafficProcessor

Java
15
star
14

DUALITY

C#
13
star
15

FastInfoset-Burp-Plugin

Burp plugin to convert fast infoset (FI) to/from the text-based XML document format allowing easy editing
Java
12
star
16

LowDLL

C#
7
star
17

aon-password-research

Python
4
star