SSHScan
SSHScan copied to clipboard
evict
not detecting some diffie-hellman kex algorithms
an nmap scan for a server shows
Not shown: 822 closed tcp ports (conn-refused), 177 filtered tcp ports (no-response)
PORT STATE SERVICE
22/tcp open ssh
| ssh2-enum-algos:
| kex_algorithms: (12)
| curve25519-sha256
| [email protected]
| ecdh-sha2-nistp256
| ecdh-sha2-nistp384
| ecdh-sha2-nistp521
| diffie-hellman-group-exchange-sha256
| diffie-hellman-group16-sha512
| diffie-hellman-group18-sha512
| diffie-hellman-group-exchange-sha1
| diffie-hellman-group14-sha256
| diffie-hellman-group14-sha1
| diffie-hellman-group1-sha1
shows on sshscan as
[+] Detected the following ciphers:
[email protected] aes128-cbc
aes128-ctr aes192-cbc
aes192-ctr aes256-cbc
aes256-ctr blowfish-cbc
[email protected] cast128-cbc
[email protected] 3des-cbc
[+] Detected the following KEX algorithms:
curve25519-sha256 ecdh-sha2-nistp25
[email protected]
[+] Detected the following MACs:
[email protected] [email protected]
[email protected] [email protected]
[email protected] hmac-sha2-256
[email protected] hmac-sha2-512
[email protected] hmac-sha1
[+] Detected the following HostKey algorithms:
ssh-rsa ecdsa-sha2-nistp256
rsa-sha2-512 ssh-ed25519
rsa-sha2-256
[+] Target SSH version is: SSH-2.0-OpenSSH_7.4
[+] Retrieving ciphers...
[+] Detected the following weak ciphers:
aes128-cbc blowfish-cbc
aes192-cbc cast128-cbc
aes256-cbc 3des-cbc
[+] Detected the following weak KEX algorithms:
ecdh-sha2-nistp25
[+] Detected the following weak MACs:
[email protected] [email protected]
[email protected] hmac-sha1
[+] Detected the following weak HostKey algorithms:
rsa-sha2-512 ecdsa-sha2-nistp256
rsa-sha2-256
[+] Compression has been enabled!
Notice that the diffie-hellman-group1-sha1 and others like it do not show on the sshscan output.
