Nmap script to detect Debian OpenSSL Random Number Generator Weakness
June 13, 2010 Leave a comment
This relies on HD’s keys, found http://digitaloffense.net/tools/debian-openssl/
description = [[ Debian OpenSSH/OpenSSL Package Random Number Generator Weakness ]] --- -- @output -- 22/ssh open ssh -- |_ ssh_debian_weak: The following keys are vulnerable: 2048 RSA 1024 RSA -- SSH Weak Debian Key Script -- rev 1.0 (2010-02-07) -- rougly based on ssh_debian_weak.nasl by tennable -- written by hand author = "Rich Lundeen <mopey@webstersprodigy.net>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"websters", "nessus", "act_gather_info"} dependencies = {"ssh-hostkey"} require("shortport") require("ssh1") require("ssh2") require("nessus/nessus_conf") portrule = shortport.port_or_service({22}, {"ssh"}) action = function(host, port) local keyval = nmap.registry.sshhostkey[host.ip] if keyval == nil then return end local output = "" for i,line in ipairs(keyval) do --TODO eventually binary search is nicer, but due to formats ready from HD --or if wanted later perhaps add the hex version to registry local linekey = string.gsub(ssh1.fingerprint_hex(line.fingerprint, line.algorithm, line.bits), ":", "") local crimp = pcre.new("^[^\s]+[\s]([^\s]+)[\s][^\s]+", 0, "C") local s, e, t = crimp:exec(linekey, 0, 0) linekey = string.sub(linekey, t[1], t[2]) local fstring = (nessus_conf.nessus_conf["basedir"] .. "nselib/nessus/data/debian_weak_ssl/" .. line.algorithm:lower() .. "_" .. tostring(line.bits)) local mfile = io.open(fstring, "r") for vulnkey in mfile:lines() do --TODO this could be made more efficient if string.find(vulnkey, linekey, 0) then output = output .. line.algorithm .. " " .. tostring(line.bits) end end mfile:close() end if output ~= "" then return output end end