ssh_version: Various improvements by g0tmi1k · Pull Request #21393 · rapid7/metasploit-framework

g0tmi1k · 2026-04-29T15:39:17Z

This PR does a few things:

Split up report_vulns, as they were overwriting each other
Switch to use the SSH mixin
Switch to SHA256 fingerprints
Adds a summary at the end of the scan
Add specific deprecation reason
- include ssh-dss
- Fix a few other incorrect values too
Add a host key size check (was in the module's comments as a TODO item)

Target is Metasploitable 2.

        current  name     hosts  services  vulns  creds  loots  notes
        -------  ----     -----  --------  -----  -----  -----  -----
Before: *        default  1      1         1      0      0      0
After : *        default  1      2         4      0      0      3

Before

Scanning a valid host, but closed port: 0
Scanning a valid host, open port, but incorrect: 0
All testing was done using master branch

	$ ./msfconsole -q -x 'db_status; workspace -D; setg VERBOSE true;
	use auxiliary/scanner/ssh/ssh_version;
	setg RHOSTS 10.0.0.10;'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
msf auxiliary(scanner/ssh/ssh_version) >

msf auxiliary(scanner/ssh/ssh_version) > run RPORT=9999
[*] Error: 10.0.0.10: Errno::ECONNREFUSED Connection refused - connect(2) for 10.0.0.10:9999
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  0      0         0      0      0      0

msf auxiliary(scanner/ssh/ssh_version) >

msf auxiliary(scanner/ssh/ssh_version) > run RPORT=21
[!] 10.0.0.10 - Timed out after 30 seconds. Skipping.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  0      0         0      0      0      0

msf auxiliary(scanner/ssh/ssh_version) >

msf auxiliary(scanner/ssh/ssh_version) > run
[*] 10.0.0.10 - Key Fingerprint: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstqnuFMBOZvO3WTEjP4TUdjgWkIVNdTq6kboEDjteOfc65TlI7sRvQBwqAhQjeeyyIk8T55gMDkOD0akSlSXvLDcmcdYfxeIF0ZSuT+nkRhij7XSSA/Oc5QSk3sJ/SInfb78e3anbRHpmkJcVgETJ5WhKObUNf1AKZW++4Xlc63M4KI5cjvMMIPEVOyR3AKmI78Fo3HJjYucg87JjLeC66I7+dlEYX6zT8i1XYwa/L1vZ3qSJISGVu8kRPikMv/cNSvki4j+qDYyZ2E5497W87+Ed46/8P42LNGoOV8OcX/ro6pAcbEPUdUEfkJrqi2YXbhvwIJ0gFMb6wfe5cnQew==
[*] 10.0.0.10 - SSH server version: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
[+] 10.0.0.10 - Key Exchange (kex) diffie-hellman-group-exchange-sha1 is deprecated and should not be used.
[+] 10.0.0.10 - Key Exchange (kex) diffie-hellman-group1-sha1 is deprecated and should not be used.
[+] 10.0.0.10 - HMAC hmac-md5 is deprecated and should not be used.
[+] 10.0.0.10 - HMAC hmac-ripemd160 is deprecated and should not be used.
[+] 10.0.0.10 - HMAC hmac-sha1-96 is deprecated and should not be used.
[+] 10.0.0.10 - HMAC hmac-md5-96 is deprecated and should not be used.
[+] 10.0.0.10 - Encryption aes128-cbc is deprecated and should not be used.
[+] 10.0.0.10 - Encryption 3des-cbc is deprecated and should not be used.
[+] 10.0.0.10 - Encryption blowfish-cbc is deprecated and should not be used.
[+] 10.0.0.10 - Encryption cast128-cbc is deprecated and should not be used.
[+] 10.0.0.10 - Encryption arcfour128 is deprecated and should not be used.
[+] 10.0.0.10 - Encryption arcfour256 is deprecated and should not be used.
[+] 10.0.0.10 - Encryption arcfour is deprecated and should not be used.
[+] 10.0.0.10 - Encryption aes192-cbc is deprecated and should not be used.
[+] 10.0.0.10 - Encryption aes256-cbc is deprecated and should not be used.
[+] 10.0.0.10 - Encryption rijndael-cbc@lysator.liu.se is deprecated and should not be used.
[*] 10.0.0.10 - Server Information and Encryption
=================================

  Type                     Value                                 Note
  ----                     -----                                 ----
  encryption.compression   none
  encryption.compression   zlib@openssh.com
  encryption.encryption    aes128-cbc                            Deprecated
  encryption.encryption    3des-cbc                              Deprecated
  encryption.encryption    blowfish-cbc                          Deprecated
  encryption.encryption    cast128-cbc                           Deprecated
  encryption.encryption    arcfour128                            Deprecated
  encryption.encryption    arcfour256                            Deprecated
  encryption.encryption    arcfour                               Deprecated
  encryption.encryption    aes192-cbc                            Deprecated
  encryption.encryption    aes256-cbc                            Deprecated
  encryption.encryption    rijndael-cbc@lysator.liu.se           Deprecated
  encryption.encryption    aes128-ctr
  encryption.encryption    aes192-ctr
  encryption.encryption    aes256-ctr
  encryption.hmac          hmac-md5                              Deprecated
  encryption.hmac          hmac-sha1
  encryption.hmac          umac-64@openssh.com
  encryption.hmac          hmac-ripemd160                        Deprecated
  encryption.hmac          hmac-ripemd160@openssh.com
  encryption.hmac          hmac-sha1-96                          Deprecated
  encryption.hmac          hmac-md5-96                           Deprecated
  encryption.host_key      ssh-rsa
  encryption.host_key      ssh-dss
  encryption.key_exchange  diffie-hellman-group-exchange-sha256
  encryption.key_exchange  diffie-hellman-group-exchange-sha1    Deprecated
  encryption.key_exchange  diffie-hellman-group14-sha1
  encryption.key_exchange  diffie-hellman-group1-sha1            Deprecated
  fingerprint_db           ssh.banner
  openssh.comment          Debian-8ubuntu1
  os.cpe23                 cpe:/o:canonical:ubuntu_linux:8.04
  os.family                Linux
  os.product               Linux
  os.vendor                Ubuntu
  os.version               8.04
  service.cpe23            cpe:/a:openbsd:openssh:4.7p1
  service.family           OpenSSH
  service.product          OpenSSH
  service.protocol         ssh
  service.vendor           OpenBSD
  service.version          4.7p1

[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         1      0      0      0

msf auxiliary(scanner/ssh/ssh_version) > hosts

Hosts
=====

address    mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------    ---  ----  -------  ---------  -----  -------  ----  --------
10.0.0.10             Linux               8.04   server

msf auxiliary(scanner/ssh/ssh_version) > services
Services
========

host       port  proto  name  state  info                                   resource  parents
----       ----  -----  ----  -----  ----                                   --------  -------
10.0.0.10  22    tcp    ssh   open   SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1  {}

msf auxiliary(scanner/ssh/ssh_version) > vulns

Vulnerabilities
===============

Timestamp                Host       Service       Resource  Name                 References
---------                ----       -------       --------  ----                 ----------
2026-05-26 15:59:03 UTC  10.0.0.10  ssh (22/tcp)  {}        SSH Version Scanner  https://datatracker.ietf.org/doc/html/draft-ietf-curdle-ssh-kex-sha2-20#page-16,https://github.com/net-ssh/net-ssh?tab=readme
                                                                                 -ov-file#message-authentication-code-algorithms,https://github.com/net-ssh/net-ssh?tab=readme-ov-file#encryption-algorithms-c
                                                                                 iphers,CVE-2008-5161,https://datatracker.ietf.org/doc/html/rfc8758#name-iana-considerations

msf auxiliary(scanner/ssh/ssh_version) >

After

Scanning a valid host, but closed port: 1 host
Scanning a valid host, open port, but incorrect: 1 host, 1 service
Summary output at the end
All testing was done on this branch, with SSH mixin (SSH mixin: New functions to help populate workspaces #21479) and auth_brute_mixin applied (Auth_Brute mixin: Add report_host/report_service & remove dup IP:PORT #21396)

$ ./msfconsole -q -x 'db_status; workspace -D; setg VERBOSE true;
use auxiliary/scanner/ssh/ssh_version;
setg RHOSTS 10.0.0.10;'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
RHOSTS => 10.0.0.10
msf auxiliary(scanner/ssh/ssh_version) > run RPORT=9999
[-] 10.0.0.10 - The connection was refused by the remote host (10.0.0.10:9999).
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      0         0      0      0      0

msf auxiliary(scanner/ssh/ssh_version) > hosts

Hosts
=====

address    mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------    ---  ----  -------  ---------  -----  -------  ----  --------
10.0.0.10

msf auxiliary(scanner/ssh/ssh_version) >

msf auxiliary(scanner/ssh/ssh_version) > run RPORT=21
[!] 10.0.0.10 - Timed out after 30 seconds. Skipping.
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      1         0      0      0      0

msf auxiliary(scanner/ssh/ssh_version) > services
Services
========

host       port  proto  name  state  info  resource  parents
----       ----  -----  ----  -----  ----  --------  -------
10.0.0.10  21    tcp          open         {}

msf auxiliary(scanner/ssh/ssh_version) >

msf auxiliary(scanner/ssh/ssh_version) > workspace -D
[*] Deleted workspace: default
[*] Recreated the default workspace
msf auxiliary(scanner/ssh/ssh_version) > run
[*] 10.0.0.10 - Key Fingerprint: ssh-rsa SHA256:BQHm5EoHX9GCiOLuVscegPXLQOsuPs+E9d/rrJB84rk
[*] 10.0.0.10 - SSH banner: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
[+] 10.0.0.10 - Key EXchange (KEX) diffie-hellman-group-exchange-sha1 is deprecated and should not be used
[+] 10.0.0.10 - Key EXchange (KEX) diffie-hellman-group1-sha1 is deprecated and should not be used
[+] 10.0.0.10 - Host Key ssh-dss is deprecated and should not be used
Calling Net::SSH::Buffer methods on HostKeyEntries PubKey is deprecated
[+] 10.0.0.10 - HMAC hmac-md5 is deprecated and should not be used
[+] 10.0.0.10 - HMAC hmac-ripemd160 is deprecated and should not be used
[+] 10.0.0.10 - HMAC hmac-sha1-96 is deprecated and should not be used
[+] 10.0.0.10 - HMAC hmac-md5-96 is deprecated and should not be used
[+] 10.0.0.10 - Encryption aes128-cbc is deprecated and should not be used
[+] 10.0.0.10 - Encryption 3des-cbc is deprecated and should not be used
[+] 10.0.0.10 - Encryption blowfish-cbc is deprecated and should not be used
[+] 10.0.0.10 - Encryption cast128-cbc is deprecated and should not be used
[+] 10.0.0.10 - Encryption arcfour128 is deprecated and should not be used
[+] 10.0.0.10 - Encryption arcfour256 is deprecated and should not be used
[+] 10.0.0.10 - Encryption arcfour is deprecated and should not be used
[+] 10.0.0.10 - Encryption aes192-cbc is deprecated and should not be used
[+] 10.0.0.10 - Encryption aes256-cbc is deprecated and should not be used
[+] 10.0.0.10 - Encryption rijndael-cbc@lysator.liu.se is deprecated and should not be used
[*] 10.0.0.10 - SSH Server Details
==================

  Type                     Value                                 Note
  ----                     -----                                 ----
  encryption.compression   none
  encryption.compression   zlib@openssh.com
  encryption.encryption    aes128-cbc                            CBC padding oracle
  encryption.encryption    3des-cbc                              CBC padding oracle
  encryption.encryption    blowfish-cbc                          CBC padding oracle
  encryption.encryption    cast128-cbc                           CBC padding oracle
  encryption.encryption    arcfour128                            RC4 stream cipher
  encryption.encryption    arcfour256                            RC4 stream cipher
  encryption.encryption    arcfour                               RC4 stream cipher
  encryption.encryption    aes192-cbc                            CBC padding oracle
  encryption.encryption    aes256-cbc                            CBC padding oracle
  encryption.encryption    rijndael-cbc@lysator.liu.se           CBC padding oracle
  encryption.encryption    aes128-ctr
  encryption.encryption    aes192-ctr
  encryption.encryption    aes256-ctr
  encryption.hmac          hmac-md5                              MD5 collision
  encryption.hmac          hmac-sha1
  encryption.hmac          umac-64@openssh.com
  encryption.hmac          hmac-ripemd160                        RIPEMD-160 weakness
  encryption.hmac          hmac-ripemd160@openssh.com
  encryption.hmac          hmac-sha1-96                          Truncated HMAC
  encryption.hmac          hmac-md5-96                           MD5 collision
  encryption.host_key      ssh-rsa
  encryption.host_key      ssh-dss                               Deprecated SHA-1
  encryption.key_exchange  diffie-hellman-group-exchange-sha256
  encryption.key_exchange  diffie-hellman-group-exchange-sha1    SHA-1 weakness
  encryption.key_exchange  diffie-hellman-group14-sha1
  encryption.key_exchange  diffie-hellman-group1-sha1            SHA-1 weakness
  fingerprint_db           ssh.banner
  openssh.comment          Debian-8ubuntu1
  os.cpe23                 cpe:/o:canonical:ubuntu_linux:8.04
  os.family                Linux
  os.product               Linux
  os.vendor                Ubuntu
  os.version               8.04
  service.cpe23            cpe:/a:openbsd:openssh:4.7p1
  service.family           OpenSSH
  service.product          OpenSSH
  service.protocol         ssh
  service.vendor           OpenBSD
  service.version          4.7p1

[!] 10.0.0.10 - Found 17 deprecated/weak algorithm(s): 10 Encryption, 4 HMAC, 1 Host Key, 2 KEX
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      2         4      0      0      3

msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) > services
Services
========

host       port  proto  name  state  info                                   resource  parents
----       ----  -----  ----  -----  ----                                   --------  -------
10.0.0.10  22    tcp    tcp   open                                          {}
10.0.0.10  22    tcp    ssh   open   SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1  {}        tcp (22/tcp)

msf auxiliary(scanner/ssh/ssh_version) > vulns

Vulnerabilities
===============

Timestamp                Host       Service       Resource  Name                             References
---------                ----       -------       --------  ----                             ----------
2026-05-26 16:02:49 UTC  10.0.0.10  ssh (22/tcp)  {}        SSH Weak Key Exchange Algorithm  https://datatracker.ietf.org/doc/html/draft-ietf-curdle-ssh-kex-sha2-20#page-16
2026-05-26 16:02:49 UTC  10.0.0.10  ssh (22/tcp)  {}        SSH Weak Host Key Algorithm      https://www.openssh.com/legacy.html
2026-05-26 16:02:49 UTC  10.0.0.10  ssh (22/tcp)  {}        SSH Weak HMAC Algorithm          https://github.com/net-ssh/net-ssh?tab=readme-ov-file#message-authentication-code-algorithms
2026-05-26 16:02:49 UTC  10.0.0.10  ssh (22/tcp)  {}        SSH Weak Encryption Cipher       https://github.com/net-ssh/net-ssh?tab=readme-ov-file#encryption-algorithms-ciphers,CVE-2008-5161,https://datatra
                                                                                             cker.ietf.org/doc/html/rfc8758#name-iana-considerations

msf auxiliary(scanner/ssh/ssh_version) > notes

Notes
=====

 Time                     Host       Service  Port  Protocol  Type            Data
 ----                     ----       -------  ----  --------  ----            ----
 2026-05-26 16:02:49 UTC  10.0.0.10  ssh      22    tcp       ssh.cpe         {:cpe=>"cpe:/o:canonical:ubuntu_linux:8.04"}
 2026-05-26 16:02:49 UTC  10.0.0.10  ssh      22    tcp       ssh.hostkey     {:type=>"ssh-rsa", :fingerprint=>"SHA256:BQHm5EoHX9GCiOLuVscegPXLQOsuPs+E9d/rrJB84rk"}
 2026-05-26 16:02:49 UTC  10.0.0.10  tcp      22    tcp       ssh.algorithms  {:algorithms=>[{:type=>"encryption.compression", :value=>"none", :note=>""}, {:type=>"encryption.compression", :value=>"zlib@ope
                                                                              nssh.com", :note=>""}, {:type=>"encryption.encryption", :value=>"aes128-cbc", :note=>"CBC padding oracle"}, {:type=>"encryption.
                                                                              encryption", :value=>"3des-cbc", :note=>"CBC padding oracle"}, {:type=>"encryption.encryption", :value=>"blowfish-cbc", :note=>"
                                                                              CBC padding oracle"}, {:type=>"encryption.encryption", :value=>"cast128-cbc", :note=>"CBC padding oracle"}, {:type=>"encryption.
                                                                              encryption", :value=>"arcfour128", :note=>"RC4 stream cipher"}, {:type=>"encryption.encryption", :value=>"arcfour256", :note=>"R
                                                                              C4 stream cipher"}, {:type=>"encryption.encryption", :value=>"arcfour", :note=>"RC4 stream cipher"}, {:type=>"encryption.encrypt
                                                                              ion", :value=>"aes192-cbc", :note=>"CBC padding oracle"}, {:type=>"encryption.encryption", :value=>"aes256-cbc", :note=>"CBC pad
                                                                              ding oracle"}, {:type=>"encryption.encryption", :value=>"rijndael-cbc@lysator.liu.se", :note=>"CBC padding oracle"}, {:type=>"en
                                                                              cryption.encryption", :value=>"aes128-ctr", :note=>""}, {:type=>"encryption.encryption", :value=>"aes192-ctr", :note=>""}, {:typ
                                                                              e=>"encryption.encryption", :value=>"aes256-ctr", :note=>""}, {:type=>"encryption.hmac", :value=>"hmac-md5", :note=>"MD5 collisi
                                                                              on"}, {:type=>"encryption.hmac", :value=>"hmac-sha1", :note=>""}, {:type=>"encryption.hmac", :value=>"umac-64@openssh.com", :not
                                                                              e=>""}, {:type=>"encryption.hmac", :value=>"hmac-ripemd160", :note=>"RIPEMD-160 weakness"}, {:type=>"encryption.hmac", :value=>"
                                                                              hmac-ripemd160@openssh.com", :note=>""}, {:type=>"encryption.hmac", :value=>"hmac-sha1-96", :note=>"Truncated HMAC"}, {:type=>"e
                                                                              ncryption.hmac", :value=>"hmac-md5-96", :note=>"MD5 collision"}, {:type=>"encryption.host_key", :value=>"ssh-rsa", :note=>""}, {
                                                                              :type=>"encryption.host_key", :value=>"ssh-dss", :note=>"Deprecated SHA-1"}, {:type=>"encryption.key_exchange", :value=>"diffie-
                                                                              hellman-group-exchange-sha256", :note=>""}, {:type=>"encryption.key_exchange", :value=>"diffie-hellman-group-exchange-sha1", :no
                                                                              te=>"SHA-1 weakness"}, {:type=>"encryption.key_exchange", :value=>"diffie-hellman-group14-sha1", :note=>""}, {:type=>"encryption
                                                                              .key_exchange", :value=>"diffie-hellman-group1-sha1", :note=>"SHA-1 weakness"}, {:type=>"fingerprint_db", :value=>"ssh.banner",
                                                                              :note=>nil}, {:type=>"openssh.comment", :value=>"Debian-8ubuntu1", :note=>nil}, {:type=>"os.cpe23", :value=>"cpe:/o:canonical:ub
                                                                              untu_linux:8.04", :note=>nil}, {:type=>"os.family", :value=>"Linux", :note=>nil}, {:type=>"os.product", :value=>"Linux", :note=>
                                                                              nil}, {:type=>"os.vendor", :value=>"Ubuntu", :note=>nil}, {:type=>"os.version", :value=>"8.04", :note=>nil}, {:type=>"service.cp
                                                                              e23", :value=>"cpe:/a:openbsd:openssh:4.7p1", :note=>nil}, {:type=>"service.family", :value=>"OpenSSH", :note=>nil}, {:type=>"se
                                                                              rvice.product", :value=>"OpenSSH", :note=>nil}, {:type=>"service.protocol", :value=>"ssh", :note=>nil}, {:type=>"service.vendor"
                                                                              , :value=>"OpenBSD", :note=>nil}, {:type=>"service.version", :value=>"4.7p1", :note=>nil}]}

msf auxiliary(scanner/ssh/ssh_version) >

g0tmi1k · 2026-05-08T16:19:11Z

$ ./msfconsole -q -x 'db_status; workspace -D;
use auxiliary/scanner/ssh/ssh_version; set RHOST 10.0.0.10;'
[*] Connected to msf. Connection type: postgresql.
[*] Deleted workspace: default
[*] Recreated the default workspace
RHOST => 10.0.0.10
msf auxiliary(scanner/ssh/ssh_version) > run
[*] 10.0.0.10 - Key Fingerprint: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAstqnuFMBOZvO3WTEjP4TUdjgWkIVNdTq6kboEDjteOfc65TlI7sRvQBwqAhQjeeyyIk8T55gMDkOD0akSlSXvLDcmcdYfxeIF0ZSuT+nkRhij7XSSA/Oc5QSk3sJ/SInfb78e3anbRHpmkJcVgETJ5WhKObUNf1AKZW++4Xlc63M4KI5cjvMMIPEVOyR3AKmI78Fo3HJjYucg87JjLeC66I7+dlEYX6zT8i1XYwa/L1vZ3qSJISGVu8kRPikMv/cNSvki4j+qDYyZ2E5497W87+Ed46/8P42LNGoOV8OcX/ro6pAcbEPUdUEfkJrqi2YXbhvwIJ0gFMb6wfe5cnQew==
[*] 10.0.0.10 - SSH server version: SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1
[*] 10.0.0.10 - SSH Server Details
==================

  Type                     Value                                 Note
  ----                     -----                                 ----
  encryption.compression   none
  encryption.compression   zlib@openssh.com
  encryption.encryption    aes128-cbc                            Deprecated
  encryption.encryption    3des-cbc                              Deprecated
  encryption.encryption    blowfish-cbc                          Deprecated
  encryption.encryption    cast128-cbc                           Deprecated
  encryption.encryption    arcfour128                            Deprecated
  encryption.encryption    arcfour256                            Deprecated
  encryption.encryption    arcfour                               Deprecated
  encryption.encryption    aes192-cbc                            Deprecated
  encryption.encryption    aes256-cbc                            Deprecated
  encryption.encryption    rijndael-cbc@lysator.liu.se           Deprecated
  encryption.encryption    aes128-ctr
  encryption.encryption    aes192-ctr
  encryption.encryption    aes256-ctr
  encryption.hmac          hmac-md5                              Deprecated
  encryption.hmac          hmac-sha1
  encryption.hmac          umac-64@openssh.com
  encryption.hmac          hmac-ripemd160                        Deprecated
  encryption.hmac          hmac-ripemd160@openssh.com            Deprecated
  encryption.hmac          hmac-sha1-96                          Deprecated
  encryption.hmac          hmac-md5-96                           Deprecated
  encryption.host_key      ssh-rsa
  encryption.host_key      ssh-dss                               Deprecated SHA-1
  encryption.key_exchange  diffie-hellman-group-exchange-sha256
  encryption.key_exchange  diffie-hellman-group-exchange-sha1    Deprecated
  encryption.key_exchange  diffie-hellman-group14-sha1
  encryption.key_exchange  diffie-hellman-group1-sha1            Deprecated
  fingerprint_db           ssh.banner
  openssh.comment          Debian-8ubuntu1
  os.cpe23                 cpe:/o:canonical:ubuntu_linux:8.04
  os.family                Linux
  os.product               Linux
  os.vendor                Ubuntu
  os.version               8.04
  service.cpe23            cpe:/a:openbsd:openssh:4.7p1
  service.family           OpenSSH
  service.product          OpenSSH
  service.protocol         ssh
  service.vendor           OpenBSD
  service.version          4.7p1

[!] 10.0.0.10 - Found 18 deprecated/weak algorithm(s) across 4 categories
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) > workspace -v

Workspaces
==========

current  name     hosts  services  vulns  creds  loots  notes
-------  ----     -----  --------  -----  -----  -----  -----
*        default  1      2         4      0      0      2

msf auxiliary(scanner/ssh/ssh_version) > hosts

Hosts
=====

address    mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------    ---  ----  -------  ---------  -----  -------  ----  --------
10.0.0.10             Linux    Ubuntu     8.04   server

msf auxiliary(scanner/ssh/ssh_version) > services
Services
========

host       port  proto  name  state  info                                   resource  parents
----       ----  -----  ----  -----  ----                                   --------  -------
10.0.0.10  22    tcp          open                                          {}
10.0.0.10  22    tcp    ssh   open   SSH-2.0-OpenSSH_4.7p1 Debian-8ubuntu1  {}

msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) > vulns

Vulnerabilities
===============

Timestamp                Host       Service   Resource  Name                             References
---------                ----       -------   --------  ----                             ----------
2026-05-08 16:18:10 UTC  10.0.0.10  (22/tcp)  {}        SSH Weak Encryption Cipher       https://github.com/net-ssh/net-ssh?tab=readme-ov-file#encryption-algorithms-ciphers,CVE-2008-5161,https://datatracker
                                                                                         .ietf.org/doc/html/rfc8758#name-iana-considerations
2026-05-08 16:18:10 UTC  10.0.0.10  (22/tcp)  {}        SSH Weak Key Exchange Algorithm  https://datatracker.ietf.org/doc/html/draft-ietf-curdle-ssh-kex-sha2-20#page-16
2026-05-08 16:18:10 UTC  10.0.0.10  (22/tcp)  {}        SSH Weak Host Key Algorithm      https://www.openssh.com/legacy.html
2026-05-08 16:18:10 UTC  10.0.0.10  (22/tcp)  {}        SSH Weak HMAC Algorithm          https://github.com/net-ssh/net-ssh?tab=readme-ov-file#message-authentication-code-algorithms

msf auxiliary(scanner/ssh/ssh_version) >
msf auxiliary(scanner/ssh/ssh_version) > notes

Notes
=====

 Time                     Host       Service  Port  Protocol  Type            Data
 ----                     ----       -------  ----  --------  ----            ----
 2026-05-08 16:18:10 UTC  10.0.0.10           22    tcp       ssh.hostkey     {:type=>"ssh-rsa", :fingerprint=>"AAAAB3NzaC1yc2EAAAABIwAAAQEAstqnuFMBOZvO3WTEjP4TUdjgWkIVNdTq6kboEDjteOfc65TlI7sRvQBwqAhQjeeyyI
                                                                              k8T55gMDkOD0akSlSXvLDcmcdYfxeIF0ZSuT+nkRhij7XSSA/Oc5QSk3sJ/SInfb78e3anbRHpmkJcVgETJ5WhKObUNf1AKZW++4Xlc63M4KI5cjvMMIPEVOyR3AKmI7
                                                                              8Fo3HJjYucg87JjLeC66I7+dlEYX6zT8i1XYwa/L1vZ3qSJISGVu8kRPikMv/cNSvki4j+qDYyZ2E5497W87+Ed46/8P42LNGoOV8OcX/ro6pAcbEPUdUEfkJrqi2YXb
                                                                              hvwIJ0gFMb6wfe5cnQew=="}
 2026-05-08 16:18:11 UTC  10.0.0.10           22    tcp       ssh.algorithms  {:algorithms=>[{:type=>"encryption.compression", :value=>"none", :note=>""}, {:type=>"encryption.compression", :value=>"zlib@ope
                                                                              nssh.com", :note=>""}, {:type=>"encryption.encryption", :value=>"aes128-cbc", :note=>"Deprecated"}, {:type=>"encryption.encrypti
                                                                              on", :value=>"3des-cbc", :note=>"Deprecated"}, {:type=>"encryption.encryption", :value=>"blowfish-cbc", :note=>"Deprecated"}, {:
                                                                              type=>"encryption.encryption", :value=>"cast128-cbc", :note=>"Deprecated"}, {:type=>"encryption.encryption", :value=>"arcfour128
                                                                              ", :note=>"Deprecated"}, {:type=>"encryption.encryption", :value=>"arcfour256", :note=>"Deprecated"}, {:type=>"encryption.encryp
                                                                              tion", :value=>"arcfour", :note=>"Deprecated"}, {:type=>"encryption.encryption", :value=>"aes192-cbc", :note=>"Deprecated"}, {:t
                                                                              ype=>"encryption.encryption", :value=>"aes256-cbc", :note=>"Deprecated"}, {:type=>"encryption.encryption", :value=>"rijndael-cbc
                                                                              @lysator.liu.se", :note=>"Deprecated"}, {:type=>"encryption.encryption", :value=>"aes128-ctr", :note=>""}, {:type=>"encryption.e
                                                                              ncryption", :value=>"aes192-ctr", :note=>""}, {:type=>"encryption.encryption", :value=>"aes256-ctr", :note=>""}, {:type=>"encryp
                                                                              tion.hmac", :value=>"hmac-md5", :note=>"Deprecated"}, {:type=>"encryption.hmac", :value=>"hmac-sha1", :note=>""}, {:type=>"encry
                                                                              ption.hmac", :value=>"umac-64@openssh.com", :note=>""}, {:type=>"encryption.hmac", :value=>"hmac-ripemd160", :note=>"Deprecated"
                                                                              }, {:type=>"encryption.hmac", :value=>"hmac-ripemd160@openssh.com", :note=>"Deprecated"}, {:type=>"encryption.hmac", :value=>"hm
                                                                              ac-sha1-96", :note=>"Deprecated"}, {:type=>"encryption.hmac", :value=>"hmac-md5-96", :note=>"Deprecated"}, {:type=>"encryption.h
                                                                              ost_key", :value=>"ssh-rsa", :note=>""}, {:type=>"encryption.host_key", :value=>"ssh-dss", :note=>"Deprecated SHA-1"}, {:type=>"
                                                                              encryption.key_exchange", :value=>"diffie-hellman-group-exchange-sha256", :note=>""}, {:type=>"encryption.key_exchange", :value=
                                                                              >"diffie-hellman-group-exchange-sha1", :note=>"Deprecated"}, {:type=>"encryption.key_exchange", :value=>"diffie-hellman-group14-
                                                                              sha1", :note=>""}, {:type=>"encryption.key_exchange", :value=>"diffie-hellman-group1-sha1", :note=>"Deprecated"}, {:type=>"finge
                                                                              rprint_db", :value=>"ssh.banner", :note=>nil}, {:type=>"openssh.comment", :value=>"Debian-8ubuntu1", :note=>nil}, {:type=>"os.cp
                                                                              e23", :value=>"cpe:/o:canonical:ubuntu_linux:8.04", :note=>nil}, {:type=>"os.family", :value=>"Linux", :note=>nil}, {:type=>"os.
                                                                              product", :value=>"Linux", :note=>nil}, {:type=>"os.vendor", :value=>"Ubuntu", :note=>nil}, {:type=>"os.version", :value=>"8.04"
                                                                              , :note=>nil}, {:type=>"service.cpe23", :value=>"cpe:/a:openbsd:openssh:4.7p1", :note=>nil}, {:type=>"service.family", :value=>"
                                                                              OpenSSH", :note=>nil}, {:type=>"service.product", :value=>"OpenSSH", :note=>nil}, {:type=>"service.protocol", :value=>"ssh", :no
                                                                              te=>nil}, {:type=>"service.vendor", :value=>"OpenBSD", :note=>nil}, {:type=>"service.version", :value=>"4.7p1", :note=>nil}]}

msf auxiliary(scanner/ssh/ssh_version) >

> OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm.

g0tmi1k · 2026-05-26T16:14:03Z

Think I've finished tweaking with this PR!

smcintyre-r7 added this to Metasploit Kanban Apr 29, 2026

github-project-automation Bot moved this to Todo in Metasploit Kanban Apr 29, 2026

g0tmi1k changed the title ~~ssh_version:~~ ssh_version: Improve report_* Apr 29, 2026

g0tmi1k force-pushed the ssh_version branch 3 times, most recently from fca982e to e6e49a2 Compare April 30, 2026 11:57

g0tmi1k changed the title ssh_version: Improve report_* ssh_version: Various improvements May 4, 2026

g0tmi1k force-pushed the ssh_version branch 2 times, most recently from 21afbba to aa9531c Compare May 6, 2026 16:31

g0tmi1k force-pushed the ssh_version branch 6 times, most recently from e655220 to 1ab4e66 Compare May 14, 2026 13:00

g0tmi1k force-pushed the ssh_version branch from 24d355a to e1d4863 Compare May 18, 2026 10:24

g0tmi1k added 4 commits May 19, 2026 16:08

ssh_version: Split up report_vuln

0589cce

ssh_version: Combine report_vuln category results

21b277e

ssh_version: Rework check_host_key

47d7df6

ssh_version: Add deprecation reason & Deprecated ssh-dss

c4e8ef1

> OpenSSH 7.0 and greater similarly disable the ssh-dss (DSA) public key algorithm.

g0tmi1k force-pushed the ssh_version branch from e1d4863 to 02a17ff Compare May 19, 2026 15:09

g0tmi1k marked this pull request as draft May 21, 2026 13:50

g0tmi1k added 5 commits May 21, 2026 21:30

ssh_version: Fix incorrect KEX algorithms

0762d5b

ssh_version: Add summary of results

6c787a2

ssh_version: Rename table header

a861325

ssh_version: Check host key size

5b8acad

ssh_version: Switch to SSH mixin

f7738a7

g0tmi1k force-pushed the ssh_version branch from 02a17ff to a7f4233 Compare May 22, 2026 05:06

ssh_version: report_note(ssh.algorithms) & report_host

4c59b58

ssh_version: Switch to SHA256 Key Fingerprint

a967dde

g0tmi1k force-pushed the ssh_version branch from a7f4233 to 91f61d6 Compare May 22, 2026 05:58

g0tmi1k added 3 commits May 22, 2026 22:00

ssh_version: Rescue more & use mixin values

e4ae7be

ssh_version: Update metadata (Name, description & notes)

1dcd0de

ssh_version: Update initialize

f8e98b1

g0tmi1k force-pushed the ssh_version branch from 91f61d6 to f8e98b1 Compare May 22, 2026 21:03

g0tmi1k marked this pull request as ready for review May 26, 2026 16:13

g0tmi1k mentioned this pull request May 27, 2026

SSH mixin: New functions to help populate workspaces #21479

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ssh_version: Various improvements#21393

ssh_version: Various improvements#21393
g0tmi1k wants to merge 14 commits into
rapid7:masterfrom
g0tmi1k:ssh_version

g0tmi1k commented Apr 29, 2026 •

edited

Loading

Uh oh!

g0tmi1k commented May 8, 2026 •

edited

Loading

Uh oh!

g0tmi1k commented May 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

g0tmi1k commented Apr 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Before

After

Uh oh!

g0tmi1k commented May 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

g0tmi1k commented May 26, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

g0tmi1k commented Apr 29, 2026 •

edited

Loading

g0tmi1k commented May 8, 2026 •

edited

Loading