SSH Algorithms and Languages Supported

#TRUSTED 3479e09b25467af9e4016930ce34a15c936f66961a9dc46a586c4f0be16d1d51b49dbe39534b2ff151bb4e4c546e850b287370e87f54a932367d8b89e212dea9ca08b74b7c0dcc7c197162ec07a1bdded891b1b6383ec22d08d7b856824ecdca2dd8ac4dedcea80041f7a4e6385373037819bf06349c972f0bfaac580457b19347734914b950cf6d32fd6199dffdf10a637ef8dee5fb00102b0bee723a609297c8b39354c7b8a0434012191a0627d25fd6437d22e16e2046d11cc5d5c2874d046a01359b3cff8f316321a18f2626f644054cab73f9b712039e9f7a145746b7e9fa4ebcfb0287ed59145fec8a211899d9d7fd287c0908a00676a0b3081d1a31e6ffaa54bae349f7c701d18a28650cacc2a5af88e1b7c5c37ce90c1ecd0d49f0bb7928647822b6634694894c6d32d8a667c05d9929a997c02e1b9fb463cd9bdd4878bf832269512f8ad30f26e3f6977a6198383c2ed6371887cc8a105c909258f8ac83c5f2e2f459a7c14044832e7cae820ce5157ffca8ca47b4c20a0135c3dccf531e19684fb68f5d960c34f106ddb77fa4f12febd333f8c603cf61ac6a3bcbaf91bda33f4b11e1280e22b1319e2e5d3bf2afe71d072c9316837e9ea48cb5b42ee8af63529c99ad411baac5942cfa8085fcd39964f74e26b1e28e2920e9355363bcca64e06bc47dd0fcff2b4675ae5cf14543dc6d4437107b3400c943af833b3b
#TRUST-RSA-SHA256 a44df99f125812e5870bfda22f93d6bbd93a319fe4a5e89e3ae8a4cec217b61a0ac1c23f915536caf363efa1e031024f641bbd687e9f9684ac57b87dbb73031dc9b8f81c33239879f6a4d9f7fae46b8afc1951bebbea76dbc4bc0d53cd323c92160ca854e772a1568e75abd4c741e08d51cd5b912d43608a4981a15eddb8781f092ef9bba942188d344c579e9708e7f5e85d3f6ccf504d43fff3445210c7b03818ef02aeba235a65a30fa14b3c37c10f53f45041b91d1f6f384df28446bb7510c6154e666a114f89f9de10fb13b73fb47ed2a793848f5c3dc1ca434800fac5c61adc4f3e9f10d6437afc3d0ba6b4134ce2d69c74f8e4321055f0589926dd30cb3d47f3cd35fdd482f3ba5078b2f754be07429874f16bc2d14efbc4538acfdeecb686119f677398b6493bbf66ca650789f4c41da624cfda588221bc8a6aa2ffb78d5226500ea82d8e8b29269b2236401829c81fb623b9e1f5051433bbd2f7ecba2ad01db24add87054b437f9bd87ead45fc803af7cee7449f65427fb82057ca541d1d195ee1f849fe2e5e240d69f1783c4dd3f11d219477a52d85c8f8f82cd6831e74a5f0c100423f01b1c1321f1f1cd84ad86ce1aa774f149adb4c3130fefb84cf85c97a2995d7421228af2fd1e25a94c48e3f179f1b0c1381326fbe7bed359bebee79bef5bbb707967a58878a231fac6fec6f4b5b98f5014efdbfeb21c9f417
##
# (C) Tenable Network Security, Inc.
##

include("compat.inc");

if (description)
{
  script_id(70657);
  script_version("1.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/12");

  script_name(english:"SSH Algorithms and Languages Supported");
  script_summary(english:"Checks which algorithms and languages are supported");

  script_set_attribute(attribute:"synopsis", value:"An SSH server is listening on this port.");
  script_set_attribute(attribute:"description", value:
"This script detects which algorithms and languages are supported by
the remote service for encrypting communications.");
  script_set_attribute(attribute:"solution", value:"n/a");
  script_set_attribute(attribute:"risk_factor", value:"None");

  script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2013-2026 Tenable Network Security, Inc.");

  script_dependencies("ssh_detect.nasl");
  script_require_ports("Services/ssh", 22);

  exit(0);
}

include('ssh_lib.inc');

var c_s_crypto_algo, s_c_crypto_algo;
var namelists;

# Override the KEX BEGIN handler to catch the algos even if we don't support them
function kex_begin_cb(session)
{
  var pkt = session.last_packet;
  namelists = session.kex_handler.kex_pkt_parse_namelists(pkt);
  sshlib::client_cb_begin_kex(session:session);
}

# Get SSH port
var port = get_service(svc:'ssh', exit_on_fail:TRUE, default:22);
var kb_server_algos = get_kb_list(sshlib::SSH_LIB_KB_PREFIX + string(port) + "/*/kex_recv_namelists");
var kex_success = FALSE;

if(!empty_or_null(kb_server_algos))
{
  var sa_key, kb_sa_key;
  namelists = {};
  for(kb_sa_key in kb_server_algos)
  {
    sa_key = split(kb_sa_key, sep:"/", keep:FALSE);
    if(len(sa_key) >= 1)
    {
      sa_key = sa_key[max_index(sa_key) - 2];
      namelists[sa_key] = kb_server_algos[kb_sa_key];
    }
  }

  c_s_crypto_algo = get_kb_item(sshlib::SSH_LIB_KB_PREFIX + port + "/cipher_c_to_s");
  s_c_crypto_algo = get_kb_item(sshlib::SSH_LIB_KB_PREFIX + port + "/cipher_s_to_c");

  replace_kb_item(name:"SSH/server_algos", value:1);
}
else
{
  sshlib::SSH_CLIENT_HANDLERS[sshlib::PROTO_SSH_MSG_KEXINIT] = @kex_begin_cb;

  # Create session
  var session = new sshlib::session();

  # Exit of we cannot open a connection on SSH port
  if (!session.open_connection(port:port, no_reuse:TRUE))
    sshlib::ssh_errexit(1, "SSH connection failed");

  # Let key exchange fail if there are no matching ciphers
  kex_success = session.complete_kex();

  if(empty_or_null(namelists))
    sshlib::ssh_errexit(1, "Could not retrieve SSH handshake namelists.");

  replace_kb_item(name:"SSH/server_algos", value:1);

  # Crypto algorithm used to negotiate with target server (client <-> server)
  if(kex_success)
  {
    c_s_crypto_algo = session.cipherset.cipher_c_to_s.crypto_alg;
    s_c_crypto_algo = session.cipherset.cipher_s_to_c.crypto_alg;
  }

  # Close the SSH connection and delete the session
  session.close_connection();
  delete session;

  # Set relevant KLB items for each supported algo
  for(server_algo in namelists)
  {
    algo_list = split(namelists[server_algo], sep:",", keep:FALSE);

    if(!algo_list)
      continue;

    foreach algo(algo_list)
      set_kb_item(name:sshlib::SSH_LIB_KB_PREFIX + port + "/" + server_algo, value:algo);
  }
}

var report = '';

if(!empty_or_null(ref:c_s_crypto_algo) && !empty_or_null(ref:s_c_crypto_algo))
{
  report =
    '\nNessus negotiated the following encryption algorithm(s) with the server : ' +
    '\n' +
    '\n  Client to Server: ' + c_s_crypto_algo +
    '\n  Server to Client: ' + s_c_crypto_algo +
    '\n';
}

var server_algo, algo_list, algo;

# Build report for each supported algo
for(server_algo in namelists)
{
  algo_list = split(namelists[server_algo], sep:",", keep:FALSE);

  if(!algo_list)
    continue;

  report +=
    '\nThe server supports the following options for ' + server_algo + ' : ' +
    '\n' +
    '\n  ' + join(sort(algo_list), sep:'\n  ') +
    '\n';
}

security_report_v4(port: port, severity:SECURITY_NOTE , extra:report);