关联漏洞
标题:
OpenSSH 安全漏洞
(CVE-2024-6387)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
介绍
# OpenSSH Vulnerability Checker
## Overview
This script scans a list of target IP addresses or ranges to determine if they are running vulnerable To CVE-2024-6387.
## Features
- Scans IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges.
- Checks a specified port (default: 22) for OpenSSH service.
- Handles multiple targets concurrently using threading for efficient scanning.
- Reports non-vulnerable, vulnerable, and closed ports.
- Supports exclusion of specific OpenSSH versions known to be patched or not vulnerable.
## Requirements
- Python 3.x
- `argparse` module for command-line argument parsing.
- `ipaddress` module for handling IP addresses and CIDR notation.
## Usage
### Command Line Options
```bash
usage: openssh_checker.py [-h] [--port PORT] [-t TIMEOUT] [-l LIST] targets [targets ...]
Check if servers are running a vulnerable version of OpenSSH.
positional arguments:
targets IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges.
optional arguments:
-h, --help show this help message and exit
--port PORT Port number to check (default: 22).
-t TIMEOUT, --timeout TIMEOUT
Connection timeout in seconds (default: 1 second).
-l LIST, --list LIST File containing a list of IP addresses to check.
```
### Examples
1. Check a single IP address:
```bash
python3 openssh_checker.py 192.168.1.1
```
2. Check multiple IP addresses from a file:
```bash
python3 openssh_checker.py -l ip_list.txt
```
3. Check a CIDR range:
```bash
python3 openssh_checker.py 192.168.1.0/24
```
## Output
The script outputs detailed information about each target:
- Servers not vulnerable to OpenSSH exploits.
- Servers likely vulnerable to OpenSSH exploits.
- Servers with closed SSH ports.
- Total number of targets scanned.
## Notes
- Ensure that you have appropriate permissions to scan the target hosts.
- Use responsibly and only on systems you are authorized to test.
文件快照
[4.0K] /data/pocs/3065dbf5d04bca965cc3d95a5b3c08a1a2ae834e
├── [4.1K] openssh_checker.py
└── [2.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。