关联漏洞
标题:
OpenSSH 安全漏洞
(CVE-2024-6387)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
描述
This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently.
介绍
# CVE-2024-6387
This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH.This script is a faster and simpler version of an OpenSSH vulnerability scanner. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently.
# Key Features and Functionality:
**Input Handling:**
The script accepts IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges as input.
IP addresses can be provided directly or read from a file.
**Port and Timeout Configuration:**
Users can specify the port to check (default is port 22, commonly used for SSH).
A connection timeout value can also be set, with a default of 1 second.
**Multi-threading:**
The script uses a thread pool to process IP addresses concurrently, improving scanning speed.
The number of worker threads can be configured (default is 10).
**Port Status Check:**
The script first checks if the specified port is open on each IP address.
**SSH Banner Retrieval:**
If the port is open, the script attempts to retrieve the SSH banner from the server.
The banner is analyzed to determine if the SSH service is a potentially vulnerable version of OpenSSH.
**Vulnerability Assessment:**
A predefined set of vulnerable OpenSSH versions is checked against the retrieved banner.
Results are categorized into vulnerable, not vulnerable, and closed port statuses.
**Results Output:**
The script outputs the number of servers that are not vulnerable, likely vulnerable, and those with the port closed.
# Usage
## Basic Usage
python r4tw1z.py <targets> [options]
"**Targets**": IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges to scan.
## Options
--port PORT (default: 22): Specify the port number to check.
-t, --timeout TIMEOUT (default: 1.0): Set the connection timeout in seconds.
-w, --workers NUM (default: 10): Define the number of worker threads for concurrent scanning.
-o, --output FILE (optional): Output the results to a specified file.
-c, --custom_banners BANNER1 BANNER2 ... (optional): List custom SSH banners to check for vulnerabilities.
-v, --verbose: Enable verbose mode to display detailed information about each scanned server.
-r, --retries NUM (default: 3): Set the number of retries for each connection attempt.
# Examples
## Scan a list of IP addresses:
python r4tw1z.py 192.168.1.1 192.168.1.2
## Scan a CIDR range with verbose output:
python r4tw1z.py 192.168.1.0/24 -v
## Scan a file containing IP addresses and save results to a file:
python r4tw1z.py ips.txt -o results.txt
## Scan with custom SSH banners:
python r4tw1z.py 192.168.1.1 -c "SSH-2.0-CustomBanner1" "SSH-2.0-CustomBanner2"
## Scan with retries and multiple worker threads:
python r4tw1z.py 192.168.1.1 -r 5 -w 20
# Contributing
Feel free to fork this repository and submit pull requests. Contributions to improve the tool are always welcome!
文件快照
[4.0K] /data/pocs/577a38db43a62279ab52d9d6f543a50664870fda
├── [3.0K] README.md
└── [6.1K] scanSSH.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。