User name enumeration against SSH daemons affected by CVE-2016-6210.# CVE-2016-6210
User name enumeration against SSH daemons affected by CVE-2016-6210.
Use against your own hosts only! Attacking stuff you are not permitted to may put you in big trouble!
# INSTALATION
### Clone the Repository:
git clone https://github.com/coolbabayaga/CVE-2016-6210.git
cd ssh-enum-cve-2016-6210
### Create and Activate a Virtual Environment (Optional but recommended):
python3 -m venv venv
source venv/bin/activate
### Install Dependencies:
pip install -r requirements.txt
### Run the Script:
40136.py -h
# USAGE
#### usage: 40136.py [-h] [-u USER | -U USERLIST] [-e] [-s] [--bytes BYTES] [--samples SAMPLES] [--factor FACTOR] [--trials TRIALS] host
#
example: 40136.py -U /usr/share/wordlists/metasploit/unix_users.txt -e -s 192.168.44.63:22
positional arguments:
host Give SSH server address like ip:port or just by ip
options:
-h, --help show this help message and exit
-u, --user USER Give a single user name
-U, --userlist USERLIST
Give a file containing a list of users
-e, --enumerated Only show enumerated users
-s, --silent Silent mode
--bytes BYTES Bytes to send as password
--samples SAMPLES Samples for baseline timing
--factor FACTOR Factor for timing boundary
--trials TRIALS Trials per user
[4.0K] /data/pocs/990cefcaed9764ae054e015edb08f90d2487caf7
├── [4.0K] 40136.py
├── [1.4K] README.md
└── [ 31] requirements.txt
0 directories, 3 files