关联漏洞
标题:
OpenSSH 安全漏洞
(CVE-2024-6387)
描述:OpenSSH(OpenBSD Secure Shell)是加拿大OpenBSD计划组的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 存在安全漏洞,该漏洞源于信号处理程序中存在竞争条件,攻击者利用该漏洞可以在无需认证的情况下远程执行任意代码并获得系统控制权。
描述
This Go program scans targets for CVE-2024-6387 in OpenSSH, categorizing servers by vulnerability status and port availability.
介绍
# OpenSSH CVE-2024-6387 Vulnerability Scanner
**🔒 Overview:**
This Go program scans targets for CVE-2024-6387 in OpenSSH, categorizing servers by vulnerability status and port availability. It supports various target types including IP addresses, domain names, files with lists of targets, and CIDR notations. The tool checks if port 22 (default) is open on each target and retrieves the SSH banner to match against known vulnerable OpenSSH versions. Results are categorized into servers likely vulnerable, not vulnerable, or with port 22 closed. Detailed usage instructions and examples are provided for easy integration into security assessments and network monitoring workflows.
**🚀 Usage:**
1. **Clone the repository:**
```bash
git clone https://github.com/SecWithMoh/CVE-2024-6387.git
cd CVE-2024-6387
```
2. **Build the executable:**
```bash
go build
```
3. **Prepare targets:**
- Specify targets as IP addresses, domain names, file paths containing lists of targets, or CIDR network ranges.
4. **Run the scanner:**
- Execute the program with specified options and targets:
```bash
./CVE-2024-6387 target1 target2 ...
```
- Example with custom port and timeout:
```bash
./CVE-2024-6387 -port 2222 -timeout 2.5 target1
```
5. **Review results:**
- View categorized results on the terminal:
- Servers not vulnerable.
- Servers likely vulnerable (with details of vulnerable versions).
- Servers with port 22 closed.
- Total scanned targets.
6. **File output:**
- If servers are found vulnerable, their details are written to `exploitable.txt`.
**🛠️ Contributing:**
- Contributions are welcome via pull requests.
- Fork the repository, create a new branch, and submit your enhancements.
- Report bugs or suggest improvements by creating Issues on GitHub.
**📄 License:**
This project is licensed under the GNU General Public License v3.0 - see the [LICENSE](https://github.com/SecWithMoh/GGE/blob/main/LICENSE) file for details.
文件快照
[4.0K] /data/pocs/a8471996cdea412a7b6c84762e92dd49498ecf8b
├── [4.2K] main.go
├── [2.1K] README.md
└── [ 12K] run.png
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。