I have a question, can you help me?

RUB-NDS / Terrapin-Scanner

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

https://terrapin-attack.com

Apache License 2.0

931 stars 62 forks source link

I have a question, can you help me? #24

Closed meetgyn closed 7 months ago

meetgyn commented 7 months ago

"I have a question, can you help me: I conducted a scan test, and it worked perfectly. Now, here's my question: does it only serve to detect the vulnerability, or can I actually carry out an attack? I ask this because I'm trying to create a lab to demonstrate to my penetration testing clients."

TrueSkrillor commented 7 months ago

It does not perform the attack. The scanner simply checks whether your client / server supports one of the vulnerable encryption modes as well as "strict kex" as the suggested countermeasure. However, you can find PoCs implemented as TCP proxies for the attacks presented in our paper here: RUB-NDS/Terrapin-Artifacts

I will be closing this issue since this should answer your question sufficiently. If not, feel free to reopen.