Open arthepsy opened 8 years ago
Might be possible to use searchsploit for the CVE stuff. I use it here: https://github.com/blindfuzzy/LHF/blob/master/Modules/recon.py ; works out pretty well.
Good tip, @blindfuzzy . As I don't want to rely on external modules/scripts/dependencies, I could use this for double-checking (as existing database). Also, maybe I could add it as optional dependency. Will have to research how useful it is when I'm done with historical CVE's.
P.S. LHF looks interesting.
I understand. Thanks :D Hoping to continue making it better.
Dropbear SSH CVE's: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=dropbear Correspond exactly to ChangeLog: https://matt.ucc.asn.au/dropbear/CHANGES
cve-search is missing CVE-2006-0225 (probably, due to being attributed to OpenSSH).
Security sections for Dropbear SSH (already released) and libssh are done (release next week). Only OpenSSH is left as TODO.
Perhaps a simple output of encountered SSH versions can be written to a file for a second script tool to interactively read then consult via-API to retrieve CVE?