search

filipi86 / CVE-2024-6387-Vulnerability-Checker

This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.
MIT License
90 stars 17 forks source link

Bug ? #1

Closed JinxCH73 closed 2 months ago

JinxCH73 commented 2 months ago

Thanks for the job. When I used this script with a text file, I had as a result a first pass with the "true" result and a second pass with the error "WE COULDN'T CONNECT OR RETRIEVE BANNER" ssh

filipi86 commented 2 months ago

Hi JinxCH73

Thanks for the job. When I used this script with a text file, I had as a result a first pass with the "true" result and a second pass with the error "WE COULDN'T CONNECT OR RETRIEVE BANNER" ssh

Hi JinxCH73, The problem is based on timeout, This is the error, you should add more time to the timeout

python3 CVE-2024-6387-Vulnerability-Checker.py -f <filename> -p <ports> -t <timeout>

JinxCH73 commented 2 months ago

I dont think so since a host detected safe first and appears in error next... Apparently, it tries all the specified ports in the args for all hosts in the list file.

eg [SAFE] -> 192.168.6.100:22-> Running SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10 [ERROR] -> 192.168.6.100:22222 WE COULDN'T CONNECT OR RETRIEVE BANNER

But maybe this is what is wanted.

filipi86 commented 2 months ago

Can you share the command used? :)

JinxCH73 commented 2 months ago

python CVE-2024-6387-Vulnerability-Checker.py -f linux2.txt -p 22,22222

filipi86 commented 2 months ago

I made a test using a public IP address (SAFE), in this test, the only port opened is 22222

image
JinxCH73 commented 2 months ago

OK, so it seems to work as designed.

filipi86 commented 2 months ago

I'll see some possibility to add checks only based on App ( OpenSSH ), If you have both ports opened, should appear in the results.