search

xaitax / CVE-2024-6387_Check

CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
GNU General Public License v3.0
381 stars 77 forks source link

SSH Service HELP request #29

Closed SentriumJames closed 3 days ago

SentriumJames commented 4 days ago

In some instances, the SSH service does not return the banner from a simple socket connection. It may just return a timeout, whereas nmap -sV will successfully send a HELP request to retrieve banner information.

I cannot provide the IP address this is affected by, but the solution is to perform the following. This may not always be required, so it might be worthwhile performing this on a second run when the first socket connection fails to return a banner.

def get_ssh_sock(ip, port, timeout):
    try:
        family = socket.AF_INET6 if ':' in ip else socket.AF_INET
        sock = socket.socket(family, socket.SOCK_STREAM)
        sock.settimeout(timeout)
        sock.connect((ip, port))
        help_string = "HELP\n"
        sock.sendall(help_string.encode())
        return sock

This was just a temporary fix to get it to work on a host. But may be something to be aware of.

xaitax commented 3 days ago

Should be addressed now. You can add -u or --use-help-request. Please verify.