Coder Social home page Coder Social logo

jobroche / libssh-scanner Goto Github PK

View Code? Open in Web Editor NEW
231.0 18.0 53.0 23 KB

Script to identify hosts vulnerable to CVE-2018-10933

Home Page: https://www.leapsecurity.io/blog/cve-2018-10933-libssh-authentication-bypass-tool/

License: MIT License

Python 100.00%

libssh-scanner's Introduction

libssh scanner

Introduction

This is a python based script to identify hosts vulnerable to CVE-2018-10933. Libssh scanner has two modes: passive (banner grabbing) and aggressive (bypass auth) to validate vulnerability's existence. By default, libssh scanner uses passive mode but supply the -a argument and aggressive mode will be used which provides more accurate results.

The vulnerability is present on versions of libssh 0.6+ and was remediated by a patch present in libssh 0.7.6 and 0.8.4. For more details: https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release/

Installation

Run pip install -r requirements.txt within the cloned libssh-scanner directory.

Help

libssh Scanner - Find vulnerable libssh services by Leap Security (@LeapSecurity)

positional arguments:
  target                An ip address or new line delimited file containing
                        IPs to search for the vulnerability.

optional arguments:
  -h, --help            show this help message and exit
  -v, --version         show program's version number and exit
  -p PORT, --port PORT  Set port of SSH service
  -a, --aggressive      Identify vulnerable hosts by bypassing authentication

libssh-scanner's People

Contributors

jobroche avatar ratmole avatar expobrain avatar octomike avatar thehappydinoa avatar joanbono avatar

Stargazers

avatar Amir avatar Adnan Ahmed avatar Eugene Dobrodeev avatar Alper Karaca avatar Nicolas Vincent avatar slezer avatar Jamie Sparks avatar Kieran avatar Syed Umar Arfeen avatar avatar avatar Aleksandr avatar ꪶ࿋྄ིᤢꫂFคէaliէy avatar avatar avatar Julien Briault avatar 01x avatar Rémi Ratajczak avatar K. avatar Daniel Umpierrez avatar Jialun Tom Chen avatar avatar avatar avatar Nicolas Schirmer avatar avatar thirsd avatar Arif avatar z3r0yu avatar avatar Marcus Weinberger avatar Ionut MIhai C avatar Toan Tran avatar jjan X avatar avatar avatar avatar Sasdaqq avatar avatar Евгений Борисов avatar CongRong. avatar Elnur Mammadov avatar Wagner Souza avatar Shameer Kashif (Shiri) avatar N3XUS avatar Brett Napier avatar avatar avatar TonghuaRoot(童话) avatar Cai Qiqi avatar avatar Guillaume Zablot avatar lewisec avatar avatar Camilo avatar Maciej Krüger avatar Lucian I. Last avatar DeyaNemo avatar Georgi Kostadinov avatar Mo Zakkut avatar Henrique Delgado avatar Vikas Swami avatar David Schneider avatar Roman Pishchalnikov avatar avatar Anatoliy avatar avatar B.Babacan avatar Hubu avatar D. Yatish Bhat avatar avatar Tom Maier avatar Track Projects avatar avatar Suri avatar Schrodinger avatar Wiktor avatar Skyler Onken avatar avatar Mitnick avatar Nicolas RUFF avatar Niyazi Sırt avatar avatar avatar avatar Daniel Jankowski avatar nimaarek avatar Slevin Kelevra avatar Ivan Zorin avatar avatar Francois B. (Makoto) avatar Sergey Tolmachev avatar kalyan avatar Majes avatar Saurabh Nemade avatar avatar avatar Levi Cameron avatar avatar

Watchers

hubiev avatar avatar James Cloos avatar avatar avatar avatar Daniel Umpierrez avatar avatar shi han wang avatar imslowmist avatar Nate Marshall avatar Wumpus avatar Александр avatar Adam M Toscher avatar R. B. avatar Peter Welz avatar avatar avatar

Forkers

w00t3k loveh4ck joshonardo raystyle ratmole infosecrepo mlynchcogent qianniaoge rvrsh3ll cclauss bonedaddy foxweek orf53975 vinsonzou cyberlight tailoredaccessteam expobrain octomike demonslay335 alilosoft lqingyu eduriel mrmugiwara saurabhnemade kalyan57 chosen1 thehappydinoa c002 techlord-rce levin-kelevra x000x-original xstpl deployed 1trackprojects1 dominusceo v1k-t0r dirm02 coderandy elnurm 1337g natrix-fork kenshincheg sancelisso pandinosaurus masterscott krstnaparker ameg-yag

libssh-scanner's Issues

Target list

Instead of specifying a single target, indicate a file with a list where several ips addresses are found.

SyntaxError: invalid syntax

Hi,
i tried and received syntax error

C:\Users\me-laptop\AppData\Local\Programs\Python\Python37-32>python scan_libssh.py
File "scan_libssh.py", line 14
print "{blue}[*]{white} {ipaddr}:{port} is not vulnerable to authentication bypass ({banner})".format(blue=colors.blue, white=colors.normal, ipaddr=ip, port=port, banner=banner.strip())
^
SyntaxError: invalid syntax

Please advise

Crash on some banners

Hi,

Thanks a tonne for this tool. I have found some devices that crash it however. The banner I'm seeing is:

SSH-1.5-OpenSSH_2.9p1

And when scanned I get

Traceback (most recent call last):
  File "./libsshscan.py", line 93, in <module>
    aggressive(ip, int(args.port))
  File "./libsshscan.py", line 57, in aggressive
    pstatus(ip, port, banner)

version of pyhton required

The tool installed correctly with the depencies through pip command.
when i run it i have this error msg

# python libsshscan.py
  File "libsshscan.py", line 14
    print "{blue}[*]{white} {ipaddr}:{port} is not vulnerable to authentication bypass ({banner})".format(blue=colors.blue, white=colors.normal, ipaddr=ip, port=port, banner=banner.strip()) 
                                                                                                 ^
SyntaxError: invalid syntax

So How to overcome ?
Thks in advance

invalid banner check

Hi,

I'm scanning a version of libssh which is known as vulnerable and I get the following output:

[*] 127.0.0.1:22 is not vulnerable to authentication bypass (SSH-2.0-libssh_0.7.5)

Strangely, the banner does not match because of the _ instead of -.
From what I see in libssh code (libssh/include/libssh/priv.h), the banner is "SSH-2.0-libssh_" SSH_STRINGIFY(LIBSSH_VERSION), so I suppose the scanner should be updated to match an underscore instead of the dash.

After doing the modification, the scanner properly detects the server as "likely VULNERABLE".

By the way, in aggressive mode, the server is seen as not vulnerable, can it be because of the server configuration?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.