Comments (2)
nawabs11
commented on September 4, 2024
`import socket
import argparse
import ipaddress
import threading
from queue import Queue
from concurrent.futures import ThreadPoolExecutor, as_completed
def get_ssh_sock(ip, port, timeout):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout)
try:
sock.connect((ip, port))
return sock
except:
return None
def get_ssh_banner(sock):
try:
banner = sock.recv(1024).decode().strip()
sock.close()
return banner
except Exception as e:
return str(e)
def check_vulnerability(ip, port, timeout, result_queue):
sshsock = get_ssh_sock(ip, port, timeout)
if not sshsock:
result_queue.put((ip, port, 'closed', "Port closed"))
return
banner = get_ssh_banner(sshsock)
if "SSH-2.0-OpenSSH" not in banner:
result_queue.put((ip, port, 'failed', f"Failed to retrieve SSH banner: {banner}"))
return
vulnerable_versions = [
'SSH-2.0-OpenSSH_8.5',
'SSH-2.0-OpenSSH_8.6',
'SSH-2.0-OpenSSH_8.7',
'SSH-2.0-OpenSSH_8.8',
'SSH-2.0-OpenSSH_8.9',
'SSH-2.0-OpenSSH_9.0',
'SSH-2.0-OpenSSH_9.1',
'SSH-2.0-OpenSSH_9.2',
'SSH-2.0-OpenSSH_9.3',
'SSH-2.0-OpenSSH_9.4',
'SSH-2.0-OpenSSH_9.5',
'SSH-2.0-OpenSSH_9.6',
'SSH-2.0-OpenSSH_9.7'
]
excluded_versions = [
'SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10',
'SSH-2.0-OpenSSH_9.3p1 Ubuntu-3ubuntu3.6',
'SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.3',
'SSH-2.0-OpenSSH_9.3p1 Ubuntu-1ubuntu3.6',
'SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3',
'SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3'
]
if any(version in banner for version in vulnerable_versions) and banner not in excluded_versions:
result_queue.put((ip, port, 'vulnerable', f"(running {banner})"))
else:
result_queue.put((ip, port, 'not_vulnerable', f"(running {banner})"))
def process_ip_list(ip_list_file):
ips = []
try:
with open(ip_list_file, 'r') as file:
ips.extend(file.readlines())
except IOError:
print(f"ā [-] Could not read file: {ip_list_file}")
return [ip.strip() for ip in ips]
def main():
parser = argparse.ArgumentParser(description="Check if servers are running a vulnerable version of OpenSSH.")
parser.add_argument("targets", nargs='*', help="IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges.")
parser.add_argument("--port", type=int, default=22, help="Port number to check (default: 22).")
parser.add_argument("-t", "--timeout", type=float, default=1.0, help="Connection timeout in seconds (default: 1 second).")
parser.add_argument("-l", "--list", help="File containing a list of IP addresses to check.")
args = parser.parse_args()
targets = args.targets
port = args.port
timeout = args.timeout
ips = []
if args.list:
ips.extend(process_ip_list(args.list))
for target in targets:
try:
with open(target, 'r') as file:
ips.extend(file.readlines())
except IOError:
if '/' in target:
try:
network = ipaddress.ip_network(target, strict=False)
ips.extend([str(ip) for ip in network.hosts()])
except ValueError:
print(f"ā [-] Invalid CIDR notation: {target}")
else:
ips.append(target)
result_queue = Queue()
# Limit the number of concurrent threads
max_workers = 100
with ThreadPoolExecutor(max_workers=max_workers) as executor:
futures = []
for ip in ips:
ip = ip.strip()
futures.append(executor.submit(check_vulnerability, ip, port, timeout, result_queue))
for future in as_completed(futures):
future.result()
total_scanned = len(ips)
closed_ports = 0
not_vulnerable = []
vulnerable = []
while not result_queue.empty():
ip, port, status, message = result_queue.get()
if status == 'closed':
closed_ports += 1
elif status == 'vulnerable':
vulnerable.append((ip, message))
elif status == 'not_vulnerable':
not_vulnerable.append((ip, message))
else:
print(f"ā ļø [!] Server at {ip}:{port} is {message}")
print(f"\nš”ļø Servers not vulnerable: {len(not_vulnerable)}\n")
for ip, msg in not_vulnerable:
print(f" [+] Server at {ip} {msg}")
print(f"\nšØ Servers likely vulnerable: {len(vulnerable)}\n")
for ip, msg in vulnerable:
print(f" [+] Server at {ip} {msg}")
print(f"\nš Servers with port {port} closed: {closed_ports}")
print(f"\nš Total scanned targets: {total_scanned}\n")
if name == "main":
main()
`
from cve-2024-6387_check.
xaitax
commented on September 4, 2024
Please test again - should be solved now. If persists, please reopen.
from cve-2024-6387_check.
Related Issues (20)
- Please add a license HOT 1
- Will bring false positives, read Ubuntu and Debian's updates HOT 4
- Requires Python 3.6 or newer HOT 1
- Why contacting open ports twice?
- Hardoded port number in summary report message
- Invalid non-printable character line 40 HOT 2
- OSError: [Errno 24] Too many open files HOT 2
- Failed to retrieve SSH banner HOT 6
- Feature request: Option to test login timeout of more than X seconds HOT 5
- How to scan IPV6 Hosts HOT 3
- Hosts that only have an IPv6 address cannot be tested by hostname HOT 4
- Adding network support in ip_list_file
- SSH Service HELP request HOT 1
- add multiple port scan HOT 1
- [REQUEST] Add Rocky Linux support! HOT 5
- Connection TCP reset during grace-time-check crashes program HOT 1
- Ports HOT 2
- Is 8.5 really vulnerable? HOT 4
- script under python 3.6.8 problem HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-2024-6387_check.