forked from rochmad/CVE-2024-6387_Check
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2024-6387_Check.py
130 lines (112 loc) · 4.19 KB
/
CVE-2024-6387_Check.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
import socket
import argparse
import ipaddress
import threading
from queue import Queue
def is_port_open(ip, port, timeout):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout)
try:
sock.connect((ip, port))
sock.close()
return True
except:
return False
def get_ssh_banner(ip, port, timeout):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout)
sock.connect((ip, port))
banner = sock.recv(1024).decode().strip()
sock.close()
return banner
except Exception as e:
return str(e)
def check_vulnerability(ip, port, timeout, result_queue):
if not is_port_open(ip, port, timeout):
result_queue.put((ip, port, 'closed', "Port closed"))
return
banner = get_ssh_banner(ip, port, timeout)
if "SSH-2.0-OpenSSH" not in banner:
result_queue.put((ip, port, 'failed', f"Failed to retrieve SSH banner: {banner}"))
return
# deb11u3 = LATEST DEBIAN 11 with patch 2024-6387
# deb12u3, = LATEST DEBIAN 12 with patch 2024-6387
# 9.7p1, = unstable for old system but with ssh 9.7p1-7
# 8.4p1, = only affected after this version, else befor this is unaffected
# 7., = old system, no longer maintainance
# 6. = old system, no longer maintainance
# 3ubuntu0.10 Ubuntu 22.04
# 1ubuntu3.6 Ubuntu 23.10
# 3ubuntu13.3 Ubuntu 24.04
non_vulnerable_versions = [
'deb11u3',
'deb12u3',
'9.7p1',
'8.4p1',
'7.',
'6.',
'3ubuntu0.10',
'1ubuntu3.6',
'3ubuntu13.3'
]
if any(version in banner for version in non_vulnerable_versions):
result_queue.put((ip, port, 'not_vulnerable', f"(running {banner})"))
else:
result_queue.put((ip, port, 'vulnerable', f"(running {banner})"))
def main():
parser = argparse.ArgumentParser(description="Check if servers are running a vulnerable version of OpenSSH.")
parser.add_argument("targets", nargs='+', help="IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges.")
parser.add_argument("--port", type=int, default=22, help="Port number to check (default: 22).")
parser.add_argument("-t", "--timeout", type=float, default=1.0, help="Connection timeout in seconds (default: 1 second).")
args = parser.parse_args()
targets = args.targets
port = args.port
timeout = args.timeout
ips = []
for target in targets:
try:
with open(target, 'r') as file:
ips.extend(file.readlines())
except IOError:
if '/' in target:
try:
network = ipaddress.ip_network(target, strict=False)
ips.extend([str(ip) for ip in network.hosts()])
except ValueError:
print(f"❌ [-] Invalid CIDR notation: {target}")
else:
ips.append(target)
result_queue = Queue()
threads = []
for ip in ips:
ip = ip.strip()
thread = threading.Thread(target=check_vulnerability, args=(ip, port, timeout, result_queue))
thread.start()
threads.append(thread)
for thread in threads:
thread.join()
total_scanned = len(ips)
closed_ports = 0
not_vulnerable = []
vulnerable = []
while not result_queue.empty():
ip, port, status, message = result_queue.get()
if status == 'closed':
closed_ports += 1
elif status == 'vulnerable':
vulnerable.append((ip, message))
elif status == 'not_vulnerable':
not_vulnerable.append((ip, message))
else:
print(f"⚠️ [!] Server at {ip}:{port} is {message}")
print(f"\n🛡️ Servers not vulnerable: {len(not_vulnerable)}\n")
for ip, msg in not_vulnerable:
print(f" [+] Server at {ip} {msg}")
print(f"\n🚨 Servers likely vulnerable: {len(vulnerable)}\n")
for ip, msg in vulnerable:
print(f" [+] Server at {ip} {msg}")
print(f"\n🔒 Servers with port 22 closed: {closed_ports}")
print(f"\n📊 Total scanned targets: {total_scanned}\n")
if __name__ == "__main__":
main()