This repository contains a Proof of Concept (POC) script to check for the OpenSSH Pre-Auth Double Free vulnerability (CVE-2023-25136) using the Paramiko library in Python.
Before running this POC script, you need to make sure you have the following dependencies installed:
- Python 3.x
- Paramiko library
- termcolor library
- argparse library
You can install all of the requirements using pip:
pip install -r requirements.txt
To check for the vulnerability on a single IP address, run the script with the -i option followed by the IP address:
python CVE-2023-25136.py -i 192.168.1.1
To check for the vulnerability on multiple IP addresses, create a file containing a list of IP addresses (one per line) and run the script with the -f option followed by the file name:
python CVE-2023-25136.py -f ip_list.txt
The script will output whether each IP address is vulnerable or not. If an IP address is vulnerable, it will be printed in green text, and if it is not vulnerable, it will be printed in red text.
This POC script is for educational and testing purposes only. Do not use it to exploit the vulnerability on any system that you do not own or have permission to test. The authors of this POC script are not responsible for any misuse or damage caused by its use.