Skip to content

Latest commit

 

History

History
115 lines (82 loc) · 3.92 KB

File metadata and controls

115 lines (82 loc) · 3.92 KB

CVE-2024-6387 Vulnerability Checker

Overview

This Python script is designed to check SSH servers for the CVE-2024-6387 vulnerability, specifically targeting the recently discovered regreSSHion, which is associated with specific versions of OpenSSH. The tool supports multiple IP addresses, URLs, CIDR ranges, and ports, and can also read addresses from a file. The results are displayed in a categorized and color-coded manner for better readability.

regreSSHion

Created by Filipi Pires - Senior Threat Researcher & Cybersecurity Advocate

Features

  • Customizable: Specify multiple IP addresses, URLs, CIDR ranges, and ports.
  • File Input Support: Read addresses and ranges from a file.
  • Color-Coded Output: Easily distinguish between vulnerable, safe, unknown, and error results.
  • Network Range Handling: Automatically expands CIDR ranges into individual IP addresses.

Output

  • SAFE: Non-vulnerable servers.
  • VULNERABLE: Servers running a vulnerable version of OpenSSH.
  • UNKNOWN: Servers with an unknown SSH version.
  • ERROR: Servers that could not be accessed or resolved.

Usage

Command Line

To run the script with multiple IPs, URLs, or CIDR ranges directly from the command line:

python3 CVE-2024-6387-Vulnerability-Checker.py <addresses> -p <ports> -t <timeout> 
  • addresses: IP addresses, URLs, or CIDR ranges to check (space-separated).

  • -p, --ports: Comma-separated list of port numbers for SSH (default: 22).

  • -t, --timeout: Connection timeout in seconds (default: 5.0).

image

From a File

To run the script with addresses specified in a file:

python3 CVE-2024-6387-Vulnerability-Checker.py -f <filename> -p <ports> -t <timeout>
  • filename: File containing a list of IP addresses or CIDR ranges.
image

Example Usage

To check multiple IPs, URLs, or CIDR ranges directly from the command line:

python3 CVE-2024-6387-Vulnerability-Checker.py 192.168.1.1 192.168.1.2 192.168.1.0/24 example.com -p 22,2222 -t 5.0
  • To check addresses from a file:
python3 CVE-2024-6387-Vulnerability-Checker.py -f addresses.txt -p 22,2222 -t 5.0

Example addresses.txt file:

192.168.1.1
example.com
192.168.1.0/24

Contributing

Contributions are welcome! Please follow these steps to contribute:

1. Fork the Repository: Click the "Fork" button at the top right of this page.

2. Clone Your Fork: Clone your forked repository to your local machine:

git clone https://github.com/YOUR_USERNAME/CVE-2024-6387-Vulnerability-Checker.git
cd CVE-2024-6387-Vulnerability-Checker

3. Create a Branch: Create a new branch for your feature or bugfix.

git checkout -b my-feature-branch

4. Make Changes: Make your changes to the code.

5. Commit Your Changes: Commit your changes with a descriptive commit message.

git add .
git commit -m "Description of the changes"

6. Push Your Branch: Push your branch to your forked repository.

git push origin my-feature-branch

7. Create a Pull Request: Go to the original repository on GitHub, and click "New Pull Request". Select your branch from the compare dropdown, and submit your pull request.


Launch

[July 09th-2024]

  • First Version - Launch

[August 28th-2024]

  • Repository Updated

References

Qualys's Blog - regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server