-
Notifications
You must be signed in to change notification settings - Fork 1
/
cve-2024-6387.py
57 lines (48 loc) · 2.02 KB
/
cve-2024-6387.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import paramiko
import argparse
def check_ssh_version(ip, port=22, timeout=10):
try:
client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect(ip, port=port, timeout=timeout)
stdin, stdout, stderr = client.exec_command('ssh -V')
version_info = stderr.read().decode()
client.close()
if "OpenSSH" in version_info:
return version_info.split()[0]
return None
except Exception as e:
return None
def analyze_version(ip, version):
if version >= "OpenSSH_8.5" and version < "OpenSSH_9.8":
return "Vulnerable to CVE-2024-6387"
elif version >= "OpenSSH_4.4" and version < "OpenSSH_8.5":
return "Not vulnerable to CVE-2024-6387 (patched for CVE-2006-5051)"
elif version < "OpenSSH_4.4":
return "Vulnerable to regreSSHion (unless patched for CVE-2006-5051 and CVE-2008-4109)"
else:
return "Unknown version"
def main():
parser = argparse.ArgumentParser(description='[+] ACYBER.IR Security LAB | https://github.com/mrmtwoj/CVE-2024-6387')
parser.add_argument('-r', '--read', type=str, help='File with list of network addresses', required=True)
parser.add_argument('--about', action='store_true', help='Show about section')
args = parser.parse_args()
if args.about:
print("This script checks the OpenSSH version of servers and evaluates their security status.")
return
try:
with open(args.read, 'r') as file:
servers = file.readlines()
except FileNotFoundError:
print("File not found.")
return
for server in servers:
ip = server.strip()
version = check_ssh_version(ip)
if version:
status = analyze_version(ip, version)
print(f"Server: {ip}\t OpenSSH Version: {version}\t Status: {status}")
else:
print(f"Server: {ip}\t OpenSSH Version: Unknown\t Status: Unable to connect or unknown version")
if __name__ == "__main__":
main()