CVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH, specifically targeting the recently discovered regreSSHion vulnerability (CVE-2024-6387). This script facilitates rapid scanning of multiple IP addresses, domain names, and CIDR network ranges to detect potential vulnerabilities and ensure your infrastructure is secure.
- Rapid Scanning: Quickly scan multiple IP addresses, domain names, and CIDR ranges for the CVE-2024-6387 vulnerability.
- Banner Retrieval: Efficiently retrieves SSH banners without authentication.
- Grace Time Detection: Optionally detect if servers have mitigated vulnerabilities using the LoginGraceTime setting.
- IPv6 Support: Fully supports IPv6 addresses for both direct and hostname-based scanning.
- Multi-threading: Uses threading for concurrent checks, significantly reducing scan times.
- Detailed Output: Provides clear, emoji-coded output summarizing scan results.
- Port Check: Identifies closed ports and provides a summary of non-responsive hosts.
- Patched Versions Detection: Recognizes and excludes known patched versions from vulnerability reports.
python CVE-2024-6387_Check.py <targets> [--port PORT] [--timeout TIMEOUT] [--list FILE] [--grace-time-check [SECONDS]]<targets>: IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges.--port PORT: Specify the port number to check (default: 22).--timeout TIMEOUT: Set connection timeout in seconds (default: 1 second).--list FILE: File containing a list of IP addresses to check.--grace-time-check [SECONDS]: Time in seconds to wait after identifying the version to check forLoginGraceTimemitigation (default: 120 seconds).
python CVE-2024-6387_Check.py 192.168.1.1python CVE-2024-6387_Check.py -l ip_list.txtpython CVE-2024-6387_Check.py 192.168.1.1 example.com 192.168.1.2python CVE-2024-6387_Check.py 192.168.1.0/24python CVE-2024-6387_Check.py 192.168.1.1 example.com --port 2222python CVE-2024-6387_Check.py 192.168.1.1 --grace-time-checkpython CVE-2024-6387_Check.py 192.168.1.1 --grace-time-check 150The tool supports checking for LoginGraceTime mitigation. When the --grace-time-check option is used, the script will wait for the specified duration after retrieving the SSH banner to see if the connection remains open, which indicates that the LoginGraceTime setting might be set to 0 as a mitigation measure.
The tool fully supports IPv6 addresses. You can scan both IPv4 and IPv6 addresses directly or through hostname resolution.
The tool recognizes certain patched versions of OpenSSH and excludes them from the vulnerability report, ensuring more accurate results.
The script will provide a summary of the scanned targets:
- 🚨 Vulnerable: Servers running a vulnerable version of OpenSSH.
- 🛡️ Not Vulnerable: Servers running a non-vulnerable version of OpenSSH.
⚠️ Unknown: Servers running an unknown version of SSH- 🔒 Closed Ports: Count of servers with port 22 (or specified port) closed.
- 📊 Total Scanned: Total number of targets scanned.
🛡️ Servers not vulnerable: 2
[+] Server at somedomain.cloudapp.azure.com (running SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11)
[+] Server at regresshion_test.cc (running SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.3)
🚨 Servers likely vulnerable: 1
[+] Server at 4.231.170.122 (running SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2)
[+] Server at 4.231.170.121 (running SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2) with LoginGraceTime mitigation detected (session stayed open for 120 seconds)
⚠️ Servers with unknown SSH version: 1
[+] Server at 103.97.85.85 (banner: SSH-2.0-ROSSSH)
🔒 Servers with port 22 closed: 254
📊 Total scanned targets: 257