The openssh-vuln-checker.nse
script checks if a server is running a vulnerable version of OpenSSH(CVE-2024-6387). It connects to the SSH port, retrieves the SSH banner, and compares it against a list of known vulnerable versions.
The script checks for the following vulnerable versions of OpenSSH:
- SSH-2.0-OpenSSH_8.5p1
- SSH-2.0-OpenSSH_8.6p1
- SSH-2.0-OpenSSH_8.7p1
- SSH-2.0-OpenSSH_8.8p1
- SSH-2.0-OpenSSH_8.9p1
- SSH-2.0-OpenSSH_9.0p1
- SSH-2.0-OpenSSH_9.1p1
- SSH-2.0-OpenSSH_9.2p1
- SSH-2.0-OpenSSH_9.3p1
- SSH-2.0-OpenSSH_9.4p1
- SSH-2.0-OpenSSH_9.5p1
- SSH-2.0-OpenSSH_9.6p1
- SSH-2.0-OpenSSH_9.7p1
- nmap --script openssh-vuln-checker -p 22
- PORT STATE SERVICE
- 22/tcp open ssh
- | openssh-vuln-checker:
- | Server at is running SSH-2.0-OpenSSH_ (vulnerable)
- |_ Server at is not vulnerable (running SSH-2.0-OpenSSH_)