add multiple port scan
omponggosong opened this issue · 1 comments
#!/usr/bin/env python3
import socket
import argparse
import ipaddress
import threading
import time
from queue import Queue
from concurrent.futures import ThreadPoolExecutor
VERSION = "0.5"
BLUE = "\033[94m"
GREEN = "\033[92m"
RED = "\033[91m"
ORANGE = "\033[33m"
ENDC = "\033[0m"
progress_lock = threading.Lock()
progress_counter = 0
total_hosts = 0
def display_banner():
banner = rf"""
{BLUE}
_________ _________ ___ ___ .__
_______ ____ ___________ ____ / // // | || ____ ____
_ __ _/ __ \ / _ __ _/ __ \ _ \ _ / ~ \ |/ _ \ /
| | /\ // // > | /\ / / / \ Y / ( <> ) |
|| _ > /|| _ >_______ /_______ /_|_ /||_/|| /
/_____/ / / / / /
CVE-2024-6387 Vulnerability Checker
v{VERSION} / Alex Hagenah / @xaitax / ah@primepage.de
{ENDC}
"""
print(banner)
def get_ssh_sock(ip, port, timeout):
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(timeout)
try:
sock.connect((ip, port))
return sock
except:
sock.close()
return None
def get_ssh_banner(sock):
try:
banner = sock.recv(1024).decode(errors='ignore').strip()
sock.close()
return banner
except Exception as e:
return str(e)
def check_vulnerability(ip, ports, timeout, result_queue):
global progress_counter
for port in ports:
sshsock = get_ssh_sock(ip, port, timeout)
if not sshsock:
result_queue.put((ip, port, 'closed', "Port closed"))
with progress_lock:
progress_counter += 1
continue
banner = get_ssh_banner(sshsock)
if "SSH-2.0" not in banner:
result_queue.put(
(ip, port, 'failed', f"Failed to retrieve SSH banner: {banner}"))
with progress_lock:
progress_counter += 1
continue
if "SSH-2.0-OpenSSH" not in banner:
result_queue.put((ip, port, 'unknown', f"(banner: {banner})"))
with progress_lock:
progress_counter += 1
continue
vulnerable_versions = [
'SSH-2.0-OpenSSH_1',
'SSH-2.0-OpenSSH_2',
'SSH-2.0-OpenSSH_3',
'SSH-2.0-OpenSSH_4.0',
'SSH-2.0-OpenSSH_4.1',
'SSH-2.0-OpenSSH_4.2',
'SSH-2.0-OpenSSH_4.3',
'SSH-2.0-OpenSSH_4.4',
'SSH-2.0-OpenSSH_8.5',
'SSH-2.0-OpenSSH_8.6',
'SSH-2.0-OpenSSH_8.7',
'SSH-2.0-OpenSSH_8.8',
'SSH-2.0-OpenSSH_8.9',
'SSH-2.0-OpenSSH_9.0',
'SSH-2.0-OpenSSH_9.1',
'SSH-2.0-OpenSSH_9.2',
'SSH-2.0-OpenSSH_9.3',
'SSH-2.0-OpenSSH_9.4',
'SSH-2.0-OpenSSH_9.5',
'SSH-2.0-OpenSSH_9.6',
'SSH-2.0-OpenSSH_9.7'
]
excluded_versions = [
'SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10',
'SSH-2.0-OpenSSH_9.3p1 Ubuntu-3ubuntu3.6',
'SSH-2.0-OpenSSH_9.6p1 Ubuntu-3ubuntu13.3',
'SSH-2.0-OpenSSH_9.3p1 Ubuntu-1ubuntu3.6',
'SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3',
'SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u3'
]
if any(version in banner for version in vulnerable_versions) and banner not in excluded_versions:
result_queue.put((ip, port, 'vulnerable', f"(running {banner})"))
else:
result_queue.put((ip, port, 'not_vulnerable', f"(running {banner})"))
with progress_lock:
progress_counter += 1
def process_ip_list(ip_list_file):
ips = []
try:
with open(ip_list_file, 'r') as file:
ips.extend(file.readlines())
except IOError:
print(f"❌ [-] Could not read file: {ip_list_file}")
return [ip.strip() for ip in ips]
def main():
global total_hosts
display_banner()
parser = argparse.ArgumentParser(
description="Check if servers are running a vulnerable version of OpenSSH (CVE-2024-6387).")
parser.add_argument(
"targets", nargs='*', help="IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges.")
parser.add_argument("--ports", type=str, default="22",
help="Comma-separated list of ports to check (default: 22).")
parser.add_argument("-t", "--timeout", type=float, default=1.0,
help="Connection timeout in seconds (default: 1 second).")
parser.add_argument(
"-l", "--list", help="File containing a list of IP addresses to check.")
args = parser.parse_args()
targets = args.targets
timeout = args.timeout
ports = [int(port.strip()) for port in args.ports.split(',')]
ips = []
if args.list:
ips.extend(process_ip_list(args.list))
for target in targets:
try:
with open(target, 'r') as file:
ips.extend(file.readlines())
except IOError:
if '/' in target:
try:
network = ipaddress.ip_network(target, strict=False)
ips.extend([str(ip) for ip in network.hosts()])
except ValueError:
print(f"❌ [-] Invalid CIDR notation: {target}")
else:
ips.append(target)
result_queue = Queue()
total_hosts = len(ips)
max_workers = 100
with ThreadPoolExecutor(max_workers=max_workers) as executor:
futures = [executor.submit(check_vulnerability, ip.strip(
), ports, timeout, result_queue) for ip in ips]
while any(future.running() for future in futures):
with progress_lock:
print(f"\rProgress: {progress_counter}/{total_hosts} hosts scanned", end="")
time.sleep(1)
for future in futures:
future.result()
print(f"\rProgress: {progress_counter}/{total_hosts} hosts scanned")
total_scanned = len(ips)
closed_ports = 0
unknown = []
not_vulnerable = []
vulnerable = []
while not result_queue.empty():
ip, port, status, message = result_queue.get()
if status == 'closed':
closed_ports += 1
elif status == 'unknown':
unknown.append((ip, message))
elif status == 'vulnerable':
vulnerable.append((ip, message))
elif status == 'not_vulnerable':
not_vulnerable.append((ip, message))
else:
print(f"⚠️ [!] Server at {ip}:{port} is {message}")
print(f"\n🛡️ Servers not vulnerable: {len(not_vulnerable)}\n")
for ip, msg in not_vulnerable:
print(f" [+] Server at {GREEN}{ip}{ENDC} {msg}")
print(f"\n🚨 Servers likely vulnerable: {len(vulnerable)}\n")
for ip, msg in vulnerable:
print(f" [+] Server at {RED}{ip}{ENDC} {msg}")
print(f"\n⚠️ Servers with unknown SSH version: {len(unknown)}\n")
for ip, msg in unknown:
print(f" [+] Server at {ORANGE}{ip}{ENDC} {msg}")
print(f"\n🔒 Servers with port(s) {args.ports} closed: {closed_ports}")
print(f"\n📊 Total scanned targets: {total_scanned}\n")
if name == "main":
main()
sorry for interrupt because i dont understand to request add feature. i was adding for multiple port using --ports
thanks
You can define multiple ports now by using a -p or --ports when they are comma-separated.