This Python script checks for the CVE-2024-6387 vulnerability in OpenSSH servers. It supports multiple IP addresses, URLs, CIDR ranges, and ports. The script can also read addresses from a file.# CVE-2024-6387 Vulnerability Checker
### Overview
This Python script is designed to check SSH servers for the CVE-2024-6387 vulnerability, specifically targeting the recently discovered **regreSSHion**, which is associated with specific versions of OpenSSH. The tool supports multiple IP addresses, URLs, CIDR ranges, and ports, and can also read addresses from a file. The results are displayed in a categorized and color-coded manner for better readability.
### Features
- **Customizable**: Specify multiple IP addresses, URLs, CIDR ranges, and ports.
- **File Input Support**: Read addresses and ranges from a file.
- **Color-Coded Output**: Easily distinguish between vulnerable, safe, unknown, and error results.
- **Network Range Handling**: Automatically expands CIDR ranges into individual IP addresses.
### Output
* SAFE: Non-vulnerable servers.
* VULNERABLE: Servers running a vulnerable version of OpenSSH.
* UNKNOWN: Servers with an unknown SSH version.
* ERROR: Servers that could not be accessed or resolved.
---
### Usage
### Command Line
To run the script with multiple IPs, URLs, or CIDR ranges directly from the command line:
```
python3 CVE-2024-6387-Vulnerability-Checker.py <addresses> -p <ports> -t <timeout>
```
* addresses: IP addresses, URLs, or CIDR ranges to check (space-separated).
* -p, --ports: Comma-separated list of port numbers for SSH (default: 22).
* -t, --timeout: Connection timeout in seconds (default: 5.0).
<img width="732" alt="image" src="https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker/assets/31785433/ed30e62a-3fff-4c40-8751-9a1bdd18adc1">
### From a File
To run the script with addresses specified in a file:
```
python3 CVE-2024-6387-Vulnerability-Checker.py -f <filename> -p <ports> -t <timeout>
```
* filename: File containing a list of IP addresses or CIDR ranges.
<img width="870" alt="image" src="https://github.com/filipi86/CVE-2024-6387-Vulnerability-Checker/assets/31785433/14eb7210-eb02-4d7e-bf36-f05fa3b08759">
### Example Usage
To check multiple IPs, URLs, or CIDR ranges directly from the command line:
```
python3 CVE-2024-6387-Vulnerability-Checker.py 192.168.1.1 192.168.1.2 192.168.1.0/24 example.com -p 22,2222 -t 5.0
```
* To check addresses from a file:
```
python3 CVE-2024-6387-Vulnerability-Checker.py -f addresses.txt -p 22,2222 -t 5.0
```
Example addresses.txt file:
```
192.168.1.1
example.com
192.168.1.0/24
```
---
## Contributing
### Contributions are welcome! Please follow these steps to contribute:
**1. Fork the Repository:** Click the **"Fork"** button at the top right of this page.
**2. Clone Your Fork:** Clone your forked repository to your local machine:
```
git clone https://github.com/YOUR_USERNAME/CVE-2024-6387-Vulnerability-Checker.git
cd CVE-2024-6387-Vulnerability-Checker
```
**3. Create a Branch:** Create a new branch for your feature or bugfix.
```
git checkout -b my-feature-branch
```
**4. Make Changes:** Make your changes to the code.
**5. Commit Your Changes:** Commit your changes with a descriptive commit message.
```
git add .
git commit -m "Description of the changes"
```
**6. Push Your Branch:** Push your branch to your forked repository.
```
git push origin my-feature-branch
```
**7. Create a Pull Request:** Go to the original repository on GitHub, and click **"New Pull Request"**.
Select your branch from the compare dropdown, and submit your pull request.
---
### Launch
[July 09th-2024]
- First Version - Launch
---
### References
[Qualys's Blog - regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server](https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server)
Log in to view the POC file snapshot cached by Shenlong Bot
Log in to view