This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers# CVE-2025-32433_Erlang-OTP
This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers
This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers (such as those used in embedded systems, IoT devices, and some backend services). The vulnerability being tested for is similar to CVE-2025-32433, which allows unauthenticated remote command execution during the SSH handshake phase.
# How It Works
## Target Enumeration:
- Accepts either a single IP:port or bulk IPs and ports from ips.txt and ports.txt.
- Matches IPs and ports line-by-line to scan environments systematically.
## SSH Protocol Emulation:
- Initiates a raw TCP connection and mimics a legitimate SSH client.
- Sends a valid SSH banner and KEXINIT packet to initiate key exchange.
## Brute-Force Channel Types:
- Tries multiple SSH CHANNEL_OPEN types (e.g., session, direct-tcpip, etc.).
- Some vulnerable servers respond differently based on accepted channel types.
## Command Injection:
- If a channel is successfully opened pre-auth, it sends a payload (e.g., whoami or a reverse shell).
- Designed to detect execution capability without crashing or alerting services unnecessarily.
## Resilience and Reporting:
- Automatically reconnects if the server disconnects.
- Supports multithreading for faster scans across large inventories.
- Includes timestamps, logs all results to results.txt, and provides a live progress bar.
[4.0K] /data/pocs/9837cedb8c9bcab0688556454251fc2fcfea0fd1
├── [ 13K] erLang.py
├── [ 34] ips.txt
├── [1.0K] LICENSE
├── [ 27] ports.txt
└── [1.5K] README.md
0 directories, 5 files