正文

核弹级别漏洞-open ssh-CVE-2024-6387-poc

admin
admin V管理员 /0 评论 /395 阅读
0703
此篇文章发布距今已超过479天,您需要注意文章的内容或图片是否可用!

CVE-2024-6387_Check

📜描述

CVE-2024-6387_Check 是一款轻量级、高效的工具,旨在识别运行易受攻击的 OpenSSH 版本的服务器,专门针对最近发现的regreSSHion漏洞 (CVE-2024-6387)。此脚本有助于快速扫描多个 IP 地址、域名和 CIDR 网络范围,以检测潜在漏洞并确保您的基础设施安全。

🌟 功能

  • 快速扫描:快速扫描多个 IP 地址、域名和 CIDR 范围以查找 CVE-2024-6387 漏洞。

  • 横幅检索:高效检索无需身份验证的 SSH 横幅。

  • 多线程:使用线程进行并发检查,显著减少扫描时间。

  • 详细输出:提供清晰的、表情符号编码的输出,总结扫描结果。

  • 端口检查:识别关闭的端口并提供无响应主机的摘要。

    python:

    import socketimport argparseimport ipaddressimport threadingfrom queue import Queuedef is_port_open(ip, port):    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)    sock.settimeout(1)    try:        sock.connect((ip, port))        sock.close()        return True    except:        return Falsedef get_ssh_banner(ip, port):    try:        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)        sock.settimeout(2)        sock.connect((ip, port))        banner = sock.recv(1024).decode().strip()        sock.close()        return banner    except Exception as e:        return str(e)def check_vulnerability(ip, port, result_queue):    if not is_port_open(ip, port):        result_queue.put((ip, port, 'closed', "Port closed"))        return    banner = get_ssh_banner(ip, port)    if "SSH-2.0-OpenSSH" not in banner:        result_queue.put((ip, port, 'failed', f"Failed to retrieve SSH banner: {banner}"))        return    vulnerable_versions = [        'SSH-2.0-OpenSSH_8.5p1',        'SSH-2.0-OpenSSH_8.6p1',        'SSH-2.0-OpenSSH_8.7p1',        'SSH-2.0-OpenSSH_8.8p1',        'SSH-2.0-OpenSSH_8.9p1',        'SSH-2.0-OpenSSH_9.0p1',        'SSH-2.0-OpenSSH_9.1p1',        'SSH-2.0-OpenSSH_9.2p1',        'SSH-2.0-OpenSSH_9.3p1',        'SSH-2.0-OpenSSH_9.4p1',        'SSH-2.0-OpenSSH_9.5p1',        'SSH-2.0-OpenSSH_9.6p1',        'SSH-2.0-OpenSSH_9.7p1'    ]    if any(version in banner for version in vulnerable_versions):        result_queue.put((ip, port, 'vulnerable', f"(running {banner})"))    else:        result_queue.put((ip, port, 'not_vulnerable', f"(running {banner})"))def main():    parser = argparse.ArgumentParser(description="Check if servers are running a vulnerable version of OpenSSH.")    parser.add_argument("targets", nargs='+', help="IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges.")    parser.add_argument("--port", type=int, default=22, help="Port number to check (default: 22).")    args = parser.parse_args()    targets = args.targets    port = args.port    ips = []    for target in targets:        try:            with open(target, 'r') as file:                ips.extend(file.readlines())        except IOError:            if '/' in target:                try:                    network = ipaddress.ip_network(target, strict=False)                    ips.extend([str(ip) for ip in network.hosts()])                except ValueError:                    print(f"❌ [-] Invalid CIDR notation: {target}")            else:                ips.append(target)    result_queue = Queue()    threads = []    for ip in ips:        ip = ip.strip()        thread = threading.Thread(target=check_vulnerability, args=(ip, port, result_queue))        thread.start()        threads.append(thread)    for thread in threads:        thread.join()    total_scanned = len(ips)    closed_ports = 0    not_vulnerable = []    vulnerable = []    while not result_queue.empty():        ip, port, status, message = result_queue.get()        if status == 'closed':            closed_ports += 1        elif status == 'vulnerable':            vulnerable.append((ip, message))        elif status == 'not_vulnerable':            not_vulnerable.append((ip, message))        else:            print(f"⚠️ [!] Server at {ip}:{port} is {message}")    print(f"n🛡️ Servers not vulnerable: {len(not_vulnerable)}n")    for ip, msg in not_vulnerable:        print(f"   [+] Server at {ip} {msg}")    print(f"n🚨 Servers likely vulnerable: {len(vulnerable)}n")    for ip, msg in vulnerable:        print(f"   [+] Server at {ip} {msg}")    print(f"n🔒 Servers with port 22 closed: {closed_ports}")    print(f"n📊 Total scanned targets: {total_scanned}n")if __name__ == "__main__":    main()

C:下载地址

https://github.com/acrono/cve-2024-6387-poc

🚀 使用方法

python CVE-2024-6387_Check.py <targets> [--port PORT]

例子

单一 IP

python CVE-2024-6387_Check.py 192.168.1.1

多个 IP 和域

python CVE-2024-6387_Check.py 192.168.1.1 example.com 192.168.1.2

CIDR 范围

python CVE-2024-6387_Check.py 192.168.1.0/24

使用自定义端口

python CVE-2024-6387_Check.py 192.168.1.1 example.com --port 2222

输出

该脚本将提供扫描目标的摘要:

  • 🚨 易受攻击:运行易受攻击的 OpenSSH 版本的服务器。

  • 🛡️ 不易受攻击:运行不易受攻击的 OpenSSH 版本的服务器。

  • 🔒 关闭的端口:关闭端口 22(或指定端口)的服务器数量。

  • 📊 总扫描数:扫描的目标总数。

🛡️ Servers not vulnerable: 1

   [+] Server at 157.90.125.31 (running SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11)

🚨 Servers likely vulnerable: 2

   [+] Server at 4.231.170.121 (running SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.10)
   [+] Server at 4.231.170.122 (running SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2)

🔒 Servers with port 22 closed: 254

📊 Total scanned targets: 257
公众号技术文章仅供诸位网络安全工程师对自己所管辖的网站、服务器、网络进行检测或维护时参考用,公众号的检测工具仅供各大安全公司的安全测试员安全测试使用。未经允许请勿利用文章里的技术资料对任何外部计算机系统进行入侵攻击,公众号的各类工具均不得用于任何非授权形式的安全测试。公众号仅提供技术交流,不对任何成员利用技术文章或者检测工具造成任何理论上的或实际上的损失承担责任。
加微信进群获取更多资源:


推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
周飒博客-ZhouSa.com