Share
## https://sploitus.com/exploit?id=418FD78F-82D2-5748-9EE9-CAFC34111864
# CVE-2024-6387

This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH.This script is a faster and simpler version of an OpenSSH vulnerability scanner. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently.

# Key Features and Functionality:

**Input Handling:**
The script accepts IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges as input.
IP addresses can be provided directly or read from a file.

**Port and Timeout Configuration:**
Users can specify the port to check (default is port 22, commonly used for SSH).
A connection timeout value can also be set, with a default of 1 second.

**Multi-threading:**
The script uses a thread pool to process IP addresses concurrently, improving scanning speed.
The number of worker threads can be configured (default is 10).

**Port Status Check:**
The script first checks if the specified port is open on each IP address.

**SSH Banner Retrieval:**
If the port is open, the script attempts to retrieve the SSH banner from the server.
The banner is analyzed to determine if the SSH service is a potentially vulnerable version of OpenSSH.

**Vulnerability Assessment:**
A predefined set of vulnerable OpenSSH versions is checked against the retrieved banner.
Results are categorized into vulnerable, not vulnerable, and closed port statuses.

**Results Output:**
The script outputs the number of servers that are not vulnerable, likely vulnerable, and those with the port closed.

# Usage 
  ## Basic Usage
      python r4tw1z.py <targets> [options]
  "**Targets**": IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges to scan.

 ## Options
    --port PORT (default: 22): Specify the port number to check.
    -t, --timeout TIMEOUT (default: 1.0): Set the connection timeout in seconds.
    -w, --workers NUM (default: 10): Define the number of worker threads for concurrent scanning.
    -o, --output FILE (optional): Output the results to a specified file.
    -c, --custom_banners BANNER1 BANNER2 ... (optional): List custom SSH banners to check for vulnerabilities.
    -v, --verbose: Enable verbose mode to display detailed information about each scanned server.
    -r, --retries NUM (default: 3): Set the number of retries for each connection attempt.

# Examples
  ## Scan a list of IP addresses:
    python r4tw1z.py 192.168.1.1 192.168.1.2

  ## Scan a CIDR range with verbose output:
    python r4tw1z.py 192.168.1.0/24 -v
  ## Scan a file containing IP addresses and save results to a file:
    python r4tw1z.py ips.txt -o results.txt
    
  ## Scan with custom SSH banners:
    python r4tw1z.py 192.168.1.1 -c "SSH-2.0-CustomBanner1" "SSH-2.0-CustomBanner2"
    
  ## Scan with retries and multiple worker threads:
    python r4tw1z.py 192.168.1.1 -r 5 -w 20

# Contributing
Feel free to fork this repository and submit pull requests. Contributions to improve the tool are always welcome!