## https://sploitus.com/exploit?id=418FD78F-82D2-5748-9EE9-CAFC34111864
# CVE-2024-6387
This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH.This script is a faster and simpler version of an OpenSSH vulnerability scanner. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently.
# Key Features and Functionality:
**Input Handling:**
The script accepts IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges as input.
IP addresses can be provided directly or read from a file.
**Port and Timeout Configuration:**
Users can specify the port to check (default is port 22, commonly used for SSH).
A connection timeout value can also be set, with a default of 1 second.
**Multi-threading:**
The script uses a thread pool to process IP addresses concurrently, improving scanning speed.
The number of worker threads can be configured (default is 10).
**Port Status Check:**
The script first checks if the specified port is open on each IP address.
**SSH Banner Retrieval:**
If the port is open, the script attempts to retrieve the SSH banner from the server.
The banner is analyzed to determine if the SSH service is a potentially vulnerable version of OpenSSH.
**Vulnerability Assessment:**
A predefined set of vulnerable OpenSSH versions is checked against the retrieved banner.
Results are categorized into vulnerable, not vulnerable, and closed port statuses.
**Results Output:**
The script outputs the number of servers that are not vulnerable, likely vulnerable, and those with the port closed.
# Usage
## Basic Usage
python r4tw1z.py <targets> [options]
"**Targets**": IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges to scan.
## Options
--port PORT (default: 22): Specify the port number to check.
-t, --timeout TIMEOUT (default: 1.0): Set the connection timeout in seconds.
-w, --workers NUM (default: 10): Define the number of worker threads for concurrent scanning.
-o, --output FILE (optional): Output the results to a specified file.
-c, --custom_banners BANNER1 BANNER2 ... (optional): List custom SSH banners to check for vulnerabilities.
-v, --verbose: Enable verbose mode to display detailed information about each scanned server.
-r, --retries NUM (default: 3): Set the number of retries for each connection attempt.
# Examples
## Scan a list of IP addresses:
python r4tw1z.py 192.168.1.1 192.168.1.2
## Scan a CIDR range with verbose output:
python r4tw1z.py 192.168.1.0/24 -v
## Scan a file containing IP addresses and save results to a file:
python r4tw1z.py ips.txt -o results.txt
## Scan with custom SSH banners:
python r4tw1z.py 192.168.1.1 -c "SSH-2.0-CustomBanner1" "SSH-2.0-CustomBanner2"
## Scan with retries and multiple worker threads:
python r4tw1z.py 192.168.1.1 -r 5 -w 20
# Contributing
Feel free to fork this repository and submit pull requests. Contributions to improve the tool are always welcome!