Share
## https://sploitus.com/exploit?id=7A5FBA5A-1345-5B5E-AB1D-B4A06CDE2717
# OpenSSH Vulnerability Testing Tool for CVE-2023-25136

This repository provides a **Proof of Concept (PoC)** for testing the **CVE-2023-25136** vulnerability in OpenSSH versions 9.0 and 9.1. The vulnerability allows for potential security risks and this tool helps identify if a server is running a vulnerable version of OpenSSH.

The tool checks the version of OpenSSH running on the server and alerts if it is affected by this vulnerability.

## Features
- Checks for OpenSSH versions **9.0** and **9.1** which may be vulnerable to **CVE-2023-25136**.
- Easy-to-use command-line interface to test one or multiple SSH servers.
- Option to check using a proxy server.
- Provides a detailed report with vulnerability warnings for the affected versions.
- Supports checking a list of servers from a file.

## How It Works
The tool attempts to establish an SSH connection to the target server and retrieves the OpenSSH version using the `ssh -V` command. It then compares the version to known vulnerable versions (9.0 and 9.1) and alerts the user if the server is affected by **CVE-2023-25136**.

### Testing Targets
The tool checks for OpenSSH versions on the following targets:
- **Single target**: Check one server by IP address.
- **Multiple targets**: Provide a list of servers from a text file to check multiple targets.

## Getting Started

### Prerequisites
- **Python 3.x** installed on your system.
- **Paramiko** library to establish SSH connections.

## Installation
Clone this repository:
``` bash
git clone https://github.com/mrmtwoj/CVE-2023-25136.git
cd CVE-2023-25136
```
## Usage
To use the tool, provide the target IP address you want to test using the -target flag:
python3 cve-2023-25136.py -target 192.168.1.100

``` bash
python3 cve-2023-25136.py -target <target-ip>
```