## https://sploitus.com/exploit?id=999F3EF8-6D45-5F10-A4C8-6185D82D4552
# terrapin_check.py
A lightweight Python scanner for **CVE-2023-48795** โ the SSH Terrapin Prefix Truncation vulnerability.
> **Terrapin** is a protocol-level vulnerability in SSH that allows an attacker performing an active MitM to truncate the negotiated extension information, downgrading connection security โ most critically disabling `ext-info` (used for server signature algorithms) and `ping` (used by OpenSSH's `no-auth` extension).
---
## ๐ Table of Contents
- [About the Vulnerability](#about-the-vulnerability)
- [How It Works](#how-it-works)
- [Requirements](#requirements)
- [Installation](#installation)
- [Usage](#usage)
- [Output](#output)
- [Vulnerable Conditions](#vulnerable-conditions)
- [Remediation](#remediation)
- [Disclaimer](#disclaimer)
---
## About the Vulnerability
| Field | Detail |
|---|---|
| **CVE** | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) |
| **CVSS** | 5.9 (Medium) |
| **Type** | SSH Protocol โ Prefix Truncation / Integrity Bypass |
| **Disclosure** | December 2023 |
| **Affected** | OpenSSH [port]
```
```bash
python3 terrapin_check.py 192.168.1.10
python3 terrapin_check.py 192.168.1.10 2222
```
### Bulk scan from file
One target per line โ accepts `host` or `host:port` format.
```bash
python3 terrapin_check.py -f targets.txt
python3 terrapin_check.py -f targets.txt --threads 20 --timeout 3
```
### Summary-only output (useful for large scans)
```bash
python3 terrapin_check.py -f targets.txt --summary
```
### Full options
```
usage: terrapin_check.py [-h] [-f FILE] [-p PORT] [--threads THREADS] [--timeout TIMEOUT] [--summary] [host] [port]
positional arguments:
host Target host
port SSH port (default: 22)
options:
-h, --help Show this help message and exit
-f, --file FILE File containing hosts (host or host:port per line)
-p, --port-flag PORT Default port when using -f (default: 22)
--threads THREADS Concurrent threads for bulk scan (default: 10)
--timeout TIMEOUT Socket timeout in seconds (default: 5.0)
--summary Print one-line summary per host only
```
### Exit codes
| Code | Meaning |
|---|---|
| `0` | No vulnerable hosts found |
| `1` | One or more vulnerable hosts detected |
This allows the script to be used cleanly in pipelines and automated workflows.
---
## Output
### Single host (detailed)
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Target : 192.168.1.10:22
Banner : SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6
Status : VULNERABLE
Strict-KEX : No
โ ChaCha20-Poly1305 advertised โ prefix-truncation possible
โ CBC+ETM combination advertised
CBC ciphers : aes128-cbc, aes256-cbc
ETM MACs : hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com
KEX algorithms:
curve25519-sha256
ecdh-sha2-nistp256
diffie-hellman-group14-sha256
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
```
### Bulk scan (summary)
```
[VULN] 192.168.1.10:22 VULNERABLE (CVE-2023-48795)
[SAFE] 192.168.1.20:22 Not vulnerable
[MIT] 192.168.1.30:22 Algorithms present but strict-KEX mitigates
[?] 192.168.1.99:22 ERROR: Connection refused
```
---
## Vulnerable Conditions
The script flags a host as **VULNERABLE** if **either** of the following is true, and the strict-KEX extension is **not** advertised:
### 1. ChaCha20-Poly1305
The server advertises `chacha20-poly1305@openssh.com` in either encryption direction.
### 2. CBC cipher + ETM MAC combination
The server advertises any CBC-mode cipher **and** any ETM MAC together:
**CBC ciphers checked:**
`aes128-cbc`, `aes192-cbc`, `aes256-cbc`, `3des-cbc`, `blowfish-cbc`, `cast128-cbc`, `idea-cbc`, `arcfour`, `arcfour128`, `arcfour256`, `rijndael-cbc@lysator.liu.se`
**ETM MACs checked:**
`hmac-sha2-256-etm@openssh.com`, `hmac-sha2-512-etm@openssh.com`, `hmac-sha1-etm@openssh.com`, `hmac-md5-etm@openssh.com`, and variants
### Mitigation โ Strict KEX
If the server advertises `kex-strict-s-v00@openssh.com` in its KEX algorithm list, the connection is protected regardless of which ciphers and MACs are offered. The script will report `MITIGATED` rather than `VULNERABLE` in this case.
---
## Remediation
| Action | Detail |
|---|---|
| **Upgrade OpenSSH** | Upgrade to **โฅ 9.6** on both client and server. Strict KEX is enabled by default. |
| **Patch other implementations** | PuTTY โฅ 0.80, libssh โฅ 0.10.6, Paramiko โฅ 3.4.0, AsyncSSH โฅ 2.14.2 |
| **Remove vulnerable algorithms** | If upgrading is not immediately possible, remove `chacha20-poly1305` and CBC ciphers + ETM MACs from `sshd_config`: |
```
# /etc/ssh/sshd_config
Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-256,hmac-sha2-512
```
> Algorithm removal reduces cipher agility. Upgrading is always the preferred remediation.
---
## Disclaimer
This tool is intended for **authorised security assessments only**. Only use it against systems you own or have explicit written permission to test. The author accepts no liability for misuse.
---
*Part of the [Mr-Whiskerss](https://github.com/Mr-Whiskerss) pentesting toolkit.*