## https://sploitus.com/exploit?id=CF80DDA9-42E7-5E06-8DA8-84C72658E191
# OpenSSH CVE-2024-6387 Vulnerability Checker
## Overview
This C program scans specified IP addresses or network ranges to check if the servers are running a potentially vulnerable version of OpenSSH. It checks if the SSH port (default is 22) is open, retrieves the SSH banner, and determines if the server is running a version known to have vulnerabilities.
## Compilation
To compile the program, use the following command:
```bash
gcc check_vuln.c -o check_vuln -lpthread
```
## Usage
### Basic Usage
To scan multiple IP addresses, pass them as arguments:
```bash
./check_vuln 192.168.1.1 192.168.1.2 10.0.0.1
```
### Specifying a Custom Port
If you want to specify a different port, use the `--port` option:
```bash
./check_vuln 192.168.1.1 192.168.1.2 10.0.0.1 --port 2222
```
### Using a File with IP Addresses
If you have a file with a list of IP addresses (one per line), you can pass the filename as an argument:
```bash
./check_vuln ip_list.txt
```
### Using CIDR Notation
You can also specify CIDR notation to scan an entire subnet:
```bash
./check_vuln 192.168.1.0/24
```
## Example Commands
1. **Scan multiple IP addresses on the default port (22)**:
```bash
./check_vuln 192.168.1.1 192.168.1.2 10.0.0.1
```
2. **Scan multiple IP addresses on a custom port (e.g., 2222)**:
```bash
./check_vuln 192.168.1.1 192.168.1.2 10.0.0.1 --port 2222
```
3. **Scan IP addresses from a file**:
```bash
./check_vuln ip_list.txt
```
4. **Scan an entire subnet using CIDR notation**:
```bash
./check_vuln 192.168.1.0/24
```
## Output Interpretation
The program will print the results of the scan, including the number of servers that are not vulnerable, likely vulnerable, and those with port 22 closed. For example:
```plaintext
๐ก๏ธ Servers not vulnerable: 1
[+] Server at 192.168.1.1
๐จ Servers likely vulnerable: 1
[+] Server at 192.168.1.2
๐ Servers with port 22 closed: 1
๐ Total scanned targets: 3
```
## License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Disclaimer
This tool is intended for educational and ethical testing purposes only. Unauthorized use of this tool to scan systems without permission is illegal and unethical.