## https://sploitus.com/exploit?id=DC798E98-BA77-5F86-9C16-0CF8CD540EBB
# OpenSSH Vulnerability Checker Nmap Script
## Description
The `openssh-vuln-checker.nse` script checks if a server is running a vulnerable version of OpenSSH(CVE-2024-6387). It connects to the SSH port, retrieves the SSH banner, and compares it against a list of known vulnerable versions.
## Vulnerable Versions
The script checks for the following vulnerable versions of OpenSSH:
- SSH-2.0-OpenSSH_8.5p1
- SSH-2.0-OpenSSH_8.6p1
- SSH-2.0-OpenSSH_8.7p1
- SSH-2.0-OpenSSH_8.8p1
- SSH-2.0-OpenSSH_8.9p1
- SSH-2.0-OpenSSH_9.0p1
- SSH-2.0-OpenSSH_9.1p1
- SSH-2.0-OpenSSH_9.2p1
- SSH-2.0-OpenSSH_9.3p1
- SSH-2.0-OpenSSH_9.4p1
- SSH-2.0-OpenSSH_9.5p1
- SSH-2.0-OpenSSH_9.6p1
- SSH-2.0-OpenSSH_9.7p1
## Reference
- https://ubuntu.com/security/CVE-2024-6387
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-6387
## Usage
- nmap --script openssh-vuln-checker -p 22 <target>
## Output
- PORT STATE SERVICE
- 22/tcp open ssh
- | openssh-vuln-checker:
- | Server at <IP> is running SSH-2.0-OpenSSH_<version> (vulnerable)
- |_ Server at <IP> is not vulnerable (running SSH-2.0-OpenSSH_<version>)