## https://sploitus.com/exploit?id=F23F55AE-42B0-5D7F-B97F-80468748D9D7
# CVE-2025-32433_Erlang-OTP
This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers
This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers (such as those used in embedded systems, IoT devices, and some backend services). The vulnerability being tested for is similar to CVE-2025-32433, which allows unauthenticated remote command execution during the SSH handshake phase.
# How It Works
## Target Enumeration:
- Accepts either a single IP:port or bulk IPs and ports from ips.txt and ports.txt.
- Matches IPs and ports line-by-line to scan environments systematically.
## SSH Protocol Emulation:
- Initiates a raw TCP connection and mimics a legitimate SSH client.
- Sends a valid SSH banner and KEXINIT packet to initiate key exchange.
## Brute-Force Channel Types:
- Tries multiple SSH CHANNEL_OPEN types (e.g., session, direct-tcpip, etc.).
- Some vulnerable servers respond differently based on accepted channel types.
## Command Injection:
- If a channel is successfully opened pre-auth, it sends a payload (e.g., whoami or a reverse shell).
- Designed to detect execution capability without crashing or alerting services unnecessarily.
## Resilience and Reporting:
- Automatically reconnects if the server disconnects.
- Supports multithreading for faster scans across large inventories.
- Includes timestamps, logs all results to results.txt, and provides a live progress bar.