-
Notifications
You must be signed in to change notification settings - Fork 1
/
detection-script.py
38 lines (30 loc) · 1.47 KB
/
detection-script.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import socket
import re
def check_openssh_version(hostname, port=22):
try:
# Establish a socket connection to the SSH server
with socket.create_connection((hostname, port), timeout=5) as sock:
# Send an SSH protocol version string
sock.sendall(b"SSH-2.0-OpenSSH_7.9\r\n")
# Read the response from the server
response = sock.recv(128).decode().strip()
print(f"Received response: {response}")
# Regex to match vulnerable OpenSSH versions
vulnerable_regex = re.compile(r"SSH-2.0-OpenSSH_([0-3]\.[0-9]+p?[0-1]?|4\.[0-3]|8\.[5-9]|9\.[0-7])")
# Check if the response matches the vulnerable versions
if vulnerable_regex.search(response) and "OpenSSH" in response:
print(f"[VULNERABLE] {hostname}:{port} is running a vulnerable version of OpenSSH.")
else:
print(f"[SAFE] {hostname}:{port} is not running a vulnerable version of OpenSSH.")
except Exception as e:
print(f"Error connecting to {hostname}:{port} - {e}")
if __name__ == "__main__":
# User input for target hostname and port
target_hostname = input("Enter the target hostname: ")
target_port = input("Enter the target port (default 22): ")
# Use default port if no port is provided
if not target_port:
target_port = 22
else:
target_port = int(target_port)
check_openssh_version(target_hostname, target_port)