CVE-2024-6387_poc.py

import socket
import re
from datetime import datetime

c_time = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
def write_f(msg):
    with open("session.log", 'a', encoding='utf-8') as f:
        f.write(f"{c_time}\t-\t{msg}\n")
def get_ssh_version(ip, port):
    try:
        sock = socket.create_connection((ip, port), timeout=1)
        sock.sendall(b'\x00')
        resp = sock.recv(1024).decode().strip()
        sock.close()

        match = re.search(r'SSH-\d\.\d+\-OpenSSH_(\d+\.\d+)', resp)
        if match:
            version = match.group(1)
            whole_n, floating_n = map(int, version.split('.'))
            if (whole_n == 8 and 5 <= floating_n < 9) or whole_n < 4 or (whole_n == 4 and floating_n < 4):
                msg = f"{ip}:{port} - System not secure (version: {version})"
                print(f"\033[91m{msg}\033[0m")
                write_f(msg)
            else:
                msg = f"{ip}:{port} - System secure (version: {version})"
                print(f"\033[92m{msg}\033[0m")
                write_f(msg)
        else:
            msg = f"{ip}:{port} - Version could not be determined"
            print(f"\033[93m{msg}\033[0m")
            write_f(msg)

    except Exception as e:
        msg = f"{ip}:{port} - Error: {e}"
        print(f"\033[91m{msg}\033[0m")
        write_f(msg)


def main():
    try: 
        with open('ip-addr.list', 'r') as file:
            for line in file:
                line = line.strip()
                if line:
                    if ':' in line:
                        ip, port = line.split(':')
                        port = int(port)
                    else:
                        ip = line
                        port = 22
                    get_ssh_version(ip, port)
    except:
        print(f"Error:\nFile ip-addr.list could not be found, here is an example of the content of ip-addr.list:\n1.1.1.1\n2.2.2.2:4422")


if __name__ == "__main__":
    main()