This repository provides a Proof of Concept (PoC) for testing the CVE-2023-25136 vulnerability in OpenSSH versions 9.0 and 9.1. The vulnerability allows for potential security risks and this tool helps identify if a server is running a vulnerable version of OpenSSH.
The tool checks the version of OpenSSH running on the server and alerts if it is affected by this vulnerability.
- Checks for OpenSSH versions 9.0 and 9.1 which may be vulnerable to CVE-2023-25136.
- Easy-to-use command-line interface to test one or multiple SSH servers.
- Option to check using a proxy server.
- Provides a detailed report with vulnerability warnings for the affected versions.
- Supports checking a list of servers from a file.
The tool attempts to establish an SSH connection to the target server and retrieves the OpenSSH version using the ssh -V command. It then compares the version to known vulnerable versions (9.0 and 9.1) and alerts the user if the server is affected by CVE-2023-25136.
The tool checks for OpenSSH versions on the following targets:
- Single target: Check one server by IP address.
- Multiple targets: Provide a list of servers from a text file to check multiple targets.
- Python 3.x installed on your system.
- Paramiko library to establish SSH connections.
Clone this repository:
git clone https://github.com/mrmtwoj/CVE-2023-25136.git
cd CVE-2023-25136To use the tool, provide the target IP address you want to test using the -target flag: python3 cve-2023-25136.py -target 192.168.1.100
python3 cve-2023-25136.py -target <target-ip>