-
Notifications
You must be signed in to change notification settings - Fork 41
/
Copy pathCVE-2023-48795-Checker.py
79 lines (62 loc) · 3.12 KB
/
CVE-2023-48795-Checker.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
#! /usr/bin/env python3
# -*- coding: utf-8 -*-
r'''
Copyright 2024 Photubias(c)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
File name CVE-2023-48795-Checker.py
written by Tijl Deneut
This script reads the supported protocols from a server.
It verifies if ChaCha20Poly1305 ánd CBC-EtM is enabled and if StrictKex is disabled. This is a vulnerable system.
Writeup: https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/
(Better) GO Implementation: https://github.com/RUB-NDS/Terrapin-Scanner
## INFO:
# CVE-2023-48795 SSH Handshake downgrade attack "Terrapin"
'''
import socket, logging, os, sys
try: import paramiko
except: exit('[-] Error: Paramiko required: python3 -m pip install paramiko')
sIP = sys.argv[1]
iPort = 22
iTimeout=10
sTempFilename = sIP+'-'+str(iPort)+'.log'
sChaChaEncKeyword = '[email protected]'
sEtmMACKeyword = '[email protected]'
sCBCEncKeyword = '-cbc'
sStrictKEXKeyword = '[email protected]'
logging.basicConfig(filename=sTempFilename, level=logging.DEBUG)
#paramiko.util.log_to_file(sIP+".log", level = "DEBUG")
#> Add this to print the debug info the console
oSock = socket.create_connection((sIP, iPort), timeout=iTimeout)
oTrans = paramiko.transport.Transport(oSock)
oTrans.start_client()
oTrans.close()
logging.getLogger().handlers[0].close()
logging.getLogger().removeHandler(logging.getLogger().handlers[0])
boolChaCha = False
boolCBC = False
boolETM = False
boolStrictKex = False
for sLine in open(sTempFilename,'r').readlines():
if sLine.startswith('DEBUG:paramiko.transport:server encrypt'):
if sChaChaEncKeyword in sLine: boolChaCha = True
if sCBCEncKeyword in sLine: boolCBC = True
elif sLine.startswith('DEBUG:paramiko.transport:client mac'):
if sEtmMACKeyword in sLine: boolETM = True
elif sLine.startswith('DEBUG:paramiko.transport:kex'):
if sStrictKEXKeyword in sLine: boolStrictKex = True
boolCBCAndETM = True if boolCBC and boolETM else False
os.remove(sTempFilename)
print('System {} ChaCha20 Support: {}'.format(sIP+':'+str(iPort),str(boolChaCha)))
print('System {} CbcAndETM Support: {}'.format(sIP+':'+str(iPort),str(boolCBCAndETM)))
print('System {} StrictKex Support: {}'.format(sIP+':'+str(iPort),str(boolStrictKex)))
if (boolChaCha or boolCBCAndETM) and not boolStrictKex:
print('--> System {} is vulnerable to Terrapin <--'.format(sIP+':'+str(iPort)))