Scanners List - Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796)
Microsoft Windows SMBv3 Remote Code Execution Vulnerability (CVE-2020-0796) ScannersList
A critical remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 protocol handles certain requests. An unauthenticated attacker could exploit the vulnerability to execute arbitrary code on SMB server by sending a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.
Below is the list of scanners available till now
-
ollypwn/SMBGhost-Scanner for CVE-2020-0796-SMBv3 RCE - https://github.com/ollypwn/SMBGhost
-
cve-2020-0796/cve-2020-0796 CVE-2020-0796-a wormable SMBv3 vulnerability. https://github.com/cve-2020-0796/cve-2020-0796
-
ClarotyICS/CVE2020-0796 CVE2020-0796 SMBv3 RCE - Multiple scripts and detection tools to check if a Windows machine has SMBv3 protocol enabled with the compression feature. A. NSE script B. Python script C. Snort rules alerting on compressed SMB traffic, and compression-enabled hosts - https://github.com/ClarotyICS/CVE2020-0796
-
joaozietolie/CVE-2020-0796-Checker Script that checks if the system is vulnerable to CVE-2020-0796 (SMB v3.1.1) - https://github.com/joaozietolie/CVE-2020-0796-Checker
-
Aekras1a/CVE-2020-0796-PoC Weaponized PoC for SMBv3 CP codec/compression vulnerability - https://github.com/Aekras1a/CVE-2020-0796-PoC
-
technion/DisableSMBCompression CVE-2020-0796 Flaw Mitigation - Active Directory Administrative - https://github.com/technion/DisableSMBCompression
-
dickens88/cve-2020-0796-scanner This project is used for scanning cve-2020-0796 SMB vulnerability - https://github.com/dickens88/cve-2020-0796-scanner
-
pr4jwal/CVE-2020-0796 - NSE script to potentially detect vulnerable CVE-2020-0796 issue, with Microsoft SMBv3 Compression (aka coronablue, SMBGhost) - https://github.com/pr4jwal/CVE-2020-0796
-
ButrintKomoni/cve-2020-0796 - Python scanner for Identifying and Mitigating the CVE-2020–0796 flaw in the fly - https://github.com/ButrintKomoni/cve-2020-0796
-
kn6869610/CVE-2020-0796 - Another Simple scanner for CVE-2020-0796 - SMBv3 RCE -https://github.com/kn6869610/CVE-2020-0796
-
xax007/CVE-2020-0796-Scanner - CVE-2020-0796 SMBv3.1.1 Compression Capability Vulnerability Scanner - https://github.com/xax007/CVE-2020-0796-Scanner
-
Detecting CVE-2020-0796 with Qualys VM - https://blog.qualys.com/laws-of-vulnerabilities/2020/03/11/microsoft-windows-smbv3-remote-code-execution-vulnerability-cve-2020-0796 Qualys has issued QID 91614 for Qualys Vulnerability Management that covers CVE-2020-0796 across all impacted operating systems. This QID will be included in signature version VULNSIGS-2.4.837-4, and requires authenticated scanning or the Qualys Cloud Agent.QID 91614 : Microsoft Guidance for Disabling SMBv3 Compression Not Applied (ADV200005)
This QID checks if SMBv3 is enabled on the host and if the following workaround is not applied –
“HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameter”; DisableCompression -Type DWORD -Value 1
You can search for this within the VM Dashboard by using the following QQL query: