Skip to content

AndreLMe/ssh_enum

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README
README
 
 
ssh_enum.py
ssh_enum.py
 
 
test.txt
test.txt
 
 

Repository files navigation

Script based on the CVE 2018-15473
How this script works ? 

A: First it estabilishes an encrypted connection with the OpenSSH Server then sends a malformed packeage(SSH2_MSG_USERAUTH_REQUEST), the script analyze the anwser, discovering if the username exists or not by the messeage receved by the server, if there's no anwser, then the user exists. Otherwise, it will send a messeage of invalid user.

Why this happens?
A: You can read about it on this article: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/
where you'll find a detailed explanation about the case.

About

Enumeration of usernames on ssh servers

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages