Skip to content

Commit

Permalink
docs: Add instructions for docker-based client scans (#32)
Browse files Browse the repository at this point in the history
  • Loading branch information
@TrueSkrillor
TrueSkrillor committed Mar 12, 2024
1 parent 58e56f3 commit e50b408
Showing 1 changed file with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,25 @@

The Terrapin Vulnerability Scanner is a small utility program written in Go, which can be used to determine the vulnerability of an SSH client or server against the [Terrapin Attack](https://terrapin-attack.com). The vulnerability scanner requires a single connection with the peer to gather all supported algorithms. However, it does not perform a fully fledged SSH key exchange, will never attempt authentication on a server, and does not perform the attack in practice. Instead, vulnerability is determined by checking the supported algorithms and support for known countermeasures (strict key exchange). This may falsely claim vulnerability in case the peer supports countermeasures unknown to this tool.

## Building
## Running

For convenience, we are providing pre-compiled binaries for all major desktop platforms. These can be found on the [Release page](https://github.com/RUB-NDS/Terrapin-Scanner/releases/latest). We have also provided a Docker image that supports most of the major architectures. This image can be run as:

```bash
docker run --rm -it ghcr.io/rub-nds/terrapin-scanner <args>
```

However, we understand that you might prefer building tools, that connect to your SSH server, yourself. To do this, ensure that you have at least Go v1.18 installed. To compile and install the Terrapin Vulnerability Scanner Go package, run the command below.
> [!IMPORTANT]
> Note that when running the Terrapin Vulnerability Scanner inside a Docker container, the tool will bind to the container's localhost when specifying `--listen` with port only. To avoid connectivity issues, add `0.0.0.0` as its bind address and map the container's port to the host via Docker's `-p` argument.
>
> The following command will make the Terrapin Vulnerability Scanner available at port 2222 on the host system's localhost:
> ```bash
> docker run --rm -it -p localhost:2222:2222 ghcr.io/rub-nds/terrapin-scanner --listen 0.0.0.0:2222
> ```
## Building

However, we understand that you might prefer building tools that connect to your SSH server yourself. To do this, ensure that you have at least Go v1.18 installed. To compile and install the Terrapin Vulnerability Scanner Go package, run the command below.

```bash
go install github.com/RUB-NDS/Terrapin-Scanner@latest
Expand Down

0 comments on commit e50b408

Please sign in to comment.