CVE-2018-10933 - libSSH Authentication Bypass Server Version Check

check_version_libssh_auth_bypass.py

#!/usr/bin/python3
# -*- coding: utf-8 -*-

# Author: Jhonathan Davi @jh00nbr
# insightl4b.com
# github.com/jh00nbr
# Twitter: @jh00nbr

# CVE-2018-10933 - libSSH Authentication Bypass Server Version Check
# Reference: https://github.com/blacknbunny/libSSH-Authentication-Bypass/blob/master/checkversionofserver.py

import socket
import argparse
import sys

parser = argparse.ArgumentParser(description="CVE-2018-10933 - libSSH Authentication Bypass Server Version Check")
parser.add_argument('--host', help='Host')
parser.add_argument('-p', '--port', help='libSSH port', default=2222)

args = parser.parse_args()

host = args.host
port = args.port

patched_version = ['0.8.4', '0.7.6']
colors = {'MAGENTA':'\033[35mMagenta','BLUE': '\033[34m', 'OK' : '\033[92m', 'ERRO' : '\033[91m', 'WARNING' : '\033[93m', 'UNDERLINE':'\033[4m','ENDC' : '\033[0m'}


def ch3ck_version(host,port):
        try:
                sock = socket.socket()
                sock.connect(("{0}".format(host), int(port)))
                data = sock.recv(1024).strip()
                sock.close()

                if 'libssh' in data:
                        v = [data.split('_')[1]][0] # Example: SSH-2.0-libssh_0.8.3

                        if v not in patched_version:
                                print("[ {host} ] --> \t [ {red} VULNERABLE {end}]".format(host=host,red=colors['ERRO'],end=colors['ENDC']))
                        else:
                                print("[ {host} ] --> \t [ {blue} OK {end} ]".format(host=host,blue=colors['BLUE'],end=colors['ENDC']))

        except socket.error as e:
                print("[-] Connect refused")
                sys.exit(1)
              
if __name__ == '__main__':
        ch3ck_version(host,port)