GitHub - AndreLMe/ssh_enum: Enumeration of usernames on ssh servers

AndreLMe / ssh_enum Public

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Enumeration of usernames on ssh servers

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
.gitignore		.gitignore
LICENSE		LICENSE
README		README
ssh_enum.py		ssh_enum.py
test.txt		test.txt

Repository files navigation

Script based on the CVE 2018-15473
How this script works ? 

A: First it estabilishes an encrypted connection with the OpenSSH Server then sends a malformed packeage(SSH2_MSG_USERAUTH_REQUEST), the script analyze the anwser, discovering if the username exists or not by the messeage receved by the server, if there's no anwser, then the user exists. Otherwise, it will send a messeage of invalid user.

Why this happens?
A: You can read about it on this article: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/
where you'll find a detailed explanation about the case.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

License

AndreLMe/ssh_enum

Folders and files

Latest commit

History

Repository files navigation

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages