Kenneth: /* Scanner */

2024-01-05T06:12:52Z

Scanner

← Older revision		Revision as of 06:12, 5 January 2024
Line 1:		Line 1:
	== Scanner ==		== Scanner ==

			<blockquote>If you want to check an SSH client or server for its susceptibility to Terrapin, the Ruhr University Bochum team provides a vulnerability scanner.<ref>Nearly 11 million SSH servers vulnerable to new Terrapin attacks - https://www.bleepingcomputer.com/news/security/nearly-11-million-ssh-servers-vulnerable-to-new-terrapin-attacks/</ref></blockquote>

	RUB-NDS/Terrapin-Scanner: This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".		RUB-NDS/Terrapin-Scanner: This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

Kenneth at 06:11, 5 January 2024

2024-01-05T06:11:45Z

← Older revision		Revision as of 06:11, 5 January 2024
Line 74:		Line 74:

	https://i.imgur.com/zcWtsfI.png		https://i.imgur.com/zcWtsfI.png

			== keywords ==

Kenneth: Created page with "== Scanner == RUB-NDS/Terrapin-Scanner: This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation". https://github.com/RUB-NDS/Terrapin-Scanner export $GOPATH=~/.gobin go install github.com/RUB-NDS/Terrapin-Scanner@latest ln -s ../.go/bin/Terrapin-Scanner ~/.bin/Terrapin-Scanner Scan the SSH server available at localhost port 2222 ./Terrapi..."

2024-01-05T06:11:08Z

Created page with "== Scanner == RUB-NDS/Terrapin-Scanner: This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation". https://github.com/RUB-NDS/Terrapin-Scanner export $GOPATH=~/.gobin go install github.com/RUB-NDS/Terrapin-Scanner@latest ln -s ../.go/bin/Terrapin-Scanner ~/.bin/Terrapin-Scanner Scan the SSH server available at localhost port 2222 ./Terrapi..."

New page

== Scanner ==

RUB-NDS/Terrapin-Scanner: This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
https://github.com/RUB-NDS/Terrapin-Scanner

export $GOPATH=~/.gobin
go install github.com/RUB-NDS/Terrapin-Scanner@latest
ln -s ../.go/bin/Terrapin-Scanner ~/.bin/Terrapin-Scanner

Scan the SSH server available at localhost port 2222
./Terrapin-Scanner --connect localhost:2222

If no port is specified, the tool will default to port 22 instead
./Terrapin-Scanner --connect localhost

=== Bad Result ===

<pre>
$ Terrapin-Scanner -connect host1.com
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.4

ChaCha20-Poly1305 support: true
CBC-EtM support: false

Strict key exchange support: false

The scanned peer is VULNERABLE to Terrapin.

Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.

For more details visit our website available at https://terrapin-attack.com
</pre>

https://i.imgur.com/cbKxWe7.png

=== Ok Result ===

(same host, but after apt update, apt upgrade...)

<pre>
$ Terrapin-Scanner -connect host1.com
================================================================================
==================================== Report ====================================
================================================================================

Remote Banner: SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.6

ChaCha20-Poly1305 support: true
CBC-EtM support: false

Strict key exchange support: true

The scanned peer supports Terrapin mitigations and can establish
connections that are NOT VULNERABLE to Terrapin. Glad to see this.
For strict key exchange to take effect, both peers must support it.

Note: This tool is provided as is, with no warranty whatsoever. It determines
the vulnerability of a peer by checking the supported algorithms and
support for strict key exchange. It may falsely claim a peer to be
vulnerable if the vendor supports countermeasures other than strict key
exchange.

For more details visit our website available at https://terrapin-attack.com
</pre>

https://i.imgur.com/zcWtsfI.png

Terrapin - Revision history

Kenneth: /* Scanner */

Kenneth at 06:11, 5 January 2024