This script, created by R4Tw1z, is designed to scan IP addresses to check if they are running a potentially vulnerable version of OpenSSH.This script is a faster and simpler version of an OpenSSH vulnerability scanner. The tool leverages multi-threading to optimize scanning performance and handle multiple IP addresses concurrently.
Input Handling: The script accepts IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges as input. IP addresses can be provided directly or read from a file.
Port and Timeout Configuration: Users can specify the port to check (default is port 22, commonly used for SSH). A connection timeout value can also be set, with a default of 1 second.
Multi-threading: The script uses a thread pool to process IP addresses concurrently, improving scanning speed. The number of worker threads can be configured (default is 10).
Port Status Check: The script first checks if the specified port is open on each IP address.
SSH Banner Retrieval: If the port is open, the script attempts to retrieve the SSH banner from the server. The banner is analyzed to determine if the SSH service is a potentially vulnerable version of OpenSSH.
Vulnerability Assessment: A predefined set of vulnerable OpenSSH versions is checked against the retrieved banner. Results are categorized into vulnerable, not vulnerable, and closed port statuses.
Results Output: The script outputs the number of servers that are not vulnerable, likely vulnerable, and those with the port closed.
python r4tw1z.py <targets> [options]
"Targets": IP addresses, domain names, file paths containing IP addresses, or CIDR network ranges to scan.
--port PORT (default: 22): Specify the port number to check.
-t, --timeout TIMEOUT (default: 1.0): Set the connection timeout in seconds.
-w, --workers NUM (default: 10): Define the number of worker threads for concurrent scanning.
-o, --output FILE (optional): Output the results to a specified file.
-c, --custom_banners BANNER1 BANNER2 ... (optional): List custom SSH banners to check for vulnerabilities.
-v, --verbose: Enable verbose mode to display detailed information about each scanned server.
-r, --retries NUM (default: 3): Set the number of retries for each connection attempt.
python r4tw1z.py 192.168.1.1 192.168.1.2
python r4tw1z.py 192.168.1.0/24 -v
python r4tw1z.py ips.txt -o results.txt
python r4tw1z.py 192.168.1.1 -c "SSH-2.0-CustomBanner1" "SSH-2.0-CustomBanner2"
python r4tw1z.py 192.168.1.1 -r 5 -w 20
Feel free to fork this repository and submit pull requests. Contributions to improve the tool are always welcome!