SentinelSSH is a high-performance, concurrent vulnerability scanner designed to detect SSH servers potentially vulnerable to CVE-2024-6387.
_____ ______ _ _ _______ _____ _ _ ______ _ _____ _____ _ _
/ ____| ____| \ | |__ __|_ _| \ | | ____| | / ____/ ____| | | |
| (___ | |__ | \| | | | | | | \| | |__ | | | (___| (___ | |__| |
\___ \| __| | . ' | | | | | | . ' | __| | | \___ \\___ \| __ |
____) | |____| |\ | | | _| |_| |\ | |____| |____ __) |___) | | | |
|_____/|______|_| \_| |_| |_____|_| \_|______|______|_____/_____/|_| |_|
CVE-2024-6387 Vulnerability Scanner
- Fast, concurrent scanning of multiple targets
- Support for IP addresses, domain names, and CIDR ranges
- File input for bulk scanning
- Real-time progress bar
- Immediate reporting of vulnerable targets
- Silent mode for integration into automated workflows
- Customizable scan parameters (port, timeout, concurrency)
- Go 1.16 or later
To install SentinelSSH, simply run:
go install github.com/harshinsecurity/sentinelssh/cmd/sentinelssh@latest
This command will download, compile, and install SentinelSSH. Make sure your Go bin directory is in your system's PATH.
After installation, you can run SentinelSSH from anywhere in your terminal:
sentinelssh [flags] [targets...]
-p, --port int
: Port number to scan (default 22)-t, --timeout float
: Connection timeout in seconds (default 5.0)-c, --concurrency int
: Number of concurrent scans (default 100)-f, --file string
: File containing list of targets-s, --silent
: Silent mode: only output vulnerable targets
Scan a single target:
sentinelssh 192.168.1.1
Scan multiple targets:
sentinelssh example.com 192.168.1.1 10.0.0.0/24
Scan targets from a file:
sentinelssh -f targets.txt
Scan with custom port and increased concurrency:
sentinelssh -p 2222 -c 200 example.com
Silent mode (only output vulnerable targets):
sentinelssh -s -f targets.txt
SentinelSSH works by:
- Connecting to target SSH servers
- Retrieving the SSH banner
- Analyzing the banner for known vulnerable versions
- Immediately reporting vulnerable targets
For a detailed explanation of the vulnerability detection process, see our Wiki.
sentinelssh/
│
├── cmd/
│ └── sentinelssh/
│ └── main.go
│
├── internal/
│ ├── scanner/
│ │ └── scanner.go
│ ├── analyzer/
│ │ └── analyzer.go
│ └── utils/
│ └── utils.go
│
├── pkg/
│ └── models/
│ └── result.go
│
├── .gitignore
├── go.mod
├── go.sum
├── LICENSE
└── README.md
Contributions to SentinelSSH are welcome! Please feel free to submit pull requests, create issues or spread the word.
To contribute:
- Fork the repository
- Create your feature branch (
git checkout -b feature/AmazingFeature
) - Commit your changes (
git commit -m 'Add some AmazingFeature'
) - Push to the branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
SentinelSSH is a tool for identifying potentially vulnerable SSH servers. It does not exploit any vulnerabilities or attempt to gain unauthorized access. Use this tool responsibly and only on systems you have permission to test.
- The Go community for providing excellent libraries and tools
- All contributors and users of SentinelSSH
For more information, please check out our GitHub Wiki.