Demonstration of CVE-2025-27152
Demonstration of CVE-2025-27152
Check if a username is valid on the SSH server by attempting an authentication. The server response will indicate whether the username exists.
A Bash script to enumerate valid SSH usernames using the CVE-2018-15473 vulnerability. It checks for valid usernames on an OpenSSH OpenSSH 7.2p2 server by analyzing authentication responses.
Patch Manual para a correção das CVE-2025-26465-e-CVE-2025-26466, para sistemas sem update do OpenSSH
OpenSSH server 9.5p1 - 9.9p1 DoS (PoC)
The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption
MitM attack allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it
SSHEnum es una herramienta de enumeración de usuarios SSH basada en CVE-2018-15473. Permite detectar usuarios válidos aprovechando respuestas diferenciadas del servidor. Es rápida, compatible con Python 3.12 y soporta wordlists. Uso exclusivo para auditoría y pruebas de seguridad autorizadas.
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer.
This repository contains a Proof of Concept (PoC) for CVE-2015-9251, a vulnerability in jQuery versions prior to 3.0.0 that allows attackers to perform Cross-Site Scripting (XSS) attacks under certain conditions.
A Python-based tool to check for vulnerabilities in OpenSSH installations on local or remote systems by scanning specific IPs. It checks if the OpenSSH version is affected by CVE-2023-48795
Fast, parallel SSH discovery and security auditing across hosts and CIDR ranges: identifies SSH on any port in real time, then flags auth methods, weak crypto, Terrapin (CVE-2023-48795), and reused host keys.
Some scripts to simulate an attack (used for CVE-2024-21626)
PoC para CVE-2015-9251 jQuery menor a 3.0.0.
Vulnerability Overview CVE-2023-38408 affects OpenSSH versions < 9.3p2 and stems from improper validation of data when SSH agent forwarding is enabled. When users connect to a remote server with ssh -A, they allow the agent on their local machine to be used for authentication to further systems
Script para eliminar vulnerabilidad de openssh de ubuntu 22.04 LTS
Case Study: SSHtranger Things (CVE-2019-6111, CVE-2019-6110) in Cisco SD-WAN