3
Pentester Tools : SSHScan
Posted by zuhaircmr
SSHScan is a testing tool that enumerates SSH Ciphers. We Can easily detect weak ciphers by using this .
Lets tryout SSHScan in BrokenWeb (A Vulnerable machine) hosted locally .
Brokenweb IP : 192.168.3.107
codebreaker@zbox:~$ ./SSHScan/sshscan.py -t 192.168.3.107:22
In Network Pentesting, Once you detect an SSH port , then try for SSHScan to detect the ciphers. If KEX algoritham is weak then an attacker can easily create a Denial of Service attack on SSH port and hence the target wont be accessible by the anyone at the moment.
GITHUB Link:
https://github.com/evict/SSHScan
Installation :
git clone https://github.com/evict/SSHScan
Lets tryout SSHScan in BrokenWeb (A Vulnerable machine) hosted locally .
Brokenweb IP : 192.168.3.107
codebreaker@zbox:~$ ./SSHScan/sshscan.py -t 192.168.3.107:22
In Network Pentesting, Once you detect an SSH port , then try for SSHScan to detect the ciphers. If KEX algoritham is weak then an attacker can easily create a Denial of Service attack on SSH port and hence the target wont be accessible by the anyone at the moment.
GITHUB Link:
https://github.com/evict/SSHScan
Installation :
git clone https://github.com/evict/SSHScan