Skip to content
/ Terrapin-Scanner Public

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

terrapin-attack.com

License

Apache-2.0 license
324 stars 17 forks Activity
Star
Notifications

RUB-NDS/Terrapin-Scanner

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 6 tags
Code

Latest commit

@TrueSkrillor
TrueSkrillor release: reset to next dev version
21ddbf1 Dec 22, 2023
release: reset to next dev version
21ddbf1

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.idea
build: Add build configurations for Linux ARM (32-bit) and Windows ARM64
December 20, 2023 21:15
tscanner
Use slices from exp repo
December 22, 2023 17:08
.gitignore
Initial commit
December 13, 2023 17:25
LICENSE
docs: Add LICENSE
December 14, 2023 12:24
README.md
Use slices from exp repo
December 22, 2023 17:08
go.mod
Use slices from exp repo
December 22, 2023 17:08
go.sum
Use slices from exp repo
December 22, 2023 17:08
main.go
release: reset to next dev version
December 22, 2023 17:13
Terrapin Vulnerability Scanner Building Usage

README.md

Terrapin Vulnerability Scanner

The Terrapin Vulnerability Scanner is a small utility program written in Go, which can be used to determine the vulnerability of an SSH client or server against the Terrapin Attack. The vulnerability scanner requires a single connection with the peer to gather all supported algorithms. However, it does not perform a fully fledged SSH key exchange, will never attempt authentication on a server, and does not perform the attack in practice. Instead, vulnerability is determined by checking the supported algorithms and support for known countermeasures (strict key exchange). This may falsely claim vulnerability in case the peer supports countermeasures unknown to this tool.

Building

For convenience, we are providing pre-compiled binaries for all major desktop platforms. These can be found on the Release page.

However, we understand that you might prefer building tools, that connect to your SSH server, yourself. To do this, ensure that you have at least Go v1.18 installed. To compile and install the Terrapin Vulnerability Scanner Go package, run the command below.

go install github.com/RUB-NDS/Terrapin-Scanner@latest

This will download, compile, and install the Go package for your local system. The compiled binary will become available at $GOBIN/Terrapin-Scanner. If the GOBIN environment variable is not set, Go will default to using $GOPATH/bin or $HOME/go/bin, depending on whether the $GOPATH environment variable is set.

Usage

# Scan the SSH server available at localhost port 2222
./Terrapin-Scanner --connect localhost:2222

# If no port is specified, the tool will default to port 22 instead
./Terrapin-Scanner --connect localhost

# To scan an SSH client, specify the listen command instead
# After running the command, you will need to connect with your SSH client to port 2222
./Terrapin-Scanner --listen 0.0.0.0:2222

# When binding to localhost, you can omit the interface address
# The following command will listen for incoming connections on 127.0.0.1:2222
./Terrapin-Scanner --listen 2222

The scanner supports outputting the scan result as json. To do so, provide the --json flag when calling the scanner. The output is structured as follows:

{
    "Banner": "SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.5",
    "SupportsChaCha20": true,
    "SupportsCbcEtm": false,
    "SupportsStrictKex": true,
    "Vulnerable": false
}

About

This repository contains a simple vulnerability scanner for the Terrapin attack present in the paper "Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".

terrapin-attack.com

Topics

ssh cryptography attack vulnerability vulnerability-scanner

Resources

Readme

License

Apache-2.0 license
Activity

Stars

324 stars

Watchers

8 watching

Forks

17 forks
Report repository

Releases 6

v1.1.0 Latest
Dec 20, 2023
+ 5 releases

Contributors 5

Languages