Dieses kleine Script sucht in einem Netz an angreifbaren SSH-Hosts.
Debian hatte etwas ungeschickte Hosts-Keys erstellt, welche eine Kompromittierung des Systems ermöglichen.
NET="192.168.0.0/24"
WEAK_FILE=weak_servers.csv
OK=0
WEAK=0
HOSTS=0
echo -e "# Weak Servers:\n" > $WEAK_FILE
echo -ne "[ii]\tBegin with scanning...\n"
nmap -T4 -oG hosts.csv -p 22 $NET >/dev/null 2>&1
echo -ne "[ii]\tSearching for weak hosts...\n\n"
for i in `grep open hosts.csv | sed -s 's/^Host: \(\S*\) .*/\1/'`; do
HOSTS=`expr $HOSTS + 1`
NAME=`host "$i" |sed 's/.*pointer\(S*\)/\1/'`
echo -ne "\n--=={ Host: $NAME }==--\n"
perl dowkd.pl host -p 22 $i 2>&1 | egrep -q 'weak keys: [1-9]'
EC=$?
if [ $EC != 0 ]; then
echo -e "\t[++]\tHost OKAY\n"
OK=`expr $OK + 1`
else
echo -e "\E[31;40m\t[!!]\tHost is \033[1m NOT OKAY\n\E[31;44m\tUPGRADE $NAME NOW!\033[0m\n"
tput sgr0
WEAK=`expr $WEAK + 1`
echo $NAME >> $WEAK_FILE
echo -e "\n"
fi
done
echo -e "### Statistics ###"
echo -e "Scanned $HOSTS hosts"
echo -e "Hosts seem to be okay: $OK"
echo -e "Weak Hosts: $WEAK"
echo -e "Please see $WEAK_FILE for a list of servers"
echo -e "you should upgrade ... FAST!"