Do you want me to grab both sets separately or just the product:libssh set?
I’m not sure but I don’t want let you to waste credits. so grab only libssh (https://www.shodan.io/search?query=libssh) because should already have product:libssh query results itself
Voila, in CSV format (and gzipped for compression)
File does not exist anymore on the server
Ugh, okay. Uploaded the results to one of our webhosts for now: https://bit.ly/2Rc5giU
Ight… let me see what I can do.
I payed the one time fee.
Ight, so my script is ready and it can be used for multiple different purposes. Please use it, but also edit it as need be… currently gonna add a scanner for libssh if need be but we should be fine… only issue with current scripts for a scanner is that they’d have to take file input. Also, a note on the script, I added the ability to input the number of pages to query. If the pages doesn’t exist, it’ll return a error saying query isn’t valid or something like that. For libssh purposes do the math… lol. 100 results are returned per page with the API, but also, you must have a valid API key too. Currently I don’t have enough credits until next month. @occupi, feel free to use this script especially.
Any other questions feel free to ask. I’m very busy to so please bear with me.
Also, @pry0cc, don’t know, but shouldn’t this script have its own post by now? lol. It has been a while since I worked on it. lolol.
With that being said, ~Cheers!
I’m still testing all 6300 server automatically of @occupi list with my script since yesterday.
Are you mass scanning them?
It’s fine here for now. I don’t think it warrants another post.
All right, I tested all 6300 servers of Shodan, all servers that have vulnerable versions of libssh are ALL unexploitable.
Most common exceptions and reasons are:
·Secsh channel 0 open FAILED: : Administratively prohibited => So Undefinied Exception. Probably channel is closed or not PortForwarded. ·Server down ·Oops, unhandled type 3 ('unimplemented') => So Undefinied Exception. Probably channel is closed or not PortForwarded.
This vulnerability it’s a bullshit, now is confirmed.
Let’s not call BS on it quite yet… the scripts thus far could incomplete. I still need to study a bit longer. Please bear with me.
X2go is vulnerable ; Shodan doesn’t give a good number. Lot of application working for sehll ssh and not working with openssh
Isn’t it the library that’s vulnerable, and not the ssh server itself? Probably why none of them are exploitable.