{"id":13846060,"url":"https://github.com/trimstray/massh-enum","last_synced_at":"2025-05-14T00:32:26.198Z","repository":{"id":42037362,"uuid":"145175629","full_name":"trimstray/massh-enum","owner":"trimstray","description":"OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473).","archived":false,"fork":false,"pushed_at":"2019-11-15T08:12:32.000Z","size":43,"stargazers_count":148,"open_issues_count":2,"forks_count":34,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-04-02T10:12:10.466Z","etag":null,"topics":["accounts","cve","cve-2018-15473","enumeration","openssh","ssh","users","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/trimstray.png","metadata":{"files":{"readme":"README","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-17T23:48:15.000Z","updated_at":"2025-03-15T17:45:58.000Z","dependencies_parsed_at":"2022-09-18T12:50:17.546Z","dependency_job_id":null,"html_url":"https://github.com/trimstray/massh-enum","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trimstray%2Fmassh-enum","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trimstray%2Fmassh-enum/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trimstray%2Fmassh-enum/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/trimstray%2Fmassh-enum/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/trimstray","download_url":"https://codeload.github.com/trimstray/massh-enum/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254046491,"owners_count":22005606,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["accounts","cve","cve-2018-15473","enumeration","openssh","ssh","users","vulnerability"],"created_at":"2024-08-04T17:04:18.977Z","updated_at":"2025-05-14T00:32:21.185Z","avatar_url":"https://github.com/trimstray.png","language":"Shell","readme":"+----------------+\n| massh-enum 1.0 |\n+----------------+\n\n        OpenSSH 2.3 up to 7.4 Mass Username Enumeration (CVE-2018-15473)\n\n        This script contains Matthew Daley Python script \u003chttps://bugfuzz.com/stuff/ssh-check-username.py\u003e\n\n        License: GPLv3, \u003chttp://www.gnu.org/licenses/\u003e\n\n\nDescription\n\nOpenSSH versions 2.3 up to 7.4 suffer from a username enumeration vulnerability.\n\nThe attacker can try to authenticate a user with a malformed packet (for\nexample, a truncated packet), and:\n\n- if the user is invalid (it does not exist), then userauth_pubkey()\n  returns immediately, and the server sends an SSH2_MSG_USERAUTH_FAILURE\n  to the attacker;\n\n- if the user is valid (it exists), then sshpkt_get_u8() fails, and the\n  server calls fatal() and closes its connection to the attacker.\n\nMore information about this vulnerability:\n* https://nvd.nist.gov/vuln/detail/CVE-2018-15473\n* http://seclists.org/oss-sec/2018/q3/124\n\nHow it works?\n\n# ./bin/massh-enum --hosts 10.240.20.0/28 --users wordlists/users\n› Generating a list of hosts\n› Username Enumeration\nhost: 10.240.20.1 (p:22), found user: root\nhost: 10.240.20.1 (p:22), found user: supervisor\nhost: 10.240.20.2 (p:22), found user: root\n\nRequirements\n\n- Bash (testing on 4.4.19)\n- Python (testing on 2.7)\n- Nmap (testing on 7.70)\n","funding_links":[],"categories":["Pentesting","Shell"],"sub_categories":["Enumeration"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrimstray%2Fmassh-enum","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftrimstray%2Fmassh-enum","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftrimstray%2Fmassh-enum/lists"}