Built a simple web tool to check if your server is vulnerable to the recent OpenSSH regreSSHion vulnerability. Enter IP/hostname, get instant results. Includes a curl option to check your own IP from the server.<p>Does not store logs, history is stored in a browser.
Built with help from Claude :-)
For those running Debian Bookworm and potentially others - judging by the result message this seems to use the banner version to decide whether or not you're vulnerable. For me it says "OpenSSH_9.2p1 is potentially vulnerable to regreSSHion (CVE-2024-6387)", but the vulnerability has been patched by Debian themselves without incrementing the version visible in the banner. The patched package version is "1:9.2p1-2+deb12u3".
Any chance to OpenSource this? We're a small provider with quite a few IP addresses that I would like to run this over, but for obvious reasons you have rate limits :)