Built a simple web tool to check if your server is vulnerable to the recent OpenSSH regreSSHion vulnerability. Enter IP/hostname, get instant results. Includes a curl option to check your own IP from the server.
Does not store logs, history is stored in a browser.
Built with help from Claude :-)
For those running Debian Bookworm and potentially others - judging by the result message this seems to use the banner version to decide whether or not you're vulnerable. For me it says "OpenSSH_9.2p1 is potentially vulnerable to regreSSHion (CVE-2024-6387)", but the vulnerability has been patched by Debian themselves without incrementing the version visible in the banner. The patched package version is "1:9.2p1-2+deb12u3".
It appears I misread some of this comment. The below is not particularly useful now, since the site does detect that Ubuntu 22.04 with the update is not vulnerable.
---
Ubuntu did the same thing for 22.04. Patched in "1:8.9p1-3ubuntu0.10".
Any chance to OpenSource this? We're a small provider with quite a few IP addresses that I would like to run this over, but for obvious reasons you have rate limits :)