This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers

This script is a custom security tool designed to test for a critical pre-authentication vulnerability in systems running Erlang-based SSH servers (such as those used in embedded systems, IoT devices, and some backend services). The vulnerability being tested for is similar to CVE-2025-32433, which allows unauthenticated remote command execution during the SSH handshake phase.

• Accepts either a single IP:port or bulk IPs and ports from ips.txt and ports.txt.
• Matches IPs and ports line-by-line to scan environments systematically.

• Initiates a raw TCP connection and mimics a legitimate SSH client.
• Sends a valid SSH banner and KEXINIT packet to initiate key exchange.

• Tries multiple SSH CHANNEL_OPEN types (e.g., session, direct-tcpip, etc.).
• Some vulnerable servers respond differently based on accepted channel types.

• If a channel is successfully opened pre-auth, it sends a payload (e.g., whoami or a reverse shell).
• Designed to detect execution capability without crashing or alerting services unnecessarily.

• Automatically reconnects if the server disconnects.
• Supports multithreading for faster scans across large inventories.
• Includes timestamps, logs all results to results.txt, and provides a live progress bar.