Need help with CVE-2018-10933?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

467 Stars 114 Forks 93 Commits 0 Opened issues


Spawn to shell without any credentials by using CVE-2018-10933 (LibSSH)

Services available


Need anything else?

Contributors list


Spawn to shell without any credentials by using CVE-2018-10933

Exploit-DB :

Information about CVE-2018-10933 by libSSH :

Bugfix Release by libSSH :


// If paramiko==2.0.8 doesn't works try : pip install paramiko==2.4.2

pip install -r requirements.txt python --help

Example: python --host --port 22 --command "cat /etc/passwd" --logfile newlogfile.log

Youtube videos that shows how to exploit libSSH by using this PoC (Proof Of Concept)



Find the right server with these fingerprints:

Check the version of server that you trying to bypass with

If output is 0.7.5, 0.6.*, or lowest then the server is vulnerable.

If isn't then it's probably patched, truncated or not using libSSH. libSSH

( 22 Port is default, other ports like (2222, 3333, 4444) might be including libSSH )

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.