macOS
brew install terrapin-scannerlocal Homebrew formula metadata
brew
Vulnerability scanner for the Terrapin attack. Version 1.1.3 via Homebrew; verified from local package data.
install
brew install terrapin-scannerlocal Homebrew formula metadata
nix profile install nixpkgs#terrapin-scannernixpkgs package indexes · pkgs/by-name/te/terrapin-scanner/package.nix · source: api.github.com
overview
Vulnerability scanner for the Terrapin attack
history
Terrapin Vulnerability Scanner is the companion command-line scanner for the Terrapin SSH prefix-truncation attack. The official attack site and repository describe it as a small Go console application that tests whether an SSH server or client offers vulnerable encryption modes and whether strict key exchange countermeasures are present.
The scanner was published by the Ruhr University Bochum Network and Data Security group alongside the Terrapin research disclosure. Its narrow purpose is deliberate: it gathers SSH algorithm support in a single connection, avoids full authentication, and does not perform the attack.
Adoption followed the disclosure pattern of a vulnerability-specific operations tool. The project provides release binaries for major desktop platforms, a container image, and Go installation instructions, making it easy for administrators and package maintainers to run quick checks during SSH patch rollouts.
The CLI is used either in connect mode against an SSH server or in listen mode for testing an SSH client. It can emit JSON, which makes it useful for scripted fleet checks and package-manager users who want a reproducible local scanner rather than a web-based test.
For package nerds, terrapin-scanner is a compact example of a research artifact becoming a packaged remediation aid. Its Homebrew and Nix packaging matters less as a general-purpose utility and more as a convenient way to reproduce an official scanner during the short operational window after a protocol vulnerability disclosure.
security posture
escape, surveillance, or offensive capability signal.
red risk · medium confidence · escape-surveillance-offensive
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
executables
| Command | Kind | Exposure | Note |
|---|---|---|---|
Terrapin-Scanner | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/RUB-NDS/Terrapin-Scanner
install metadata
| Package key | brew:terrapin-scanner |
|---|---|
| Version | 1.1.3 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/terrapin-scanner |
| Homepage | https://terrapin-attack.com/ |
| Repository | https://github.com/RUB-NDS/Terrapin-Scanner |
| Upstream docs | https://github.com/RUB-NDS/Terrapin-Scanner#readme |
| License | Apache-2.0 |
| Source archive | https://github.com/RUB-NDS/Terrapin-Scanner/archive/refs/tags/v1.1.3.tar.gz |
| Build dependencies | go |
| Bottle | available (on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | terrapin-scanner |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
terrapin-scanner
nix profile install nixpkgs#terrapin-scannersource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.