# Install terrapin-scanner with Homebrew, Nix

Vulnerability scanner for the Terrapin attack. Version 1.1.3 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:terrapin-scanner
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install terrapin-scanner
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#terrapin-scanner
```

  Evidence: nixpkgs package indexes: pkgs/by-name/te/terrapin-scanner/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:terrapin-scanner
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/terrapin-scanner>
- **Version:** 1.1.3
- **Source summary:** Vulnerability scanner for the Terrapin attack
- **Homepage:** <https://terrapin-attack.com/>
- **Repository:** <https://github.com/RUB-NDS/Terrapin-Scanner>
- **Upstream docs:** <https://github.com/RUB-NDS/Terrapin-Scanner#readme>
- **License:** Apache-2.0
- **Source archive:** <https://github.com/RUB-NDS/Terrapin-Scanner/archive/refs/tags/v1.1.3.tar.gz>
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- Terrapin-Scanner (cli)
- Terrapin-Scanner (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.1.3
- Local data: ok
- Upstream repository: https://github.com/RUB-NDS/Terrapin-Scanner
- Upstream latest detected: v1.1.3 (current)
- info: No package-manager update timestamp was available.
## Project history and usage

Terrapin Vulnerability Scanner is the companion command-line scanner for the Terrapin SSH prefix-truncation attack. The official attack site and repository describe it as a small Go console application that tests whether an SSH server or client offers vulnerable encryption modes and whether strict key exchange countermeasures are present.

### Project history

The scanner was published by the Ruhr University Bochum Network and Data Security group alongside the Terrapin research disclosure. Its narrow purpose is deliberate: it gathers SSH algorithm support in a single connection, avoids full authentication, and does not perform the attack.

### Adoption history

Adoption followed the disclosure pattern of a vulnerability-specific operations tool. The project provides release binaries for major desktop platforms, a container image, and Go installation instructions, making it easy for administrators and package maintainers to run quick checks during SSH patch rollouts.

### How it is used

The CLI is used either in connect mode against an SSH server or in listen mode for testing an SSH client. It can emit JSON, which makes it useful for scripted fleet checks and package-manager users who want a reproducible local scanner rather than a web-based test.

### Why package nerds care

For package nerds, terrapin-scanner is a compact example of a research artifact becoming a packaged remediation aid. Its Homebrew and Nix packaging matters less as a general-purpose utility and more as a convenient way to reproduce an official scanner during the short operational window after a protocol vulnerability disclosure.

### Timeline

- 2024: Terrapin paper scheduled for Real World Crypto, Black Hat USA, and USENIX Security presentations.
- 2024: Official scanner released with prebuilt binaries, Docker image, and Go install path.
- 2024: v1.1.3 listed as latest GitHub release on January 18, 2024.

### Related projects

- The scanner is tied to the Terrapin attack research and to SSH implementations that adopted the strict key exchange countermeasure.

### Sources

- <https://github.com/RUB-NDS/Terrapin-Scanner official README, usage, build, release, and JSON-output notes.>
- <https://terrapin-attack.com/ official attack site and scanner description.>
- source_facts.package-manager lists brew and nix packaging.


## Security Notes

escape, surveillance, or offensive capability signal.

- **Geiger risk:** red / medium
- escape, surveillance, or offensive capability signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** terrapin-scanner
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - terrapin-scanner: normalized package name match | nixpkgs package indexes: pkgs/by-name/te/terrapin-scanner/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [bomber](https://www.automicvault.com/pkg/brew/bomber/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [grype](https://www.automicvault.com/pkg/brew/grype/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [nuclei](https://www.automicvault.com/pkg/brew/nuclei/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [osv-scanner](https://www.automicvault.com/pkg/brew/osv-scanner/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [vuls](https://www.automicvault.com/pkg/brew/vuls/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.
- [clair](https://www.automicvault.com/pkg/brew/clair/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [govulncheck](https://www.automicvault.com/pkg/brew/govulncheck/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [safety](https://www.automicvault.com/pkg/brew/safety/) - Shares av.db curated category or tags: cli, security, vulnerability-scanner, vulnerability-scanning.

## Combined YAML source

View the package source record on GitHub. [combined/terrapin-scanner.yml](https://github.com/automic-vault/db/blob/main/combined/terrapin-scanner.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
