├── .gitignore
├── Dockerfile
├── LICENSE
├── README.md
├── a2sv.py
├── install.sh
├── module
├── C_display.py
├── M_anonymous.py
├── M_ccsinjection.py
├── M_crime.py
├── M_drown.py
├── M_freak.py
├── M_heartbleed.py
├── M_logjam.py
└── M_poodle.py
├── renovate.json
├── requirements.txt
└── version
/.gitignore:
--------------------------------------------------------------------------------
1 |
2 | # Created by https://www.gitignore.io/api/python
3 |
4 | ### Python ###
5 | # Byte-compiled / optimized / DLL files
6 | __pycache__/
7 | *.py[cod]
8 | *$py.class
9 |
10 | # C extensions
11 | *.so
12 |
13 | # Distribution / packaging
14 | .Python
15 | build/
16 | develop-eggs/
17 | dist/
18 | downloads/
19 | eggs/
20 | .eggs/
21 | lib/
22 | lib64/
23 | parts/
24 | sdist/
25 | var/
26 | wheels/
27 | *.egg-info/
28 | .installed.cfg
29 | *.egg
30 | MANIFEST
31 |
32 | # PyInstaller
33 | # Usually these files are written by a python script from a template
34 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
35 | *.manifest
36 | *.spec
37 |
38 | # Installer logs
39 | pip-log.txt
40 | pip-delete-this-directory.txt
41 |
42 | # Unit test / coverage reports
43 | htmlcov/
44 | .tox/
45 | .coverage
46 | .coverage.*
47 | .cache
48 | nosetests.xml
49 | coverage.xml
50 | *.cover
51 | .hypothesis/
52 | .pytest_cache/
53 |
54 | # Translations
55 | *.mo
56 | *.pot
57 |
58 | # Django stuff:
59 | *.log
60 | local_settings.py
61 | db.sqlite3
62 |
63 | # Flask stuff:
64 | instance/
65 | .webassets-cache
66 |
67 | # Scrapy stuff:
68 | .scrapy
69 |
70 | # Sphinx documentation
71 | docs/_build/
72 |
73 | # PyBuilder
74 | target/
75 |
76 | # Jupyter Notebook
77 | .ipynb_checkpoints
78 |
79 | # pyenv
80 | .python-version
81 |
82 | # celery beat schedule file
83 | celerybeat-schedule
84 |
85 | # SageMath parsed files
86 | *.sage.py
87 |
88 | # Environments
89 | .env
90 | .venv
91 | env/
92 | venv/
93 | ENV/
94 | env.bak/
95 | venv.bak/
96 |
97 | # Spyder project settings
98 | .spyderproject
99 | .spyproject
100 |
101 | # Rope project settings
102 | .ropeproject
103 |
104 | # mkdocs documentation
105 | /site
106 |
107 | # mypy
108 | .mypy_cache/
109 |
110 | ### Python Patch ###
111 | .venv/
112 |
113 | ### Python.VirtualEnv Stack ###
114 | # Virtualenv
115 | # http://iamzed.com/2009/05/07/a-primer-on-virtualenv/
116 | [Bb]in
117 | [Ii]nclude
118 | [Ll]ib
119 | [Ll]ib64
120 | [Ll]ocal
121 | [Ss]cripts
122 | pyvenv.cfg
123 | pip-selfcheck.json
124 |
125 |
126 | # End of https://www.gitignore.io/api/python
127 |
128 | # Other exclusions
129 | module/*.pyc
130 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM python:2-alpine
2 |
3 | ADD * ./
4 |
5 | RUN pip install -r requirements.txt
6 |
7 | ENTRYPOINT ["python","a2sv.py"]
8 |
9 | # Build
10 | # docker build -t a2sv .
11 | # Run
12 | # docker run a2sv -t example.com
13 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2016 HaHwul(하훌)
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | [](https://opensource.org/licenses/MIT)
2 | 
3 |
4 | ## 1. A2SV?
5 | Auto Scanning to SSL Vulnerability.
6 |
7 | HeartBleed, CCS Injection, SSLv3 POODLE, FREAK... etc
8 |
9 |
10 |
11 | A. Support Vulnerability
12 | ```
13 | - CVE-2007-1858] Anonymous Cipher
14 | - CVE-2012-4929] CRIME(SPDY)
15 | - CVE-2014-0160] CCS Injection
16 | - CVE-2014-0224] HeartBleed
17 | - CVE-2014-3566] SSLv3 POODLE
18 | - CVE-2015-0204] FREAK Attack
19 | - CVE-2015-4000] LOGJAM Attack
20 | - CVE-2016-0800] SSLv2 DROWN
21 | ```
22 |
23 | B. Dev Plan
24 | ```
25 | - PLAN] SSL ACCF
26 | - PLAN] SSL Information Analysis
27 | ```
28 | ## 2. How to Install?
29 | A. Download(clone) & Unpack A2SV
30 | ```
31 | $ git clone https://github.com/hahwul/a2sv.git
32 | $ cd a2sv
33 | ```
34 | B. Install Python Package / OpenSSL
35 |
36 | ```
37 | $ pip install argparse
38 | $ pip install netaddr
39 |
40 | $ apt-get install openssl
41 | ```
42 | C. Run A2SV
43 |
44 | ```
45 | $ python a2sv.py -h
46 | ```
47 | ## 3. How to Use?
48 | ```
49 | usage: a2sv [-h] [-t TARGET] [-tf TARGETFILE] [-p PORT] [-m MODULE]
50 | [-d DISPLAY] [-u] [-v]
51 |
52 | optional arguments:
53 | -h, --helpshow this help message and exit
54 | -t TARGET, --target TARGET
55 | Target URL and IP Address
56 | $ e.g -t 127.0.0.1
57 | -tf TARGETFILE, --targetfile TARGETFILE
58 | Target file(list) URL and IP Address
59 | $ e.g -tf ./target.list
60 | -p PORT, --port PORT Custom Port / Default: 443
61 | $ e.g -p 8080
62 | -m MODULE, --module MODULE
63 | Check SSL Vuln with one module
64 | [anonymous]: Anonymous Cipher
65 | [crime]: Crime(SPDY)
66 | [heart]: HeartBleed
67 | [ccs]: CCS Injection
68 | [poodle]: SSLv3 POODLE
69 | [freak]: OpenSSL FREAK
70 | [logjam]: OpenSSL LOGJAM
71 | [drown]: SSLv2 DROWN
72 | -d DISPLAY, --display DISPLAY
73 | Display output
74 | [Y,y] Show output
75 | [N,n] Hide output
76 | -o OUT, --out OUT Result write to file
77 | $ e.g -o /home/yourdir/result.txt
78 | -u, --update Update A2SV (GIT)
79 | -v, --version Show Version
80 |
81 | ```
82 | [Scan SSL Vulnerability]
83 |
84 | ```
85 | $ python a2sv.py -t 127.0.0.1
86 |
87 | $ python a2sv.py -t 127.0.0.1 -m heartbleed
88 |
89 | $ python a2sv.py -t 127.0.0.1 -d n
90 |
91 | $ python a2sv.py -t 127.0.0.1 -p 8111
92 |
93 | $ python a2sv.py -tf target_list.txt
94 |
95 | ```
96 | [Update A2SV]
97 |
98 | ```
99 | $ python a2sv.py -u
100 |
101 | $ python a2sv.py --update
102 |
103 | ```
104 | ## 4. Support
105 | The answer is very slow because it's a project that I could't careful about.
106 |
107 | ## 5. Donate
108 |
109 | I like coffee! I'm a coffee addict.
110 | 
111 | 
112 |
113 | ## 6. Screen shot
114 | 
115 | 
116 |
117 | ## 7. Code Reference Site
118 | ```
119 | - poodle : https://github.com/supersam654/Poodle-Checker
120 |
121 | - heartbleed : https://github.com/sensepost/heartbleed-poc
122 |
123 | - ccs injection : https://github.com/Tripwire/OpenSSL-CCS-Inject-Test
124 |
125 | - freak : https://gist.github.com/martinseener/d50473228719a9554e6a
126 |
--------------------------------------------------------------------------------
/a2sv.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python2
2 | # -*- coding: utf-8 -*-
3 | #==============================================
4 | # A2SV(Auto Scanning to SSL Vulnerability |
5 | # by HaHwul(www.hahwul.com) |
6 | # https://github.com/hahwul/a2sv |
7 | #==============================================
8 | import os
9 | import sys
10 | import argparse
11 | import socket
12 | import datetime
13 | from urlparse import urlparse
14 | sys.path.append(os.path.dirname( os.path.abspath( __file__ ))+"/module")
15 | from M_ccsinjection import *
16 | from M_heartbleed import *
17 | from M_poodle import *
18 | from M_freak import *
19 | from M_logjam import *
20 | from M_drown import *
21 | from M_crime import *
22 | from M_anonymous import *
23 | from C_display import *
24 |
25 | #==============================================
26 | displayMode=0
27 | targetMode=0
28 | output_ck=0
29 | output_path="./a2sv_output.txt"
30 |
31 | targetfileList = []
32 | # Version
33 | myPath=os.path.dirname( os.path.abspath( __file__ ))
34 | vfp = open(myPath+"/version","r") #Version File Pointer
35 | a2sv_version = vfp.read()
36 | a2sv_version = a2sv_version.rstrip()
37 | #==============================================
38 |
39 | global targetIP
40 | global port
41 | global ccs_result
42 | global heartbleed_result
43 | global poodle_result
44 | global freak_result
45 | global logjam_result
46 | global drown_result
47 | global crime_result
48 | global anonymous_result
49 |
50 | # Set Result Val
51 | # -1: Not Scan
52 | # 0x00: Not Vuln
53 | # 0x01: Vuln
54 | ccs_result = "-1"
55 | heartbleed_result = "-1"
56 | poodle_result = "-1"
57 | freak_result = "-1"
58 | logjam_result = "-1"
59 | drown_result = "-1"
60 | crime_result = "-1"
61 | anonymous_result = "-1"
62 | #===========================
63 | RED = '\033[91m'
64 | GREEN = '\033[92m'
65 | YELLOW = '\033[93m'
66 | BLUE = '\033[94m'
67 | PURPLE = '\033[95m'
68 | VIOLET = '\033[0;35m'
69 | END = '\033[0m'
70 |
71 | ## Report Table
72 | class TablePrinter(object):
73 | "Print a list of dicts as a table"
74 | def __init__(self, fmt, sep=' ', ul=None):
75 | """
76 | @param fmt: list of tuple(heading, key, width)
77 | heading: str, column label
78 | key: dictionary key to value to print
79 | width: int, column width in chars
80 | @param sep: string, separation between columns
81 | @param ul: string, character to underline column label, or None for no underlining
82 | """
83 | super(TablePrinter,self).__init__()
84 | self.fmt = str(sep).join('{lb}{0}:{1}{rb}'.format(key, width, lb='{', rb='}') for heading,key,width in fmt)
85 | self.head = {key:heading for heading,key,width in fmt}
86 | self.ul = {key:str(ul)*width for heading,key,width in fmt} if ul else None
87 | self.width = {key:width for heading,key,width in fmt}
88 |
89 | def row(self, data):
90 | return self.fmt.format(**{ k:str(data.get(k,''))[:w] for k,w in self.width.iteritems() })
91 |
92 | def __call__(self, dataList):
93 | _r = self.row
94 | res = [_r(data) for data in dataList]
95 | res.insert(0, _r(self.head))
96 | if self.ul:
97 | res.insert(1, _r(self.ul))
98 | return '\n'.join(res)
99 | ########################
100 |
101 | def mainScreen():
102 | os.system('cls' if os.name=='nt' else 'clear')
103 | showDisplay(displayMode," A_A")
104 | showDisplay(displayMode," (-.-)")
105 | showDisplay(displayMode," / h ")
106 | showDisplay(displayMode," | | __ ")
107 | showDisplay(displayMode," | || | | t__ ")
108 | showDisplay(displayMode," t_|| /_/ ")
109 | showDisplay(displayMode," █████╗ ██████╗ ███████╗██╗ ██╗ ")
110 | showDisplay(displayMode," ██╔══██╗╚════██╗██╔════╝██║ ██║ ")
111 | showDisplay(displayMode," ███████║ █████╔╝███████╗██║ ██║ ")
112 | showDisplay(displayMode," ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝")
113 | showDisplay(displayMode," ██║ ██║███████╗███████║ ╚████╔╝ ")
114 | showDisplay(displayMode," ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ")
115 | showDisplay(displayMode,BLUE+" [Auto Scanning to SSL Vulnerability "+a2sv_version+"]"+END)
116 | showDisplay(displayMode,VIOLET+" by HaHwul (www.hahwul.com)"+END)
117 | showDisplay(displayMode,"________________________________________________________________________")
118 | def runScan(s_type):
119 | global ccs_result
120 | global heartbleed_result
121 | global poodle_result
122 | global freak_result
123 | global logjam_result
124 | global drown_result
125 | global crime_result
126 | global anonymous_result
127 |
128 | print "GREEN"
129 | # SSL Check Logic ---------------------------
130 | showDisplay(displayMode,GREEN+"[INF] Check the SSL.."+END)
131 | result = subprocess.Popen(['timeout','4','openssl','s_client','-connect',targetIP+":"+str(port)], stderr=subprocess.STDOUT, stdout=subprocess.PIPE).communicate()[0]
132 | if "Connection refused" in result:
133 | showDisplay(displayMode,RED+"[RES] This target does not support SSL.."+END)
134 | # ------------------------------------------------------
135 | else:
136 | showDisplay(displayMode,GREEN+"[RES] This target supports SSL.."+END)
137 | if s_type == "anonymous":
138 | showDisplay(displayMode,GREEN+"[INF] Scan Anonymous Cipher.."+END)
139 | anonymous_result = m_anonymous_run(targetIP,port,displayMode)
140 | showDisplay(displayMode,GREEN+"[RES] Anonymous Cipher :: "+anonymous_result+END)
141 | elif s_type == "crime":
142 | showDisplay(displayMode,GREEN+"[INF] Scan CRIME(SPDY).."+END)
143 | crime_result = m_crime_run(targetIP,port,displayMode)
144 | showDisplay(displayMode,GREEN+"[RES] CRIME(SPDY) :: "+crime_result+END)
145 | elif s_type == "heart":
146 | showDisplay(displayMode,GREEN+"[INF] Scan HeartBleed.."+END)
147 | heartbleed_result = m_heartbleed_run(targetIP,port,displayMode)
148 | showDisplay(displayMode,GREEN+"[RES] HeartBleed :: "+heartbleed_result+END)
149 | elif s_type == "ccs":
150 | showDisplay(displayMode,GREEN+"[INF] Scan CCS Injection.."+END)
151 | ccs_result = m_ccsinjection_run(targetIP,port,displayMode)
152 | showDisplay(displayMode,GREEN+"[RES] CCS Injection :: "+ccs_result+END)
153 | elif s_type == "poodle":
154 | showDisplay(displayMode,GREEN+"[INF] Scan SSLv3 POODLE.."+END)
155 | poodle_result = m_poodle_run(targetIP,port,displayMode)
156 | showDisplay(displayMode,GREEN+"[RES] SSLv3 POODLE :: "+poodle_result+END)
157 | elif s_type == "freak":
158 | showDisplay(displayMode,GREEN+"[INF] Scan OpenSSL FREAK.."+END)
159 | freak_result = m_freak_run(targetIP,port,displayMode)
160 | showDisplay(displayMode,GREEN+"[RES] OpenSSL FREAK :: "+freak_result+END)
161 | elif s_type == "logjam":
162 | showDisplay(displayMode,GREEN+"[INF] Scan OpenSSL LOGJAM.."+END)
163 | logjam_result = m_logjam_run(targetIP,port,displayMode)
164 | showDisplay(displayMode,GREEN+"[RES] OpenSSL LOGJAM :: "+logjam_result+END)
165 | elif s_type == "drown":
166 | showDisplay(displayMode,GREEN+"[INF] Scan SSLv2 DROWN.."+END)
167 | logjam_result = m_drown_run(targetIP,port,displayMode)
168 | showDisplay(displayMode,GREEN+"[RES] SSLv2 DROWN :: "+drown_result+END)
169 | else:
170 | showDisplay(displayMode,GREEN+"[INF] Scan Anonymous Cipher.."+END)
171 | anonymous_result = m_anonymous_run(targetIP,port,displayMode)
172 | showDisplay(displayMode,GREEN+"[INF] Scan CRIME(SPDY).."+END)
173 | crime_result = m_crime_run(targetIP,port,displayMode)
174 | showDisplay(displayMode,GREEN+"[INF] Scan CCS Injection.."+END)
175 | ccs_result = m_ccsinjection_run(targetIP,port,displayMode)
176 | showDisplay(displayMode,GREEN+"[INF] Scan HeartBleed.."+END)
177 | heartbleed_result = m_heartbleed_run(targetIP,port,displayMode)
178 | showDisplay(displayMode,GREEN+"[INF] Scan SSLv3 POODLE.."+END)
179 | poodle_result = m_poodle_run(targetIP,port,displayMode)
180 | showDisplay(displayMode,GREEN+"[INF] Scan OpenSSL FREAK.."+END)
181 | freak_result = m_freak_run(targetIP,port,displayMode)
182 | showDisplay(displayMode,GREEN+"[INF] Scan OpenSSL LOGJAM.."+END)
183 | logjam_result = m_logjam_run(targetIP,port,displayMode)
184 | showDisplay(displayMode,GREEN+"[INF] Scan SSLv2 DROWN.."+END)
185 | drown_result = m_drown_run(targetIP,port,displayMode)
186 | showDisplay(displayMode,GREEN+"[RES] Finish scan all vulnerability.."+END)
187 |
188 | def outVersion():
189 | print "A2SV v"+a2sv_version
190 |
191 | def updateVersion():
192 | print GREEN+"[INF] Update A2SV"+END
193 | print GREEN+"[INF] This A2SV version is .. v"+a2sv_version+END
194 | os.chdir(os.path.dirname( os.path.abspath( __file__ )))
195 | os.system("git reset --hard HEAD")
196 | os.system("git pull -v")
197 | vfp = open(myPath+"/version","r") #Version File Pointer
198 | print RED+"[FIN] Updated A2SV"+END
199 |
200 | def outReport(o_ck,o_path,tmode):
201 | global ccs_result
202 | global heartbleed_result
203 | global poodle_result
204 | global freak_result
205 | global logjam_result
206 | global drown_result
207 | global crime_result
208 | global anonymous_result
209 | if anonymous_result == "0x01":
210 | anonymous_result = "Vulnerable!"
211 | elif anonymous_result == "0x00":
212 | anonymous_result = "Not Vulnerable."
213 | elif anonymous_result == "0x02":
214 | anonymous_result = "Exception."
215 | else:
216 | anonymous_result = "Not Scan."
217 | if crime_result == "0x01":
218 | crime_result = "Vulnerable!"
219 | elif crime_result == "0x00":
220 | crime_result = "Not Vulnerable."
221 | elif crime_result == "0x02":
222 | crime_result = "Exception."
223 | else:
224 | crime_result = "Not Scan."
225 | if ccs_result == "0x01":
226 | ccs_result = "Vulnerable!"
227 | elif ccs_result == "0x00":
228 | ccs_result = "Not Vulnerable."
229 | elif ccs_result == "0x02":
230 | ccs_result = "Exception."
231 | else:
232 | ccs_result = "Not Scan."
233 | if heartbleed_result == "0x01":
234 | heartbleed_result = "Vulnerable!"
235 | elif heartbleed_result == "0x00":
236 | heartbleed_result = "Not Vulnerable."
237 | elif heartbleed_result == "0x02":
238 | heartbleed_result = "Exception"
239 | else:
240 | heartbleed_result = "Not Scan."
241 | if poodle_result == "0x01":
242 | poodle_result = "Vulnerable!"
243 | elif poodle_result == "0x00":
244 | poodle_result = "Not Vulnerable."
245 | elif poodle_result == "0x02":
246 | poodle_result = "Exception"
247 | else:
248 | poodle_result = "Not Scan."
249 | if freak_result == "0x01":
250 | freak_result = "Vulnerable!"
251 | elif freak_result == "0x00":
252 | freak_result = "Not Vulnerable."
253 | elif freak_result == "0x02":
254 | freak_result = "Exception"
255 | else:
256 | freak_result = "Not Scan."
257 | if logjam_result == "0x01":
258 | logjam_result = "Vulnerable!"
259 | elif logjam_result == "0x00":
260 | logjam_result = "Not Vulnerable."
261 | elif logjam_result == "0x02":
262 | logjam_result = "Exception"
263 | else:
264 | logjam_result = "Not Scan."
265 | if drown_result == "0x01":
266 | drown_result = "Vulnerable!"
267 | elif drown_result == "0x00":
268 | drown_result = "Not Vulnerable."
269 | elif drown_result == "0x02":
270 | drown_result = "Exception"
271 | else:
272 | drown_result = "Not Scan."
273 |
274 | #----------- Template -----------
275 | # if logjam_result == "0x01":
276 | # logjam_result = "Vulnerable!"
277 | # elif logjam_result == "0x00":
278 | # logjam_result = "Not Vulnerable."
279 | # else:
280 | # logjam_result = "Not Scan."
281 | #----------- -------- -----------
282 |
283 | data = [
284 | {'v_vuln':'Anonymous Cipher', 'v_cve':'CVE-2007-1858', 'cvss':'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'v_state':anonymous_result},
285 | {'v_vuln':'CRIME(SPDY)', 'v_cve':'CVE-2012-4929', 'cvss':'AV:N/AC:H/Au:N/C:P/I:N/A:N', 'v_state':crime_result},
286 | {'v_vuln':'HeartBleed', 'v_cve':'CVE-2014-0160', 'cvss':'AV:N/AC:L/Au:N/C:P/I:N/A:N', 'v_state':heartbleed_result},
287 | {'v_vuln':'CCS Injection', 'v_cve':'CVE-2014-0224', 'cvss':'AV:N/AC:M/Au:N/C:P/I:P/A:P', 'v_state':ccs_result},
288 | {'v_vuln':'SSLv3 POODLE', 'v_cve':'CVE-2014-3566', 'cvss':'AV:N/AC:M/Au:N/C:P/I:N/A:N', 'v_state':poodle_result},
289 | {'v_vuln':'OpenSSL FREAK', 'v_cve':'CVE-2015-0204', 'cvss':'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'v_state':freak_result},
290 | {'v_vuln':'OpenSSL LOGJAM', 'v_cve':'CVE-2015-4000', 'cvss':'AV:N/AC:M/Au:N/C:N/I:P/A:N', 'v_state':logjam_result},
291 | {'v_vuln':'SSLv2 DROWN', 'v_cve':'CVE-2016-0800', 'cvss':'AV:N/AC:M/Au:N/C:P/I:N/A:N', 'v_state':drown_result}
292 | ]
293 | fmt = [
294 | ('Vulnerability', 'v_vuln', 16),
295 | ('CVE', 'v_cve', 13),
296 | ('CVSS v2 Base Score', 'cvss', 26),
297 | ('State', 'v_state', 15)
298 | ]
299 | if o_ck == 1:
300 | print "The result is in \""+str(o_path)+"\"."
301 | if tmode == 1:
302 | of = open(str(o_path),'a')
303 | of.write(" [TARGET]: "+targetIP+"\r\n")
304 | of.write(" [PORT]: "+str(port)+"\r\n")
305 | of.write(" [SCAN TIME]: "+str(datetime.datetime.now())+"\r\n")
306 | of.write(" [VULNERABILITY]"+"\r\n")
307 | of.write(TablePrinter(fmt, ul='=')(data))
308 | of.write("\r\n")
309 | else:
310 | of = open(str(o_path),'w')
311 | of.write(" [TARGET]: "+targetIP+"\r\n")
312 | of.write(" [PORT]: "+str(port)+"\r\n")
313 | of.write(" [SCAN TIME]: "+str(datetime.datetime.now())+"\r\n")
314 | of.write(" [VULNERABILITY]"+"\r\n")
315 | of.write(TablePrinter(fmt, ul='=')(data))
316 | of.write("\r\n")
317 | else:
318 | print BLUE+" [TARGET]: "+targetIP+END
319 | print BLUE+" [PORT]: "+str(port)+END
320 | print BLUE+" [SCAN TIME]: "+str(datetime.datetime.now())+END
321 | print RED+" [VULNERABILITY]"+END
322 | print( TablePrinter(fmt, ul='=')(data) )
323 |
324 | ###MAIN##
325 | parser = argparse.ArgumentParser("a2sv",formatter_class=argparse.RawTextHelpFormatter)
326 | parser.add_argument("-t","--target", help="Target URL and IP Address\n > e.g -t 127.0.0.1")
327 | parser.add_argument("-tf","--targetfile", help="Target file(list) URL and IP Address\n > e.g -tf ./target.list")
328 | parser.add_argument("-p","--port", help="Custom Port / Default: 443\n > e.g -p 8080")
329 | parser.add_argument("-m","--module", help="Check SSL Vuln with one module\n[anonymous]: Anonymous Cipher\n[crime]: Crime(SPDY)\n[heart]: HeartBleed\n[ccs]: CCS Injection\n[poodle]: SSLv3 POODLE\n[freak]: OpenSSL FREAK\n[logjam]: OpenSSL LOGJAM\n[drown]: SSLv2 DROWN")
330 | parser.add_argument("-d","--display", help="Display output\n[Y,y] Show output\n[N,n] Hide output")
331 | parser.add_argument("-o","--out", help="Result write to file\n > e.g -o /home/yourdir/result.txt")
332 | parser.add_argument("-u","--update", help="Update A2SV (GIT)",action='store_true')
333 | parser.add_argument("-v","--version", help="Show Version",action='store_true')
334 | args = parser.parse_args()
335 |
336 | if args.version:
337 | outVersion()
338 | exit()
339 | if args.update:
340 | updateVersion()
341 | exit()
342 | if args.display:
343 | disoption = args.display
344 | if((disoption == "n") or (disoption == "N")):
345 | print "Running a2sv sillent mode"
346 | displayMode = 1
347 | else:
348 | displayMode = 0
349 | if args.target:
350 | target = args.target
351 | showDisplay(displayMode,BLUE+"[SET] target => "+args.target+END)
352 | targetIP = socket.gethostbyname(target)
353 | showDisplay(displayMode,BLUE+"[SET] IP Address => "+targetIP+END)
354 | elif args.targetfile:
355 | f = open(args.targetfile,"r")
356 | showDisplay(displayMode,BLUE+"[SET] target => "+args.targetfile+END)
357 | showDisplay(displayMode,BLUE+"[SET] IP Address list"+END)
358 | line = f.readline()
359 | while line:
360 | targetfileList.append(socket.gethostbyname(line.rstrip('\n')))
361 | showDisplay(displayMode,BLUE+" => "+str(targetfileList[-1:])+END)
362 | line = f.readline()
363 | targetMode = 1
364 | displayMode = 1
365 | print "Running a2sv sillent mode[file list default]"
366 | f.close()
367 | else:
368 | mainScreen()
369 | showDisplay(displayMode,"Please Input Target Argument / -h --help")
370 | exit()
371 | if args.port:
372 | port = int(args.port)
373 | showDisplay(displayMode,BLUE+"[SET] target port => "+args.port+END)
374 | else:
375 | port = 443
376 | showDisplay(displayMode,BLUE+"[SET] target port => 443"+END)
377 | if args.module:
378 | checkVun = args.module
379 | ModuleName = args.module
380 | if ModuleName == "ccs":
381 | ModuleName = "CCS Injection"
382 | elif ModuleName == "heart":
383 | ModuleName = "HeartBleed"
384 | elif ModuleName == "poodle":
385 | ModuleName = "SSLv3 POODLE Attack"
386 | elif ModuleName == "freak":
387 | ModuleName = "OpenSSL FREAK Attack"
388 | elif ModuleName == "logjam":
389 | ModuleName = "OpenSSL LOGJAM Attack"
390 | elif ModuleName == "drown":
391 | ModuleName = "SSLv2 DROWN Attack"
392 | elif ModuleName == "crime":
393 | ModuleName = "CRIME(SPDY)"
394 | elif ModuleName == "anonymous":
395 | ModuleName = "Anonymous Cipher Suite"
396 | showDisplay(displayMode,BLUE+"[SET] include => "+ModuleName+" Module"+END)
397 | else:
398 | checkVun = "all"
399 | showDisplay(displayMode,BLUE+"[SET] include => All Module"+END)
400 |
401 | if args.out:
402 | output_path = args.out
403 | output_ck = 1
404 | else:
405 | output_ck = 0
406 |
407 | if displayMode == 0:
408 | mainScreen()
409 | if targetMode == 1:
410 | i=0
411 | imax = len(targetfileList)
412 | print "_________________________________________________________________________"
413 | print " [A2SV REPORT] "
414 | while(i install python package'
4 | echo ' -> pip:argparse'
5 | pip install argparse
6 | echo ' -> pip:netaddr'
7 | pip install netaddr
8 | echo ' -> install openssl(apt)'
9 | apt-get install openssl
10 | echo ' -> set command'
11 | MYPWD=`pwd`
12 | echo '#/usr/bin/python
13 | python '$MYPWD'/a2sv.py $*' >> /usr/bin/a2sv
14 | echo 'Set Perm'
15 | chmod 755 /usr/bin/a2sv
16 | echo 'Finish. run a a2sv'
17 |
--------------------------------------------------------------------------------
/module/C_display.py:
--------------------------------------------------------------------------------
1 | #===========================
2 | # Display option #
3 | def showDisplay(mode,string):
4 | if(mode == 0):
5 | print string
6 | else:
7 | pass
8 | #===========================
9 | def setDisplay(mode):
10 | displayMode = mode
11 |
12 | #global displayMode
13 | #displayMode = 0
14 | #global displayMode
15 | #global displayMode
16 | #===========================
17 |
--------------------------------------------------------------------------------
/module/M_anonymous.py:
--------------------------------------------------------------------------------
1 | import Queue
2 | import threading
3 | import getopt
4 | import sys
5 | import urllib2
6 | import hashlib
7 | import socket
8 | import time
9 | import os
10 | import re
11 | import netaddr
12 | import subprocess
13 | from C_display import *
14 |
15 | #Module
16 |
17 | def m_anonymous_run(ip_address,iPort,displayMode):
18 | #Identifier is not used
19 | IP = ip_address.strip()##
20 | try:
21 | socket.inet_aton(IP)
22 | showDisplay(displayMode," - [LOG] IP Check Ok.")
23 | except:
24 | showDisplay(displayMode,"%s,invalid IP" % IP)
25 | return "0x02"
26 | try:
27 | showDisplay(displayMode," - [LOG] Start SSL Connection")
28 | result = subprocess.Popen(['timeout','4','openssl','s_client','-connect',ip_address+":"+str(iPort),"--cipher","aNULL"], stderr=subprocess.STDOUT, stdout=subprocess.PIPE).communicate()[0]
29 | showDisplay(displayMode," - [LOG] Analysis SSL Information")
30 | #showDisplay(displayMode,result)
31 | if "handshake failure" in result:
32 | showDisplay(displayMode," - [LOG] 'Connection fail'")
33 | return "0x01"
34 | else:
35 | showDisplay(displayMode," - [LOG] 'Connection success'")
36 | return "0x00"
37 | except:
38 | showDisplay(displayMode,"[INF] Error Anonymous Module")
39 | return "0x02"
40 |
41 |
42 |
--------------------------------------------------------------------------------
/module/M_ccsinjection.py:
--------------------------------------------------------------------------------
1 | import sys
2 | import socket
3 | import time
4 | import struct
5 | from C_display import *
6 |
7 | #Module
8 | dSSL = {
9 | "SSLv3" : "\x03\x00",
10 | "TLSv1" : "\x03\x01",
11 | "TLSv1.1" : "\x03\x02",
12 | "TLSv1.2" : "\x03\x03",
13 | }
14 |
15 | # The following is a complete list of ciphers for the SSLv3 family up to TLSv1.2
16 | ssl3_cipher = dict()
17 | ssl3_cipher['\x00\x00'] = "TLS_NULL_WITH_NULL_NULL"
18 | ssl3_cipher['\x00\x01'] = "TLS_RSA_WITH_NULL_MD5"
19 | ssl3_cipher['\x00\x02'] = "TLS_RSA_WITH_NULL_SHA"
20 | ssl3_cipher['\x00\x03'] = "TLS_RSA_EXPORT_WITH_RC4_40_MD5"
21 | ssl3_cipher['\x00\x04'] = "TLS_RSA_WITH_RC4_128_MD5"
22 | ssl3_cipher['\x00\x05'] = "TLS_RSA_WITH_RC4_128_SHA"
23 | ssl3_cipher['\x00\x06'] = "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
24 | ssl3_cipher['\x00\x07'] = "TLS_RSA_WITH_IDEA_CBC_SHA"
25 | ssl3_cipher['\x00\x08'] = "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
26 | ssl3_cipher['\x00\x09'] = "TLS_RSA_WITH_DES_CBC_SHA"
27 | ssl3_cipher['\x00\x0a'] = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
28 | ssl3_cipher['\x00\x0b'] = "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"
29 | ssl3_cipher['\x00\x0c'] = "TLS_DH_DSS_WITH_DES_CBC_SHA"
30 | ssl3_cipher['\x00\x0d'] = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"
31 | ssl3_cipher['\x00\x0e'] = "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"
32 | ssl3_cipher['\x00\x0f'] = "TLS_DH_RSA_WITH_DES_CBC_SHA"
33 | ssl3_cipher['\x00\x10'] = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"
34 | ssl3_cipher['\x00\x11'] = "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
35 | ssl3_cipher['\x00\x12'] = "TLS_DHE_DSS_WITH_DES_CBC_SHA"
36 | ssl3_cipher['\x00\x13'] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
37 | ssl3_cipher['\x00\x14'] = "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
38 | ssl3_cipher['\x00\x15'] = "TLS_DHE_RSA_WITH_DES_CBC_SHA"
39 | ssl3_cipher['\x00\x16'] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
40 | ssl3_cipher['\x00\x17'] = "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"
41 | ssl3_cipher['\x00\x18'] = "TLS_DH_anon_WITH_RC4_128_MD5"
42 | ssl3_cipher['\x00\x19'] = "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"
43 | ssl3_cipher['\x00\x1a'] = "TLS_DH_anon_WITH_DES_CBC_SHA"
44 | ssl3_cipher['\x00\x1b'] = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"
45 | ssl3_cipher['\x00\x1c'] = "SSL_FORTEZZA_KEA_WITH_NULL_SHA"
46 | ssl3_cipher['\x00\x1d'] = "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"
47 | ssl3_cipher['\x00\x1e'] = "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"
48 | ssl3_cipher['\x00\x1E'] = "TLS_KRB5_WITH_DES_CBC_SHA"
49 | ssl3_cipher['\x00\x1F'] = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"
50 | ssl3_cipher['\x00\x20'] = "TLS_KRB5_WITH_RC4_128_SHA"
51 | ssl3_cipher['\x00\x21'] = "TLS_KRB5_WITH_IDEA_CBC_SHA"
52 | ssl3_cipher['\x00\x22'] = "TLS_KRB5_WITH_DES_CBC_MD5"
53 | ssl3_cipher['\x00\x23'] = "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"
54 | ssl3_cipher['\x00\x24'] = "TLS_KRB5_WITH_RC4_128_MD5"
55 | ssl3_cipher['\x00\x25'] = "TLS_KRB5_WITH_IDEA_CBC_MD5"
56 | ssl3_cipher['\x00\x26'] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"
57 | ssl3_cipher['\x00\x27'] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"
58 | ssl3_cipher['\x00\x28'] = "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"
59 | ssl3_cipher['\x00\x29'] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
60 | ssl3_cipher['\x00\x2A'] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"
61 | ssl3_cipher['\x00\x2B'] = "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
62 | ssl3_cipher['\x00\x2C'] = "TLS_PSK_WITH_NULL_SHA"
63 | ssl3_cipher['\x00\x2D'] = "TLS_DHE_PSK_WITH_NULL_SHA"
64 | ssl3_cipher['\x00\x2E'] = "TLS_RSA_PSK_WITH_NULL_SHA"
65 | ssl3_cipher['\x00\x2F'] = "TLS_RSA_WITH_AES_128_CBC_SHA"
66 | ssl3_cipher['\x00\x30'] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA"
67 | ssl3_cipher['\x00\x31'] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA"
68 | ssl3_cipher['\x00\x32'] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
69 | ssl3_cipher['\x00\x33'] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
70 | ssl3_cipher['\x00\x34'] = "TLS_DH_anon_WITH_AES_128_CBC_SHA"
71 | ssl3_cipher['\x00\x35'] = "TLS_RSA_WITH_AES_256_CBC_SHA"
72 | ssl3_cipher['\x00\x36'] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA"
73 | ssl3_cipher['\x00\x37'] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA"
74 | ssl3_cipher['\x00\x38'] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
75 | ssl3_cipher['\x00\x39'] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
76 | ssl3_cipher['\x00\x3A'] = "TLS_DH_anon_WITH_AES_256_CBC_SHA"
77 | ssl3_cipher['\x00\x3B'] = "TLS_RSA_WITH_NULL_SHA256"
78 | ssl3_cipher['\x00\x3C'] = "TLS_RSA_WITH_AES_128_CBC_SHA256"
79 | ssl3_cipher['\x00\x3D'] = "TLS_RSA_WITH_AES_256_CBC_SHA256"
80 | ssl3_cipher['\x00\x3E'] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"
81 | ssl3_cipher['\x00\x3F'] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"
82 | ssl3_cipher['\x00\x40'] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
83 | ssl3_cipher['\x00\x41'] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
84 | ssl3_cipher['\x00\x42'] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"
85 | ssl3_cipher['\x00\x43'] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"
86 | ssl3_cipher['\x00\x44'] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
87 | ssl3_cipher['\x00\x45'] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
88 | ssl3_cipher['\x00\x46'] = "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
89 | ssl3_cipher['\x00\x60'] = "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"
90 | ssl3_cipher['\x00\x61'] = "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"
91 | ssl3_cipher['\x00\x62'] = "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"
92 | ssl3_cipher['\x00\x63'] = "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"
93 | ssl3_cipher['\x00\x64'] = "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"
94 | ssl3_cipher['\x00\x65'] = "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"
95 | ssl3_cipher['\x00\x66'] = "TLS_DHE_DSS_WITH_RC4_128_SHA"
96 | ssl3_cipher['\x00\x67'] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
97 | ssl3_cipher['\x00\x68'] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"
98 | ssl3_cipher['\x00\x69'] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"
99 | ssl3_cipher['\x00\x6A'] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
100 | ssl3_cipher['\x00\x6B'] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
101 | ssl3_cipher['\x00\x6C'] = "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
102 | ssl3_cipher['\x00\x6D'] = "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
103 | ssl3_cipher['\x00\x80'] = "TLS_GOSTR341094_WITH_28147_CNT_IMIT"
104 | ssl3_cipher['\x00\x81'] = "TLS_GOSTR341001_WITH_28147_CNT_IMIT"
105 | ssl3_cipher['\x00\x82'] = "TLS_GOSTR341094_WITH_NULL_GOSTR3411"
106 | ssl3_cipher['\x00\x83'] = "TLS_GOSTR341001_WITH_NULL_GOSTR3411"
107 | ssl3_cipher['\x00\x84'] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
108 | ssl3_cipher['\x00\x85'] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"
109 | ssl3_cipher['\x00\x86'] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"
110 | ssl3_cipher['\x00\x87'] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
111 | ssl3_cipher['\x00\x88'] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
112 | ssl3_cipher['\x00\x89'] = "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
113 | ssl3_cipher['\x00\x8A'] = "TLS_PSK_WITH_RC4_128_SHA"
114 | ssl3_cipher['\x00\x8B'] = "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
115 | ssl3_cipher['\x00\x8C'] = "TLS_PSK_WITH_AES_128_CBC_SHA"
116 | ssl3_cipher['\x00\x8D'] = "TLS_PSK_WITH_AES_256_CBC_SHA"
117 | ssl3_cipher['\x00\x8E'] = "TLS_DHE_PSK_WITH_RC4_128_SHA"
118 | ssl3_cipher['\x00\x8F'] = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
119 | ssl3_cipher['\x00\x90'] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
120 | ssl3_cipher['\x00\x91'] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
121 | ssl3_cipher['\x00\x92'] = "TLS_RSA_PSK_WITH_RC4_128_SHA"
122 | ssl3_cipher['\x00\x93'] = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
123 | ssl3_cipher['\x00\x94'] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
124 | ssl3_cipher['\x00\x95'] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
125 | ssl3_cipher['\x00\x96'] = "TLS_RSA_WITH_SEED_CBC_SHA"
126 | ssl3_cipher['\x00\x97'] = "TLS_DH_DSS_WITH_SEED_CBC_SHA"
127 | ssl3_cipher['\x00\x98'] = "TLS_DH_RSA_WITH_SEED_CBC_SHA"
128 | ssl3_cipher['\x00\x99'] = "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
129 | ssl3_cipher['\x00\x9A'] = "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
130 | ssl3_cipher['\x00\x9B'] = "TLS_DH_anon_WITH_SEED_CBC_SHA"
131 | ssl3_cipher['\x00\x9C'] = "TLS_RSA_WITH_AES_128_GCM_SHA256"
132 | ssl3_cipher['\x00\x9D'] = "TLS_RSA_WITH_AES_256_GCM_SHA384"
133 | ssl3_cipher['\x00\x9E'] = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
134 | ssl3_cipher['\x00\x9F'] = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
135 | ssl3_cipher['\x00\xA0'] = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"
136 | ssl3_cipher['\x00\xA1'] = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"
137 | ssl3_cipher['\x00\xA2'] = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
138 | ssl3_cipher['\x00\xA3'] = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
139 | ssl3_cipher['\x00\xA4'] = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"
140 | ssl3_cipher['\x00\xA5'] = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"
141 | ssl3_cipher['\x00\xA6'] = "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
142 | ssl3_cipher['\x00\xA7'] = "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
143 | ssl3_cipher['\x00\xA8'] = "TLS_PSK_WITH_AES_128_GCM_SHA256"
144 | ssl3_cipher['\x00\xA9'] = "TLS_PSK_WITH_AES_256_GCM_SHA384"
145 | ssl3_cipher['\x00\xAA'] = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
146 | ssl3_cipher['\x00\xAB'] = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
147 | ssl3_cipher['\x00\xAC'] = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
148 | ssl3_cipher['\x00\xAD'] = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
149 | ssl3_cipher['\x00\xAE'] = "TLS_PSK_WITH_AES_128_CBC_SHA256"
150 | ssl3_cipher['\x00\xAF'] = "TLS_PSK_WITH_AES_256_CBC_SHA384"
151 | ssl3_cipher['\x00\xB0'] = "TLS_PSK_WITH_NULL_SHA256"
152 | ssl3_cipher['\x00\xB1'] = "TLS_PSK_WITH_NULL_SHA384"
153 | ssl3_cipher['\x00\xB2'] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
154 | ssl3_cipher['\x00\xB3'] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
155 | ssl3_cipher['\x00\xB4'] = "TLS_DHE_PSK_WITH_NULL_SHA256"
156 | ssl3_cipher['\x00\xB5'] = "TLS_DHE_PSK_WITH_NULL_SHA384"
157 | ssl3_cipher['\x00\xB6'] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
158 | ssl3_cipher['\x00\xB7'] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
159 | ssl3_cipher['\x00\xB8'] = "TLS_RSA_PSK_WITH_NULL_SHA256"
160 | ssl3_cipher['\x00\xB9'] = "TLS_RSA_PSK_WITH_NULL_SHA384"
161 | ssl3_cipher['\x00\xBA'] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
162 | ssl3_cipher['\x00\xBB'] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"
163 | ssl3_cipher['\x00\xBC'] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"
164 | ssl3_cipher['\x00\xBD'] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
165 | ssl3_cipher['\x00\xBE'] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
166 | ssl3_cipher['\x00\xBF'] = "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
167 | ssl3_cipher['\x00\xC0'] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
168 | ssl3_cipher['\x00\xC1'] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"
169 | ssl3_cipher['\x00\xC2'] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"
170 | ssl3_cipher['\x00\xC3'] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
171 | ssl3_cipher['\x00\xC4'] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
172 | ssl3_cipher['\x00\xC5'] = "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
173 | ssl3_cipher['\x00\x00'] = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
174 | ssl3_cipher['\xc0\x01'] = "TLS_ECDH_ECDSA_WITH_NULL_SHA"
175 | ssl3_cipher['\xc0\x02'] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"
176 | ssl3_cipher['\xc0\x03'] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
177 | ssl3_cipher['\xc0\x04'] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
178 | ssl3_cipher['\xc0\x05'] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"
179 | ssl3_cipher['\xc0\x06'] = "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
180 | ssl3_cipher['\xc0\x07'] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
181 | ssl3_cipher['\xc0\x08'] = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
182 | ssl3_cipher['\xc0\x09'] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
183 | ssl3_cipher['\xc0\x0a'] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
184 | ssl3_cipher['\xc0\x0b'] = "TLS_ECDH_RSA_WITH_NULL_SHA"
185 | ssl3_cipher['\xc0\x0c'] = "TLS_ECDH_RSA_WITH_RC4_128_SHA"
186 | ssl3_cipher['\xc0\x0d'] = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"
187 | ssl3_cipher['\xc0\x0e'] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"
188 | ssl3_cipher['\xc0\x0f'] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"
189 | ssl3_cipher['\xc0\x10'] = "TLS_ECDHE_RSA_WITH_NULL_SHA"
190 | ssl3_cipher['\xc0\x11'] = "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
191 | ssl3_cipher['\xc0\x12'] = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
192 | ssl3_cipher['\xc0\x13'] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
193 | ssl3_cipher['\xc0\x14'] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
194 | ssl3_cipher['\xc0\x15'] = "TLS_ECDH_anon_WITH_NULL_SHA"
195 | ssl3_cipher['\xc0\x16'] = "TLS_ECDH_anon_WITH_RC4_128_SHA"
196 | ssl3_cipher['\xc0\x17'] = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
197 | ssl3_cipher['\xc0\x18'] = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
198 | ssl3_cipher['\xc0\x19'] = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
199 | ssl3_cipher['\xC0\x1A'] = "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
200 | ssl3_cipher['\xC0\x1B'] = "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
201 | ssl3_cipher['\xC0\x1C'] = "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
202 | ssl3_cipher['\xC0\x1D'] = "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
203 | ssl3_cipher['\xC0\x1E'] = "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
204 | ssl3_cipher['\xC0\x1F'] = "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
205 | ssl3_cipher['\xC0\x20'] = "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
206 | ssl3_cipher['\xC0\x21'] = "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
207 | ssl3_cipher['\xC0\x22'] = "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
208 | ssl3_cipher['\xC0\x23'] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
209 | ssl3_cipher['\xC0\x24'] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
210 | ssl3_cipher['\xC0\x25'] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"
211 | ssl3_cipher['\xC0\x26'] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"
212 | ssl3_cipher['\xC0\x27'] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
213 | ssl3_cipher['\xC0\x28'] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
214 | ssl3_cipher['\xC0\x29'] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"
215 | ssl3_cipher['\xC0\x2A'] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"
216 | ssl3_cipher['\xC0\x2B'] = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
217 | ssl3_cipher['\xC0\x2C'] = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
218 | ssl3_cipher['\xC0\x2D'] = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"
219 | ssl3_cipher['\xC0\x2E'] = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"
220 | ssl3_cipher['\xC0\x2F'] = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
221 | ssl3_cipher['\xC0\x30'] = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
222 | ssl3_cipher['\xC0\x31'] = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
223 | ssl3_cipher['\xC0\x32'] = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"
224 | ssl3_cipher['\xC0\x33'] = "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
225 | ssl3_cipher['\xC0\x34'] = "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
226 | ssl3_cipher['\xC0\x35'] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
227 | ssl3_cipher['\xC0\x36'] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
228 | ssl3_cipher['\xC0\x37'] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
229 | ssl3_cipher['\xC0\x38'] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
230 | ssl3_cipher['\xC0\x39'] = "TLS_ECDHE_PSK_WITH_NULL_SHA"
231 | ssl3_cipher['\xC0\x3A'] = "TLS_ECDHE_PSK_WITH_NULL_SHA256"
232 | ssl3_cipher['\xC0\x3B'] = "TLS_ECDHE_PSK_WITH_NULL_SHA384"
233 | ssl3_cipher['\xfe\xfe'] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA"
234 | ssl3_cipher['\xfe\xff'] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"
235 | ssl3_cipher['\xff\xe0'] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"
236 | ssl3_cipher['\xff\xe1'] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA"
237 |
238 | def getSSLRecords(strBuf):
239 | lstRecords = []
240 | if len(strBuf)>=9:
241 | sslStatus = struct.unpack('>BHHI', strBuf[0:9])
242 | iType = (sslStatus[3] & (0xFF000000))>>24
243 | iRecordLen = sslStatus[3] & (0x00FFFFFF)
244 | iShakeProtocol = sslStatus[0]
245 | iSSLLen = sslStatus[2]
246 | #log(2,"iSSLLen == %d, len(strBuf) == %d, iRecordLen == %d",iSSLLen,len(strBuf),iRecordLen)
247 | if (iRecordLen + 5 < iSSLLen):
248 | #log(2,"Multiple Handshakes")
249 | lstRecords.append((iShakeProtocol,iType))
250 | iLoopStopper = 0
251 | iNextOffset = iRecordLen + 9
252 | while iNextOffset < len(strBuf):
253 | iLoopStopper += 1
254 | iCount = 0
255 | while ((iNextOffset+4) > len(strBuf) and iCount < 5):
256 | #log(2,"Need more data to fill buffer")
257 | iCount += 1
258 | rule.waitForData()
259 | if len(rule.buffer) > 0:
260 | strBuf += rule.buffer
261 | if ((iNextOffset+4) > len(strBuf)):
262 | #log(2,"End of message")
263 | break
264 | iTypeAndLen = struct.unpack(">I",strBuf[iNextOffset:iNextOffset+4])[0]
265 | iRecordLen = iTypeAndLen & (0x00FFFFFF)
266 | iType = (iTypeAndLen & (0xFF000000))>>24
267 | lstRecords.append((iShakeProtocol,iType))
268 | iNextOffset += (iRecordLen + 4)
269 | if iLoopStopper > 8:
270 | break
271 | return lstRecords
272 | elif (iRecordLen + 9 < len(strBuf)):
273 | #log(2,"Multiple Records")
274 | lstRecords.append((iShakeProtocol,iType))
275 | iNextOffset = iRecordLen + 9
276 | iLoopStopper = 0
277 | while iNextOffset+6 < len(strBuf):
278 | iLoopStopper += 1
279 | iShakeProtocol = struct.unpack(">B",strBuf[iNextOffset])[0]
280 | iRecordLen = struct.unpack(">H",strBuf[iNextOffset+3:iNextOffset+5])[0]
281 | iType = struct.unpack(">B",strBuf[iNextOffset+5])[0]
282 | #log(2,"iShakeProto == %d, iRecordLen == %d, iType == %d",iShakeProtocol,iRecordLen,iType)
283 | lstRecords.append((iShakeProtocol,iType))
284 | iNextOffset += iRecordLen + 5
285 | if iLoopStopper > 8:
286 | break
287 | return lstRecords
288 | elif (iRecordLen + 9 == len(strBuf)):
289 | #log(2,"Single record")
290 | sslStatus = checkSSLHeader(strBuf)
291 | lstRecords.append((sslStatus[0],sslStatus[2]))
292 | return lstRecords
293 | return None
294 |
295 | def checkSSLHeader(strBuf):
296 | if len(strBuf)>=6:
297 | sslStatus = struct.unpack('>BHHI', strBuf[0:9])
298 | iType = (sslStatus[3] & (0xFF000000))>>24
299 | iRecordLen = sslStatus[3] & (0x00FFFFFF)
300 | iShakeProtocol = sslStatus[0]
301 | iSSLLen = sslStatus[2]
302 | return (iShakeProtocol,iSSLLen,iType,iRecordLen)
303 | return None
304 |
305 | def makeHello(strSSLVer):
306 | r = "\x16" # Message Type 22
307 | r += dSSL[strSSLVer]
308 | strCiphers = ""
309 | for c in ssl3_cipher.keys():
310 | strCiphers += c
311 | dLen = 43 + len(strCiphers)
312 | r += struct.pack("!H",dLen)
313 | h = "\x01"
314 | strPlen = struct.pack("!L",dLen-4)
315 | h+=strPlen[1:]
316 | h+= dSSL[strSSLVer]
317 | rand = struct.pack("!L", int(time.time()))
318 | rand += "\x36\x24\x34\x16\x27\x09\x22\x07\xd7\xbe\xef\x69\xa1\xb2"
319 | rand += "\x37\x23\x14\x96\x27\xa9\x12\x04\xe7\xce\xff\xd9\xae\xbb"
320 | h+=rand
321 | h+= "\x00" # No Session ID
322 | h+=struct.pack("!H",len(strCiphers))
323 | h+=strCiphers
324 | h+= "\x01\x00"
325 | return r+h
326 |
327 | def m_ccsinjection_run(strHost,iPort,displayMode):
328 | iVulnCount = 0
329 | for strVer in ["TLSv1.2","TLSv1.1","TLSv1","SSLv3"]:
330 | strHello = makeHello(strVer)
331 | strLogPre = "[%s] %s:%d" % (strVer,strHost,iPort)
332 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
333 | try:
334 | s.connect((strHost,iPort))
335 | s.settimeout(5)
336 | except:
337 | showDisplay(displayMode,"Failure connecting to %s:%d." % (strHost,iPort))
338 | quit()
339 | s.send(strHello)
340 | #showDisplay(displayMode,"Sending %s Client Hello" % (strVer))
341 | iCount = 0
342 | fServerHello = False
343 | fCert = False
344 | fKex = False
345 | fHelloDone = False
346 | while iCount<5:
347 | iCount += 1
348 | try:
349 | recv = s.recv(2048)
350 | except:
351 | continue
352 | lstRecords = getSSLRecords(recv)
353 | #strLogMessage = "iCount = %d; lstRecords = %s" % (iCount,lstRecords)
354 | #log(2,strLogMessage)
355 | if lstRecords != None and len(lstRecords) > 0:
356 | for (iShakeProtocol,iType) in lstRecords:
357 | if iShakeProtocol == 22:
358 | if iType == 2:
359 | fServerHello = True
360 | elif iType == 11:
361 | fCert = True
362 | elif iType == 12:
363 | fKex = True
364 | elif iType == 14:
365 | fHelloDone = True
366 | if (fServerHello and fCert):
367 | break
368 | else:
369 | #log(2, "Handshake missing or invalid. Aborting.")
370 | continue
371 | if not (fServerHello and fCert):
372 | showDisplay(displayMode," - [LOG] %s Invalid handshake." % (strLogPre))
373 | elif len(recv)>0:
374 | #showDisplay(displayMode,"Received %d bytes. (%d)" % (len(recv),ord(recv[0])))
375 | if ord(recv[0])==22:
376 | iCount = 0
377 | strChangeCipherSpec = "\x14"
378 | strChangeCipherSpec += dSSL[strVer]
379 | strChangeCipherSpec += "\x00\x01" # Len
380 | strChangeCipherSpec += "\x01" # Payload CCS
381 | #showDisplay(displayMode,"Sending Change Cipher Spec")
382 | s.send(strChangeCipherSpec)
383 | fVuln = True
384 | strLastMessage = ""
385 | while iCount < 5:
386 | iCount += 1
387 | s.settimeout(0.5)
388 | try:
389 | recv = s.recv(2048)
390 | except socket.timeout:
391 | #showDisplay(displayMode,"Timeout waiting for CCS reply.")
392 | continue
393 | except socket.error:
394 | showDisplay(displayMode,"Connection closed unexpectedly.")
395 | fVuln=False
396 | break
397 | if (len(recv)>0):
398 | strLastMessage = recv
399 | if (ord(recv[0])==21):
400 | fVuln = False
401 | break
402 | try:
403 | if ord(strLastMessage[-7]) == 21: # Check if an alert was at the end of the last message.
404 | fVuln=False
405 | except IndexError:
406 | pass
407 | if fVuln:
408 | try:
409 | s.send('\x15' + dSSL[strVer] + '\x00\x02\x01\x00')
410 | f = s.recv(1024)
411 | if len(f) == 0:
412 | fVuln = False
413 | except socket.error:
414 | fVuln = False
415 | if fVuln:
416 | showDisplay(displayMode," - [LOG] %s %s:%d may allow early CCS" % (strVer,strHost,iPort))
417 | iVulnCount += 1
418 | else:
419 | showDisplay(displayMode," - [LOG] %s %s:%d rejected early CCS" % (strVer,strHost,iPort))
420 | else:
421 | showDisplay(displayMode," - [LOG] %s No response from %s:%d" % (strVer,strHost,iPort))
422 | try:
423 | s.close()
424 | except:
425 | pass
426 | if iVulnCount > 0:
427 | #showDisplay(displayMode,"***This System Exhibits Potentially Vulnerable Behavior***\nIf this system is using OpenSSL, it should be upgraded.\nNote: This is an experimental detection script and does not definitively determine vulnerable server status.")
428 | return "0x01"
429 | quit(1)
430 | else:
431 | return "0x00"
432 | #showDisplay(displayMode,"No need to patch.")
433 | quit(0)
434 |
--------------------------------------------------------------------------------
/module/M_crime.py:
--------------------------------------------------------------------------------
1 | import Queue
2 | import threading
3 | import getopt
4 | import sys
5 | import urllib2
6 | import hashlib
7 | import socket
8 | import time
9 | import os
10 | import re
11 | import netaddr
12 | import subprocess
13 | from C_display import *
14 |
15 | #Module
16 |
17 | def m_crime_run(ip_address,iPort,displayMode):
18 | #Identifier is not used
19 | IP = ip_address.strip()##
20 | try:
21 | socket.inet_aton(IP)
22 | showDisplay(displayMode," - [LOG] IP Check Ok.")
23 | except:
24 | showDisplay(displayMode,"%s,invalid IP" % IP)
25 | return "0x02"
26 | try:
27 | showDisplay(displayMode," - [LOG] Start SSL Connection")
28 | result = subprocess.Popen(['timeout','4','openssl','s_client','-connect',ip_address+":"+str(iPort),"-nextprotoneg","NULL"], stderr=subprocess.STDOUT, stdout=subprocess.PIPE).communicate()[0]
29 | showDisplay(displayMode," - [LOG] Analysis SSL Information")
30 | #showDisplay(displayMode,result)
31 | if "Protocols advertised by server" in result:
32 | showDisplay(displayMode," - [LOG] 'Protocols advertised by server'")
33 | return "0x00"
34 | else:
35 | showDisplay(displayMode," - [LOG] 'Includes SPDY version <4'")
36 | return "0x01"
37 | except:
38 | showDisplay(displayMode,"[INF] Error CRIME Module")
39 | return "0x02"
40 |
41 |
42 |
--------------------------------------------------------------------------------
/module/M_drown.py:
--------------------------------------------------------------------------------
1 | import socket
2 | from C_display import *
3 |
4 | #Module
5 |
6 | def check_tls(hostname,port):
7 | client_hello = '16030100d8010000d403037d408377c8e5204623867604ab0ee4a140043a4e383f770a1e6b66c2d45d34e820de8656a211d79fa9809e9ae6404bb7bcc372afcdd6f51882e39ac2241a8535090016c02bc02fc00ac009c013c01400330039002f0035000a0100007500000014001200000f7777772e65746973616c61742e6567ff01000100000a00080006001700180019000b00020100002300003374000000100017001502683208737064792f332e3108687474702f312e31000500050100000000000d001600140401050106010201040305030603020304020202'
8 |
9 | s = socket.socket()
10 | s.settimeout(5)
11 | s.connect((hostname,int(port)))
12 | s.send(client_hello.decode('hex'))
13 | try:
14 | data = s.recv(1024*1024)
15 | except socket.timeout:
16 | data = ''
17 |
18 | if data:
19 | server_hello_len = int(data[3:5].encode('hex'),16)
20 | index = 5
21 | index += server_hello_len
22 | cert_msg = data[index:]
23 |
24 | return cert_msg
25 |
26 | def m_drown_run(hostname,port,displayMode):
27 | client_hello_payload = '803e0100020015001000100100800200800600400400800700c00800800500806161616161616161616161616161616161616161616161616161616161616161'
28 | s = socket.socket()
29 |
30 | s.settimeout(5)
31 | s.connect((hostname,int(port)))
32 | s.sendall(client_hello_payload.decode('hex'))
33 | try:
34 | server_hello = s.recv(10*1024)
35 | except socket.timeout:
36 | server_hello = ''
37 |
38 | except socket.error:
39 | showDisplay(displayMode," - [LOG] Execption")
40 | return "0x02"
41 |
42 | if server_hello:
43 | try:
44 | #parse incoming packet to extract the certificate
45 | index = 0
46 | length = server_hello[index:index+2].encode('hex')
47 | index +=2
48 | msg_type = server_hello[index].encode('hex')
49 | index +=1
50 | session_id = server_hello[index].encode('hex')
51 | index +=1
52 | cert_type = server_hello[index].encode('hex')
53 | index +=1
54 | ssl_version = server_hello[index:index+2]
55 | index +=2
56 | cert_len = int(server_hello[index:index+2].encode('hex'),16)
57 | #showDisplay(displayMode,'cert_len',cert_len)
58 | index +=2
59 | cipher_spec_len = server_hello[index:index+2]
60 | index +=2
61 | conn_id = server_hello[index:index+2]
62 | index +=2
63 | cert = server_hello[index:cert_len+1]
64 | data = check_tls(hostname,port)
65 | if data:
66 | showDisplay(displayMode," - [LOG] Check the TLS CERT")
67 | showDisplay(displayMode," - [LOG] Check the SSLv2 CERT")
68 | if cert.encode('hex') in data.encode('hex'):
69 | showDisplay(displayMode," - [LOG] SSLv2 Enable - Same cert")
70 | return "0x01"
71 | else:
72 | showDisplay(displayMode," - [LOG] SSLv2 Enable - Not same cert")
73 | return "0x01"
74 | except Exception as e:
75 | showDisplay(displayMode,str(e))
76 | return "0x02"
77 | else:
78 | showDisplay(displayMode," - [LOG] Not connected SSLv2")
79 | return "0x00"
80 |
81 | s.close()
82 |
83 |
--------------------------------------------------------------------------------
/module/M_freak.py:
--------------------------------------------------------------------------------
1 | import Queue
2 | import threading
3 | import getopt
4 | import sys
5 | import urllib2
6 | import hashlib
7 | import socket
8 | import time
9 | import os
10 | import re
11 | import netaddr
12 | import subprocess
13 | from C_display import *
14 |
15 | #Module
16 | def m_freak_run(ip_address,iPort,displayMode):
17 | #Identifier is not used
18 | IP = ip_address.strip()##
19 | try:
20 | socket.inet_aton(IP)
21 | showDisplay(displayMode, " - [LOG] IP Check Ok.")
22 | except:
23 | showDisplay(displayMode, "%s,invalid IP" % IP)
24 | return "0x02"
25 | try:
26 | showDisplay(displayMode, " - [LOG] Start SSL Connection / Gathering Information")
27 | result = subprocess.Popen(['timeout','4','openssl','s_client','-connect',ip_address+":"+str(iPort),"-cipher","EXPORT"], stderr=subprocess.STDOUT, stdout=subprocess.PIPE).communicate()[0]
28 | showDisplay(displayMode, " - [LOG] Ending Get Information")
29 | #showDisplay(displayMode, result
30 | if "Cipher is EXP" in result:
31 | showDisplay(displayMode, " - [LOG] 'Cipher is EXP' in Response")
32 | return "0x01"
33 | else:
34 | showDisplay(displayMode, " - [LOG] 'Cipher is EXP' not in Response")
35 | return "0x00"
36 | except:
37 | showDisplay(displayMode, "[INF] Error FREAK Module")
38 | return "0x02"
39 |
40 |
41 |
--------------------------------------------------------------------------------
/module/M_heartbleed.py:
--------------------------------------------------------------------------------
1 |
2 | import sys
3 | import struct
4 | import socket
5 | import time
6 | import select
7 | import re
8 | import smtplib
9 | from C_display import *
10 | #Module
11 | state="0x00"
12 |
13 | def h2bin(x):
14 | return x.replace(' ', '').replace('\n', '').decode('hex')
15 |
16 | hello = h2bin('''
17 | 16 03 02 00 dc 01 00 00 d8 03 02 53
18 | 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
19 | bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
20 | 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
21 | 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
22 | c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
23 | c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
24 | c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
25 | c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
26 | 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
27 | 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
28 | 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
29 | 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
30 | 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
31 | 00 0f 00 01 01
32 | ''')
33 |
34 | hbv10 = h2bin('''
35 | 18 03 01 00 03
36 | 01 40 00
37 | ''')
38 |
39 | hbv11 = h2bin('''
40 | 18 03 02 00 03
41 | 01 40 00
42 | ''')
43 |
44 | hbv12 = h2bin('''
45 | 18 03 03 00 03
46 | 01 40 00
47 | ''')
48 |
49 | def hexdump(s, dumpf, quiet):
50 | #dump = open(dumpf,'a')
51 | #dump.write(s)
52 | #dump.close()
53 | if quiet: return
54 | for b in xrange(0, len(s), 16):
55 | lin = [c for c in s[b : b + 16]]
56 | hxdat = ' '.join('%02X' % ord(c) for c in lin)
57 | pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
58 | zzzzz=1#showDisplay(displayMode,' %04x: %-48s %s' % (b, hxdat, pdat))
59 | zzzzz=1#print
60 |
61 | def recvall(s, length, timeout=5):
62 | endtime = time.time() + timeout
63 | rdata = ''
64 | remain = length
65 | while remain > 0:
66 | rtime = endtime - time.time()
67 | if rtime < 0:
68 | if not rdata:
69 | return None
70 | else:
71 | return rdata
72 | r, w, e = select.select([s], [], [], 5)
73 | if s in r:
74 | data = s.recv(remain)
75 | # EOF?
76 | if not data:
77 | return None
78 | rdata += data
79 | remain -= len(data)
80 | return rdata
81 |
82 | def recvmsg(s):
83 | hdr = recvall(s, 5)
84 | if hdr is None:
85 | zzzzz=1#showDisplay(displayMode,'Unexpected EOF receiving record header - server closed connection')
86 | return None, None, None
87 | typ, ver, ln = struct.unpack('>BHH', hdr)
88 | pay = recvall(s, ln, 10)
89 | if pay is None:
90 | zzzzz=1#showDisplay(displayMode,'Unexpected EOF receiving record payload - server closed connection')
91 | return None, None, None
92 | zzzzz=1#showDisplay(displayMode,' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)))
93 | return typ, ver, pay
94 |
95 | def hit_hb(s, dumpf, host, quiet):
96 | while True:
97 | typ, ver, pay = recvmsg(s)
98 | if typ is None:
99 | zzzzz=1#showDisplay(displayMode,'No heartbeat response received from '+host+', server likely not vulnerable')
100 | state = "0x00"
101 | return False
102 |
103 | if typ == 24:
104 | if not quiet: zzzzz=1#showDisplay(displayMode,'Received heartbeat response:')
105 | hexdump(pay, dumpf, quiet)
106 | if len(pay) > 3:
107 | zzzzz=1#showDisplay(displayMode,'WARNING: server '+ host +' returned more data than it should - server is vulnerable!')
108 | else:
109 | zzzzz=1#showDisplay(displayMode,'Server '+host+' processed malformed heartbeat, but did not return any extra data.')
110 | state = "0x01"
111 | return True
112 |
113 | if typ == 21:
114 | if not quiet: zzzzz=1#showDisplay(displayMode,'Received alert:')
115 | hexdump(pay, dumpf, quiet)
116 | zzzzz=1#showDisplay(displayMode,'Server '+ host +' returned error, likely not vulnerable')
117 | state = "0x00"
118 | return False
119 |
120 | def connect(host, port, quiet):
121 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
122 | if not quiet: zzzzz=1#showDisplay(displayMode,'Connecting...')
123 | sys.stdout.flush()
124 | s.connect((host, port))
125 | return s
126 |
127 | def tls(s, quiet,displayMode):
128 | if not quiet: showDisplay(displayMode,' - [LOG] Sending Client Hello...')
129 | sys.stdout.flush()
130 | s.send(hello)
131 | if not quiet: showDisplay(displayMode,' - [LOG] Waiting for Server Hello...')
132 | sys.stdout.flush()
133 |
134 | def parseresp(s):
135 | while True:
136 | typ, ver, pay = recvmsg(s)
137 | if typ == None:
138 | zzzzz=1#showDisplay(displayMode,'Server closed connection without sending Server Hello.')
139 | return 0
140 | # Look for server hello done message.
141 | if typ == 22 and ord(pay[0]) == 0x0E:
142 | return ver
143 |
144 | def check(host, port, dumpf, quiet, starttls,displayMode):
145 | response = False
146 | if starttls:
147 | try:
148 | s = smtplib.SMTP(host=host,port=port)
149 | s.ehlo()
150 | s.starttls()
151 | except smtplib.SMTPException:
152 | zzzzz=1#showDisplay(displayMode,'STARTTLS not supported...')
153 | s.quit()
154 | return False
155 | zzzzz=1#showDisplay(displayMode,'STARTTLS supported...')
156 | s.quit()
157 | s = connect(host, port, quiet)
158 | s.settimeout(1)
159 | try:
160 | re = s.recv(1024)
161 | s.send('ehlo starttlstest\r\n')
162 | re = s.recv(1024)
163 | s.send('starttls\r\n')
164 | re = s.recv(1024)
165 | except socket.timeout:
166 | zzzzz=1#showDisplay(displayMode,'Timeout issues, going ahead anyway, but it is probably broken ...')
167 | tls(s,quiet,displayMode)
168 | else:
169 | s = connect(host, port, quiet)
170 | tls(s,quiet,displayMode)
171 |
172 | version = parseresp(s)
173 |
174 | if version == 0:
175 | if not quiet: zzzzz=1#showDisplay(displayMode,"Got an error while parsing the response, bailing ...")
176 | return False
177 | else:
178 | version = version - 0x0300
179 | if not quiet: zzzzz=1#showDisplay(displayMode,"Server TLS version was 1.%d\n" % version)
180 |
181 | if not quiet: showDisplay(displayMode,' - [LOG] Sending heartbeat request..')
182 | sys.stdout.flush()
183 | if (version == 1):
184 | s.send(hbv10)
185 | response = hit_hb(s,dumpf, host, quiet)
186 | if (version == 2):
187 | s.send(hbv11)
188 | response = hit_hb(s,dumpf, host, quiet)
189 | if (version == 3):
190 | s.send(hbv12)
191 | response = hit_hb(s,dumpf, host, quiet)
192 | s.close()
193 | return response
194 |
195 | def m_heartbleed_run(target,port,displayMode):
196 | check(target,port,"","","",displayMode)
197 | return state
198 | # for i in xrange(0,opts.num):
199 | # check(target, port,"", "", "")
200 |
201 |
--------------------------------------------------------------------------------
/module/M_logjam.py:
--------------------------------------------------------------------------------
1 | import Queue
2 | import threading
3 | import getopt
4 | import sys
5 | import urllib2
6 | import hashlib
7 | import socket
8 | import time
9 | import os
10 | import re
11 | import netaddr
12 | import subprocess
13 | from C_display import *
14 |
15 | #Module
16 |
17 | def m_logjam_run(ip_address,iPort,displayMode):
18 | #Identifier is not used
19 | IP = ip_address.strip()##
20 | try:
21 | socket.inet_aton(IP)
22 | showDisplay(displayMode," - [LOG] IP Check Ok.")
23 | except:
24 | showDisplay(displayMode,"%s,invalid IP" % IP)
25 | return "0x02"
26 | try:
27 | showDisplay(displayMode," - [LOG] Start SSL Connection / Gathering Information")
28 | result = subprocess.Popen(['timeout','4','openssl','s_client','-connect',ip_address+":"+str(iPort),"-cipher","EDH"], stderr=subprocess.STDOUT, stdout=subprocess.PIPE).communicate()[0]
29 | showDisplay(displayMode," - [LOG] Ending Get Information")
30 | #showDisplay(displayMode,result)
31 | if "Cipher is DEH" in result:
32 | showDisplay(displayMode," - [LOG] 'Cipher is DEH' in Response")
33 | return "0x01"
34 | else:
35 | showDisplay(displayMode," - [LOG] 'Cipher is DEH' not in Response")
36 | return "0x00"
37 | except:
38 | showDisplay(displayMode,"[INF] Error LOGJAM Module")
39 | return "0x02"
40 |
41 |
42 |
--------------------------------------------------------------------------------
/module/M_poodle.py:
--------------------------------------------------------------------------------
1 | import sys
2 | import socket
3 | import time
4 | import struct
5 | from C_display import *
6 |
7 | #Module
8 | dSSL = {
9 | "SSLv3" : "\x03\x00",
10 | "TLSv1" : "\x03\x01",
11 | "TLSv1.1" : "\x03\x02",
12 | "TLSv1.2" : "\x03\x03",
13 | }
14 |
15 | # The following is a complete list of ciphers for the SSLv3 family up to TLSv1.2
16 | ssl3_cipher = dict()
17 | ssl3_cipher['\x00\x00'] = "TLS_NULL_WITH_NULL_NULL"
18 | ssl3_cipher['\x00\x01'] = "TLS_RSA_WITH_NULL_MD5"
19 | ssl3_cipher['\x00\x02'] = "TLS_RSA_WITH_NULL_SHA"
20 | ssl3_cipher['\x00\x03'] = "TLS_RSA_EXPORT_WITH_RC4_40_MD5"
21 | ssl3_cipher['\x00\x04'] = "TLS_RSA_WITH_RC4_128_MD5"
22 | ssl3_cipher['\x00\x05'] = "TLS_RSA_WITH_RC4_128_SHA"
23 | ssl3_cipher['\x00\x06'] = "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"
24 | ssl3_cipher['\x00\x07'] = "TLS_RSA_WITH_IDEA_CBC_SHA"
25 | ssl3_cipher['\x00\x08'] = "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"
26 | ssl3_cipher['\x00\x09'] = "TLS_RSA_WITH_DES_CBC_SHA"
27 | ssl3_cipher['\x00\x0a'] = "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
28 | ssl3_cipher['\x00\x0b'] = "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"
29 | ssl3_cipher['\x00\x0c'] = "TLS_DH_DSS_WITH_DES_CBC_SHA"
30 | ssl3_cipher['\x00\x0d'] = "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"
31 | ssl3_cipher['\x00\x0e'] = "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"
32 | ssl3_cipher['\x00\x0f'] = "TLS_DH_RSA_WITH_DES_CBC_SHA"
33 | ssl3_cipher['\x00\x10'] = "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"
34 | ssl3_cipher['\x00\x11'] = "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
35 | ssl3_cipher['\x00\x12'] = "TLS_DHE_DSS_WITH_DES_CBC_SHA"
36 | ssl3_cipher['\x00\x13'] = "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
37 | ssl3_cipher['\x00\x14'] = "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"
38 | ssl3_cipher['\x00\x15'] = "TLS_DHE_RSA_WITH_DES_CBC_SHA"
39 | ssl3_cipher['\x00\x16'] = "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
40 | ssl3_cipher['\x00\x17'] = "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"
41 | ssl3_cipher['\x00\x18'] = "TLS_DH_anon_WITH_RC4_128_MD5"
42 | ssl3_cipher['\x00\x19'] = "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"
43 | ssl3_cipher['\x00\x1a'] = "TLS_DH_anon_WITH_DES_CBC_SHA"
44 | ssl3_cipher['\x00\x1b'] = "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"
45 | ssl3_cipher['\x00\x1c'] = "SSL_FORTEZZA_KEA_WITH_NULL_SHA"
46 | ssl3_cipher['\x00\x1d'] = "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"
47 | ssl3_cipher['\x00\x1e'] = "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"
48 | ssl3_cipher['\x00\x1E'] = "TLS_KRB5_WITH_DES_CBC_SHA"
49 | ssl3_cipher['\x00\x1F'] = "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"
50 | ssl3_cipher['\x00\x20'] = "TLS_KRB5_WITH_RC4_128_SHA"
51 | ssl3_cipher['\x00\x21'] = "TLS_KRB5_WITH_IDEA_CBC_SHA"
52 | ssl3_cipher['\x00\x22'] = "TLS_KRB5_WITH_DES_CBC_MD5"
53 | ssl3_cipher['\x00\x23'] = "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"
54 | ssl3_cipher['\x00\x24'] = "TLS_KRB5_WITH_RC4_128_MD5"
55 | ssl3_cipher['\x00\x25'] = "TLS_KRB5_WITH_IDEA_CBC_MD5"
56 | ssl3_cipher['\x00\x26'] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"
57 | ssl3_cipher['\x00\x27'] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"
58 | ssl3_cipher['\x00\x28'] = "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"
59 | ssl3_cipher['\x00\x29'] = "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"
60 | ssl3_cipher['\x00\x2A'] = "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"
61 | ssl3_cipher['\x00\x2B'] = "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"
62 | ssl3_cipher['\x00\x2C'] = "TLS_PSK_WITH_NULL_SHA"
63 | ssl3_cipher['\x00\x2D'] = "TLS_DHE_PSK_WITH_NULL_SHA"
64 | ssl3_cipher['\x00\x2E'] = "TLS_RSA_PSK_WITH_NULL_SHA"
65 | ssl3_cipher['\x00\x2F'] = "TLS_RSA_WITH_AES_128_CBC_SHA"
66 | ssl3_cipher['\x00\x30'] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA"
67 | ssl3_cipher['\x00\x31'] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA"
68 | ssl3_cipher['\x00\x32'] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
69 | ssl3_cipher['\x00\x33'] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
70 | ssl3_cipher['\x00\x34'] = "TLS_DH_anon_WITH_AES_128_CBC_SHA"
71 | ssl3_cipher['\x00\x35'] = "TLS_RSA_WITH_AES_256_CBC_SHA"
72 | ssl3_cipher['\x00\x36'] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA"
73 | ssl3_cipher['\x00\x37'] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA"
74 | ssl3_cipher['\x00\x38'] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
75 | ssl3_cipher['\x00\x39'] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
76 | ssl3_cipher['\x00\x3A'] = "TLS_DH_anon_WITH_AES_256_CBC_SHA"
77 | ssl3_cipher['\x00\x3B'] = "TLS_RSA_WITH_NULL_SHA256"
78 | ssl3_cipher['\x00\x3C'] = "TLS_RSA_WITH_AES_128_CBC_SHA256"
79 | ssl3_cipher['\x00\x3D'] = "TLS_RSA_WITH_AES_256_CBC_SHA256"
80 | ssl3_cipher['\x00\x3E'] = "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"
81 | ssl3_cipher['\x00\x3F'] = "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"
82 | ssl3_cipher['\x00\x40'] = "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
83 | ssl3_cipher['\x00\x41'] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
84 | ssl3_cipher['\x00\x42'] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"
85 | ssl3_cipher['\x00\x43'] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"
86 | ssl3_cipher['\x00\x44'] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
87 | ssl3_cipher['\x00\x45'] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
88 | ssl3_cipher['\x00\x46'] = "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
89 | ssl3_cipher['\x00\x60'] = "TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"
90 | ssl3_cipher['\x00\x61'] = "TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"
91 | ssl3_cipher['\x00\x62'] = "TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"
92 | ssl3_cipher['\x00\x63'] = "TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"
93 | ssl3_cipher['\x00\x64'] = "TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"
94 | ssl3_cipher['\x00\x65'] = "TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"
95 | ssl3_cipher['\x00\x66'] = "TLS_DHE_DSS_WITH_RC4_128_SHA"
96 | ssl3_cipher['\x00\x67'] = "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
97 | ssl3_cipher['\x00\x68'] = "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"
98 | ssl3_cipher['\x00\x69'] = "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"
99 | ssl3_cipher['\x00\x6A'] = "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
100 | ssl3_cipher['\x00\x6B'] = "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
101 | ssl3_cipher['\x00\x6C'] = "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
102 | ssl3_cipher['\x00\x6D'] = "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
103 | ssl3_cipher['\x00\x80'] = "TLS_GOSTR341094_WITH_28147_CNT_IMIT"
104 | ssl3_cipher['\x00\x81'] = "TLS_GOSTR341001_WITH_28147_CNT_IMIT"
105 | ssl3_cipher['\x00\x82'] = "TLS_GOSTR341094_WITH_NULL_GOSTR3411"
106 | ssl3_cipher['\x00\x83'] = "TLS_GOSTR341001_WITH_NULL_GOSTR3411"
107 | ssl3_cipher['\x00\x84'] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
108 | ssl3_cipher['\x00\x85'] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"
109 | ssl3_cipher['\x00\x86'] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"
110 | ssl3_cipher['\x00\x87'] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
111 | ssl3_cipher['\x00\x88'] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
112 | ssl3_cipher['\x00\x89'] = "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
113 | ssl3_cipher['\x00\x8A'] = "TLS_PSK_WITH_RC4_128_SHA"
114 | ssl3_cipher['\x00\x8B'] = "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
115 | ssl3_cipher['\x00\x8C'] = "TLS_PSK_WITH_AES_128_CBC_SHA"
116 | ssl3_cipher['\x00\x8D'] = "TLS_PSK_WITH_AES_256_CBC_SHA"
117 | ssl3_cipher['\x00\x8E'] = "TLS_DHE_PSK_WITH_RC4_128_SHA"
118 | ssl3_cipher['\x00\x8F'] = "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
119 | ssl3_cipher['\x00\x90'] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
120 | ssl3_cipher['\x00\x91'] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
121 | ssl3_cipher['\x00\x92'] = "TLS_RSA_PSK_WITH_RC4_128_SHA"
122 | ssl3_cipher['\x00\x93'] = "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
123 | ssl3_cipher['\x00\x94'] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
124 | ssl3_cipher['\x00\x95'] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
125 | ssl3_cipher['\x00\x96'] = "TLS_RSA_WITH_SEED_CBC_SHA"
126 | ssl3_cipher['\x00\x97'] = "TLS_DH_DSS_WITH_SEED_CBC_SHA"
127 | ssl3_cipher['\x00\x98'] = "TLS_DH_RSA_WITH_SEED_CBC_SHA"
128 | ssl3_cipher['\x00\x99'] = "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
129 | ssl3_cipher['\x00\x9A'] = "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
130 | ssl3_cipher['\x00\x9B'] = "TLS_DH_anon_WITH_SEED_CBC_SHA"
131 | ssl3_cipher['\x00\x9C'] = "TLS_RSA_WITH_AES_128_GCM_SHA256"
132 | ssl3_cipher['\x00\x9D'] = "TLS_RSA_WITH_AES_256_GCM_SHA384"
133 | ssl3_cipher['\x00\x9E'] = "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
134 | ssl3_cipher['\x00\x9F'] = "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
135 | ssl3_cipher['\x00\xA0'] = "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"
136 | ssl3_cipher['\x00\xA1'] = "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"
137 | ssl3_cipher['\x00\xA2'] = "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
138 | ssl3_cipher['\x00\xA3'] = "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
139 | ssl3_cipher['\x00\xA4'] = "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"
140 | ssl3_cipher['\x00\xA5'] = "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"
141 | ssl3_cipher['\x00\xA6'] = "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
142 | ssl3_cipher['\x00\xA7'] = "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
143 | ssl3_cipher['\x00\xA8'] = "TLS_PSK_WITH_AES_128_GCM_SHA256"
144 | ssl3_cipher['\x00\xA9'] = "TLS_PSK_WITH_AES_256_GCM_SHA384"
145 | ssl3_cipher['\x00\xAA'] = "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
146 | ssl3_cipher['\x00\xAB'] = "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
147 | ssl3_cipher['\x00\xAC'] = "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
148 | ssl3_cipher['\x00\xAD'] = "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
149 | ssl3_cipher['\x00\xAE'] = "TLS_PSK_WITH_AES_128_CBC_SHA256"
150 | ssl3_cipher['\x00\xAF'] = "TLS_PSK_WITH_AES_256_CBC_SHA384"
151 | ssl3_cipher['\x00\xB0'] = "TLS_PSK_WITH_NULL_SHA256"
152 | ssl3_cipher['\x00\xB1'] = "TLS_PSK_WITH_NULL_SHA384"
153 | ssl3_cipher['\x00\xB2'] = "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
154 | ssl3_cipher['\x00\xB3'] = "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
155 | ssl3_cipher['\x00\xB4'] = "TLS_DHE_PSK_WITH_NULL_SHA256"
156 | ssl3_cipher['\x00\xB5'] = "TLS_DHE_PSK_WITH_NULL_SHA384"
157 | ssl3_cipher['\x00\xB6'] = "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
158 | ssl3_cipher['\x00\xB7'] = "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
159 | ssl3_cipher['\x00\xB8'] = "TLS_RSA_PSK_WITH_NULL_SHA256"
160 | ssl3_cipher['\x00\xB9'] = "TLS_RSA_PSK_WITH_NULL_SHA384"
161 | ssl3_cipher['\x00\xBA'] = "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
162 | ssl3_cipher['\x00\xBB'] = "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"
163 | ssl3_cipher['\x00\xBC'] = "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"
164 | ssl3_cipher['\x00\xBD'] = "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
165 | ssl3_cipher['\x00\xBE'] = "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
166 | ssl3_cipher['\x00\xBF'] = "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
167 | ssl3_cipher['\x00\xC0'] = "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
168 | ssl3_cipher['\x00\xC1'] = "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"
169 | ssl3_cipher['\x00\xC2'] = "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"
170 | ssl3_cipher['\x00\xC3'] = "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
171 | ssl3_cipher['\x00\xC4'] = "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
172 | ssl3_cipher['\x00\xC5'] = "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
173 | ssl3_cipher['\x00\x00'] = "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"
174 | ssl3_cipher['\xc0\x01'] = "TLS_ECDH_ECDSA_WITH_NULL_SHA"
175 | ssl3_cipher['\xc0\x02'] = "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"
176 | ssl3_cipher['\xc0\x03'] = "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"
177 | ssl3_cipher['\xc0\x04'] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"
178 | ssl3_cipher['\xc0\x05'] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"
179 | ssl3_cipher['\xc0\x06'] = "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
180 | ssl3_cipher['\xc0\x07'] = "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
181 | ssl3_cipher['\xc0\x08'] = "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
182 | ssl3_cipher['\xc0\x09'] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
183 | ssl3_cipher['\xc0\x0a'] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
184 | ssl3_cipher['\xc0\x0b'] = "TLS_ECDH_RSA_WITH_NULL_SHA"
185 | ssl3_cipher['\xc0\x0c'] = "TLS_ECDH_RSA_WITH_RC4_128_SHA"
186 | ssl3_cipher['\xc0\x0d'] = "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"
187 | ssl3_cipher['\xc0\x0e'] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"
188 | ssl3_cipher['\xc0\x0f'] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"
189 | ssl3_cipher['\xc0\x10'] = "TLS_ECDHE_RSA_WITH_NULL_SHA"
190 | ssl3_cipher['\xc0\x11'] = "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
191 | ssl3_cipher['\xc0\x12'] = "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
192 | ssl3_cipher['\xc0\x13'] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
193 | ssl3_cipher['\xc0\x14'] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
194 | ssl3_cipher['\xc0\x15'] = "TLS_ECDH_anon_WITH_NULL_SHA"
195 | ssl3_cipher['\xc0\x16'] = "TLS_ECDH_anon_WITH_RC4_128_SHA"
196 | ssl3_cipher['\xc0\x17'] = "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
197 | ssl3_cipher['\xc0\x18'] = "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
198 | ssl3_cipher['\xc0\x19'] = "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
199 | ssl3_cipher['\xC0\x1A'] = "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
200 | ssl3_cipher['\xC0\x1B'] = "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
201 | ssl3_cipher['\xC0\x1C'] = "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
202 | ssl3_cipher['\xC0\x1D'] = "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
203 | ssl3_cipher['\xC0\x1E'] = "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
204 | ssl3_cipher['\xC0\x1F'] = "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
205 | ssl3_cipher['\xC0\x20'] = "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
206 | ssl3_cipher['\xC0\x21'] = "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
207 | ssl3_cipher['\xC0\x22'] = "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
208 | ssl3_cipher['\xC0\x23'] = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
209 | ssl3_cipher['\xC0\x24'] = "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
210 | ssl3_cipher['\xC0\x25'] = "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"
211 | ssl3_cipher['\xC0\x26'] = "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"
212 | ssl3_cipher['\xC0\x27'] = "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
213 | ssl3_cipher['\xC0\x28'] = "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
214 | ssl3_cipher['\xC0\x29'] = "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"
215 | ssl3_cipher['\xC0\x2A'] = "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"
216 | ssl3_cipher['\xC0\x2B'] = "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
217 | ssl3_cipher['\xC0\x2C'] = "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
218 | ssl3_cipher['\xC0\x2D'] = "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"
219 | ssl3_cipher['\xC0\x2E'] = "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"
220 | ssl3_cipher['\xC0\x2F'] = "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
221 | ssl3_cipher['\xC0\x30'] = "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
222 | ssl3_cipher['\xC0\x31'] = "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"
223 | ssl3_cipher['\xC0\x32'] = "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"
224 | ssl3_cipher['\xC0\x33'] = "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
225 | ssl3_cipher['\xC0\x34'] = "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
226 | ssl3_cipher['\xC0\x35'] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
227 | ssl3_cipher['\xC0\x36'] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
228 | ssl3_cipher['\xC0\x37'] = "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
229 | ssl3_cipher['\xC0\x38'] = "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
230 | ssl3_cipher['\xC0\x39'] = "TLS_ECDHE_PSK_WITH_NULL_SHA"
231 | ssl3_cipher['\xC0\x3A'] = "TLS_ECDHE_PSK_WITH_NULL_SHA256"
232 | ssl3_cipher['\xC0\x3B'] = "TLS_ECDHE_PSK_WITH_NULL_SHA384"
233 | ssl3_cipher['\xfe\xfe'] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA"
234 | ssl3_cipher['\xfe\xff'] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"
235 | ssl3_cipher['\xff\xe0'] = "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"
236 | ssl3_cipher['\xff\xe1'] = "SSL_RSA_FIPS_WITH_DES_CBC_SHA"
237 |
238 | def getSSLRecords(strBuf):
239 | lstRecords = []
240 | if len(strBuf)>=9:
241 | sslStatus = struct.unpack('>BHHI', strBuf[0:9])
242 | iType = (sslStatus[3] & (0xFF000000))>>24
243 | iRecordLen = sslStatus[3] & (0x00FFFFFF)
244 | iShakeProtocol = sslStatus[0]
245 | iSSLLen = sslStatus[2]
246 | #log(2,"iSSLLen == %d, len(strBuf) == %d, iRecordLen == %d",iSSLLen,len(strBuf),iRecordLen)
247 | if (iRecordLen + 5 < iSSLLen):
248 | #log(2,"Multiple Handshakes")
249 | lstRecords.append((iShakeProtocol,iType))
250 | iLoopStopper = 0
251 | iNextOffset = iRecordLen + 9
252 | while iNextOffset < len(strBuf):
253 | iLoopStopper += 1
254 | iCount = 0
255 | while ((iNextOffset+4) > len(strBuf) and iCount < 5):
256 | #log(2,"Need more data to fill buffer")
257 | iCount += 1
258 | rule.waitForData()
259 | if len(rule.buffer) > 0:
260 | strBuf += rule.buffer
261 | if ((iNextOffset+4) > len(strBuf)):
262 | #log(2,"End of message")
263 | break
264 | iTypeAndLen = struct.unpack(">I",strBuf[iNextOffset:iNextOffset+4])[0]
265 | iRecordLen = iTypeAndLen & (0x00FFFFFF)
266 | iType = (iTypeAndLen & (0xFF000000))>>24
267 | lstRecords.append((iShakeProtocol,iType))
268 | iNextOffset += (iRecordLen + 4)
269 | if iLoopStopper > 8:
270 | break
271 | return lstRecords
272 | elif (iRecordLen + 9 < len(strBuf)):
273 | #log(2,"Multiple Records")
274 | lstRecords.append((iShakeProtocol,iType))
275 | iNextOffset = iRecordLen + 9
276 | iLoopStopper = 0
277 | while iNextOffset+6 < len(strBuf):
278 | iLoopStopper += 1
279 | iShakeProtocol = struct.unpack(">B",strBuf[iNextOffset])[0]
280 | iRecordLen = struct.unpack(">H",strBuf[iNextOffset+3:iNextOffset+5])[0]
281 | iType = struct.unpack(">B",strBuf[iNextOffset+5])[0]
282 | #log(2,"iShakeProto == %d, iRecordLen == %d, iType == %d",iShakeProtocol,iRecordLen,iType)
283 | lstRecords.append((iShakeProtocol,iType))
284 | iNextOffset += iRecordLen + 5
285 | if iLoopStopper > 8:
286 | break
287 | return lstRecords
288 | elif (iRecordLen + 9 == len(strBuf)):
289 | #log(2,"Single record")
290 | sslStatus = checkSSLHeader(strBuf)
291 | lstRecords.append((sslStatus[0],sslStatus[2]))
292 | return lstRecords
293 | return None
294 |
295 | def checkSSLHeader(strBuf):
296 | if len(strBuf)>=6:
297 | sslStatus = struct.unpack('>BHHI', strBuf[0:9])
298 | iType = (sslStatus[3] & (0xFF000000))>>24
299 | iRecordLen = sslStatus[3] & (0x00FFFFFF)
300 | iShakeProtocol = sslStatus[0]
301 | iSSLLen = sslStatus[2]
302 | return (iShakeProtocol,iSSLLen,iType,iRecordLen)
303 | return None
304 |
305 | def makeHello(strSSLVer):
306 | r = "\x16" # Message Type 22
307 | r += dSSL[strSSLVer]
308 | strCiphers = ""
309 | for c in ssl3_cipher.keys():
310 | strCiphers += c
311 | dLen = 43 + len(strCiphers)
312 | r += struct.pack("!H",dLen)
313 | h = "\x01"
314 | strPlen = struct.pack("!L",dLen-4)
315 | h+=strPlen[1:]
316 | h+= dSSL[strSSLVer]
317 | rand = struct.pack("!L", int(time.time()))
318 | rand += "\x36\x24\x34\x16\x27\x09\x22\x07\xd7\xbe\xef\x69\xa1\xb2"
319 | rand += "\x37\x23\x14\x96\x27\xa9\x12\x04\xe7\xce\xff\xd9\xae\xbb"
320 | h+=rand
321 | h+= "\x00" # No Session ID
322 | h+=struct.pack("!H",len(strCiphers))
323 | h+=strCiphers
324 | h+= "\x01\x00"
325 | return r+h
326 |
327 | def m_poodle_run(strHost,iPort,displayMode):
328 | iVulnCount = 0
329 | for strVer in ["SSLv3"]:
330 | strHello = makeHello(strVer)
331 | strLogPre = "[%s] %s:%d" % (strVer,strHost,iPort)
332 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
333 | try:
334 | s.connect((strHost,iPort))
335 | s.settimeout(5)
336 | except:
337 | showDisplay(displayMode,"Failure connecting to %s:%d." % (strHost,iPort))
338 | quit()
339 | s.send(strHello)
340 | #showDisplay(displayMode,"Sending %s Client Hello" % (strVer))
341 | iCount = 0
342 | fServerHello = False
343 | fCert = False
344 | fKex = False
345 | fHelloDone = False
346 | while iCount<5:
347 | iCount += 1
348 | try:
349 | recv = s.recv(2048)
350 | except:
351 | continue
352 | lstRecords = getSSLRecords(recv)
353 |
354 | if lstRecords != None and len(lstRecords) > 0:
355 | for (iShakeProtocol,iType) in lstRecords:
356 | if iShakeProtocol == 22:
357 | if iType == 2:
358 | fServerHello = True
359 | elif iType == 11:
360 | fCert = True
361 | elif iType == 12:
362 | fKex = True
363 | elif iType == 14:
364 | fHelloDone = True
365 | if (fServerHello and fCert):
366 | break
367 | else:
368 |
369 | continue
370 | if not (fServerHello and fCert):
371 | showDisplay(displayMode," - [LOG] Invalid SSLv3 handshake.")
372 |
373 | elif len(recv)>0:
374 |
375 | if ord(recv[0])==22:
376 | iVulnCount+=1
377 | else:
378 | showDisplay(displayMode," - [LOG] %s No response from %s:%d" % (strVer,strHost,iPort))
379 | try:
380 | s.close()
381 | except:
382 | pass
383 | if iVulnCount > 0:
384 | showDisplay(displayMode," - [LOG] Allow SSLv3 Protocol")
385 | return "0x01"
386 | quit(1)
387 | else:
388 | return "0x00"
389 |
390 | quit(0)
391 |
392 |
393 | '''
394 | This is old code
395 | python lib not supprot sslv3 issue.
396 | change code.
397 |
398 |
399 | import socket, ssl, sys, argparse
400 | #Module
401 | class Responses:
402 | ACCEPT, REJECT, NOT_AVAILABLE = range(3)
403 |
404 | def test_server(hostname, port, ssl_version, timeout):
405 | try:
406 | sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
407 | sock.settimeout(timeout)
408 | ssl_sock = ssl.wrap_socket(sock, ssl_version=ssl_version)
409 | ssl_sock.connect((hostname, port))
410 | return Responses.ACCEPT
411 | except ssl.SSLError:
412 | return Responses.REJECT
413 | except socket.error:
414 | return Responses.NOT_AVAILABLE
415 | finally:
416 | ssl_sock.close()
417 |
418 | def m_poodle_run(hostname,port):
419 | quiet = 1
420 | timeout = 1
421 | result = test_server(hostname, port, ssl.PROTOCOL_SSLv3, timeout)
422 | if result == Responses.ACCEPT:
423 | showDisplay(displayMode," - [LOG] SSLv3 CONNECTION ACCEPTED")
424 | return "0x01"
425 | elif result == Responses.REJECT:
426 | showDisplay(displayMode," - [LOG] SSLv3 Rejected")
427 | return "0x00"
428 | else:
429 | showDisplay(displayMode," - [LOG] SSLv3 No Answer")
430 | return "0x00"
431 | '''
432 |
--------------------------------------------------------------------------------
/renovate.json:
--------------------------------------------------------------------------------
1 | {
2 | "extends": [
3 | "config:base"
4 | ]
5 | }
6 |
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | argparse
2 | netaddr
3 |
--------------------------------------------------------------------------------
/version:
--------------------------------------------------------------------------------
1 | 1.6
2 |
--------------------------------------------------------------------------------