sensepost / heartbleed-poc Goto Github PK

sir, I ran .py which reported vulnerable. I ran the nse which reported nothing except open port. Debian wheezy with wheezy-backports/nmap v6.40

i ran against 127.0.0.1:1000 (webmin)

thank you.

At Line 78, the function recvall "return None" when the s.recv timeout regardless if we already received some data from the other end... Not receiving a EOF does not always mean that we did not receive any data...

I noticed at in some occasion, the server will send us back the 64k of memory content, but will not close the connection, triggering the timeout and leading to false negative. In such case your script will return: "Unexpected EOF receiving record payload - server closed connection - No heartbeat response received from XXX, server likely not vulnerable", when in fact we did receive some data...

You should add a check to see if rdata is not null when recvall timeout... if it's not null, then return rdata instead of None.

Hi there.

I am having difficulty running the -n100 option while running this script. Running the command without this option yields a successful answer but when I run it with -n100 option I receive the error message "error 11001 getaddinfofailed". I don't know this is a python thing or something having to do with the script. I found online that other pple have come across this issue when using python, but none pertained to this script and since I had no issue running it without the -n option I thought perhaps its not a python issue.

The site is for sure vulnerable
I'm running windows 8.1 os from the standard command prompt

Thanks for any tips you might be able to provide!

Thanks for your pocs, but you have not adapted an open-source license to this repository.
May I use and modify your pocs on my scanner?
Thanks.