zoukankan      html  css  js  c++  java
  • SSLv3 Poodle攻击漏洞检测工具

    漏洞编号:CVE-2014-3566

    POC如下:

    import ssl,socket,sys
     
    SSL_VERSION={
        'SSLv2':ssl.PROTOCOL_SSLv2,
        'SSLv3':ssl.PROTOCOL_SSLv3,
        'SSLv23':ssl.PROTOCOL_SSLv23,
        'TLSv1':ssl.PROTOCOL_TLSv1,
    }
     
    def check_ssl_version(version):
        try:
            https = ssl.SSLSocket(socket.socket(),ssl_version=SSL_VERSION.get(version))
            c = https.connect((ip,port))
            print version + ' Supported'
            return True
        except Exception as e:
            return False
     
    USAGE = '========== KPoodle - SSL version and poodle attack vulnerability detect tool ========== Usage: python kpoodle.py target port(default:443) by kingx'
    try:
        ip = sys.argv[1]
    except:
        print USAGE
        sys.exit()
    try:
        port = int(sys.argv[2])
    except:
        port = 443
     
    try:
        print 'Connecting...'
        s = socket.socket().connect((ip,port))
    except Exception as e:
        print e
        print 'Can not connect to the target!'
        sys.exit()
     
    try:
        print 'Checking...'
        ssl3 = check_ssl_version('SSLv3')
        ssl2 = check_ssl_version('SSLv2')
        ssl23 = check_ssl_version('SSLv23')
        tls = check_ssl_version('TLSv1')
        if ssl3:
            print ' SSLv3 Poodle Vulnerable!'
        else:
            print ' No SSLv3 Support!'
    except Exception as e:
        print e

    如图:

  • 相关阅读:
    Minimum Sum
    Prefix and Suffix
    BBuBBBlesort!
    Wanna go back home
    The Chosen One+高精度
    一元三次方程
    文本文件比对
    nginx日志文件切割
    nginx启动脚本
    nginx
  • 原文地址:https://www.cnblogs.com/milantgh/p/5004836.html
Copyright © 2011-2022 走看看