zoukankan      html  css  js  c++  java
  • SSLv3 Poodle攻击漏洞检测工具

    漏洞编号:CVE-2014-3566

    POC如下:

    import ssl,socket,sys
     
    SSL_VERSION={
        'SSLv2':ssl.PROTOCOL_SSLv2,
        'SSLv3':ssl.PROTOCOL_SSLv3,
        'SSLv23':ssl.PROTOCOL_SSLv23,
        'TLSv1':ssl.PROTOCOL_TLSv1,
    }
     
    def check_ssl_version(version):
        try:
            https = ssl.SSLSocket(socket.socket(),ssl_version=SSL_VERSION.get(version))
            c = https.connect((ip,port))
            print version + ' Supported'
            return True
        except Exception as e:
            return False
     
    USAGE = '========== KPoodle - SSL version and poodle attack vulnerability detect tool ========== Usage: python kpoodle.py target port(default:443) by kingx'
    try:
        ip = sys.argv[1]
    except:
        print USAGE
        sys.exit()
    try:
        port = int(sys.argv[2])
    except:
        port = 443
     
    try:
        print 'Connecting...'
        s = socket.socket().connect((ip,port))
    except Exception as e:
        print e
        print 'Can not connect to the target!'
        sys.exit()
     
    try:
        print 'Checking...'
        ssl3 = check_ssl_version('SSLv3')
        ssl2 = check_ssl_version('SSLv2')
        ssl23 = check_ssl_version('SSLv23')
        tls = check_ssl_version('TLSv1')
        if ssl3:
            print ' SSLv3 Poodle Vulnerable!'
        else:
            print ' No SSLv3 Support!'
    except Exception as e:
        print e

    如图:

  • 相关阅读:
    [网站设计]网站设计的流程
    教你几招如何看透一个人
    难得迷茫
    java 日期 加减 运算
    第01章 SQL Server数据库基础 读后感
    [网站设计]如何设计一个成功的网站
    [网站设计] 素材网罗
    转载个人毕业5年职业感想
    SWTDesigner
    [存档]asp.net夜话之十一:web.config详解收藏
  • 原文地址:https://www.cnblogs.com/milantgh/p/5004836.html
Copyright © 2011-2022 走看看