SSLv3|SSLv3 Poodle攻击漏洞检测工具
漏洞编号:CVE-2014-3566
POC如下:
import ssl,socket,sys
SSL_VERSION={
'SSLv2':ssl.PROTOCOL_SSLv2,
'SSLv3':ssl.PROTOCOL_SSLv3,
'SSLv23':ssl.PROTOCOL_SSLv23,
'TLSv1':ssl.PROTOCOL_TLSv1,
}
def check_ssl_version(version):
try:
https = ssl.SSLSocket(socket.socket(),ssl_version=SSL_VERSION.get(version))
c = https.connect((ip,port))
print version + ' Supported'
return True
except Exception as e:
return False
USAGE = '==========\nKPoodle - SSL version and poodle attack vulnerability detect tool\n==========\nUsage: python kpoodle.py target port(default:443)\n\nby kingx'
try:
ip = sys.argv[1]
except:
print USAGE
sys.exit()
try:
port = int(sys.argv[2])
except:
port = 443
try:
print 'Connecting...'
s = socket.socket().connect((ip,port))
except Exception as e:
print e
print 'Can not connect to the target!'
sys.exit()
try:
print 'Checking...'
ssl3 = check_ssl_version('SSLv3')
ssl2 = check_ssl_version('SSLv2')
ssl23 = check_ssl_version('SSLv23')
tls = check_ssl_version('TLSv1')
if ssl3:
print '\nSSLv3 Poodle Vulnerable!'
else:
print '\nNo SSLv3 Support!'
except Exception as e:
print e
【SSLv3|SSLv3 Poodle攻击漏洞检测工具】如图:
文章图片
推荐阅读
- 简易有效Api接口防攻击策略
- C语言小游戏教程P4
- 降维攻击
- 【鼎典美育】如何面对孩子的“攻击性行为”()
- 一颗麦子对另一颗麦子发起了血腥的攻击……引发了一个话题(爱是什么())
- 饱和攻击
- 伊朗Cisco路由器遭黑客攻击|伊朗Cisco路由器遭黑客攻击 全国互联网几乎瘫痪
- 一种几乎无法被检测到的Punycode钓鱼攻击,Chrome、Firefox和Opera等浏览器都中招
- 面试|面试问题如何预防csrf攻击
- Capture the flag