目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2014-0160 PoC — OpenSSL 缓冲区错误漏洞

来源
https://github.com/musalbas/heartbleed-masstest
关联漏洞
标题:OpenSSL 缓冲区错误漏洞 (CVE-2014-0160)
Description:OpenSSL是OpenSSL团队开发的一个开源的能够实现安全套接层(SSL v2/v3)和安全传输层(TLS v1)协议的通用加密库,它支持多种加密算法,包括对称密码、哈希算法、安全散列算法等。 OpenSSL的TLS和DTLS实现过程中的d1_both.c和t1_lib.c文件中存在安全漏洞,该漏洞源于当处理Heartbeat Extension数据包时,缺少边界检查。远程攻击者可借助特制的数据包利用该漏洞读取服务器内存中的敏感信息(如用户名、密码、Cookie、私钥等)。以下版本的OpenSSL受到
Description
Multi-threaded tool for scanning many hosts for CVE-2014-0160.
介绍
This tool allows you to scan multiple hosts for Heartbleed, in an efficient multi-threaded manner.

This tests for OpenSSL versions vulnerable to Heartbleed without exploiting the server, so the heartbeat request does not cause the server to leak any data from memory or expose any data in an unauthorized manner. This [Mozilla blog post](http://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server) outlines the method used.

<pre>Usage: ssltest.py <network> [network2] [network3] ...

Test for SSL heartbleed vulnerability (CVE-2014-0160) on multiple domains

Options:
  -h, --help            show this help message and exit
  -p PORT, --port=PORT  Port to scan on all hosts or networks, default 443
  -i INPUT_FILE, --input=INPUT_FILE
                        Optional input file of networks or ip addresses, one
                        address per line
  -o LOG_FILE, --logfile=LOG_FILE
                        Optional logfile destination
  --resume              Do not rescan hosts that are already in the logfile
  -t TIMEOUT, --timeout=TIMEOUT
                        How long to wait for remote host to respond before
                        timing out
  --threads=THREADS     If specific, run X concurrent threads
  --json=JSON_FILE      Save data as json into this file
  --only-vulnerable     Only scan hosts that have been scanned before and were
                        vulnerable
  --only-unscanned      Only scan hosts that appear in the json file but have
                        not been scanned
  --summary             Useful with --json. Don't scan, just print old results
  --verbose             Print verbose information to screen
  --max=MAX             Exit program after scanning X hosts. Useful with
                        --only-unscanned</pre>
文件快照

 [4.0K]  /data/pocs/3869f80f5ac511bde82d46fe71c50773f1f0d9ca
├── [1.8K]  README.md
└── [ 12K]  ssltest.py

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。