SSLv3 Poodle攻击漏洞检测工具 KPoodle.py

漏洞编号:CVE-2014-3566
影响范围:SSLv3
漏洞详情:https://www.openssl.org/~bodo/ssl-poodle.pdf
http://www.praetorian.com/blog/man-in-the-middle-tls-ssl-protocol-downgrade-attack

客户端缓解方法:
1. IE高级选项中禁用SSLv3
2. 禁用Windows中的SSLv3,修改注册表。
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client],添加一个 DWORD 值“Enabled”,并设为 0。

 

最近漏洞着实有点多。
抽空写了一个脚本方便判断目标站点所支持的SSL协议版本情况。方便对此漏洞进行检测和排查。
欢迎补充和交流。

使用截图

kpoodle
kpoodle

KPoodle.py源代码

[python]
import ssl,socket,sys

SSL_VERSION={
‘SSLv2’:ssl.PROTOCOL_SSLv2,
‘SSLv3’:ssl.PROTOCOL_SSLv3,
‘SSLv23’:ssl.PROTOCOL_SSLv23,
‘TLSv1’:ssl.PROTOCOL_TLSv1,
}

def check_ssl_version(version):
try:
https = ssl.SSLSocket(socket.socket(),ssl_version=SSL_VERSION.get(version))
c = https.connect((ip,port))
print version + ‘ Supported’
return True
except Exception as e:
return False

USAGE = ‘==========\nKPoodle – SSL version and poodle attack vulnerability detect tool\n==========\nUsage: python kpoodle.py target port(default:443)\n\nby kingx’
try:
ip = sys.argv[1]
except:
print USAGE
sys.exit()
try:
port = int(sys.argv[2])
except:
port = 443

try:
print ‘Connecting…’
s = socket.socket().connect((ip,port))
except Exception as e:
print e
print ‘Can not connect to the target!’
sys.exit()

try:
print ‘Checking…’
ssl3 = check_ssl_version(‘SSLv3’)
ssl2 = check_ssl_version(‘SSLv2’)
ssl23 = check_ssl_version(‘SSLv23’)
tls = check_ssl_version(‘TLSv1’)
if ssl3:
print ‘\nSSLv3 Poodle Vulnerable!’
else:
print ‘\nNo SSLv3 Support!’
except Exception as e:
print e
[/python]

Join the Conversation

6 Comments

  1. 你好 脚本运行错误什么原因呢?
    Traceback (most recent call last):
    File “ssl.py”, line 1, in
    import ssl,socket,sys
    File “/home/jc/tool/py/ssl.py”, line 4, in
    ‘SSLv2’:ssl.PROTOCOL_SSLv2,
    AttributeError: ‘module’ object has no attribute ‘PROTOCOL_SSLv2’

Leave a comment

Your email address will not be published. Required fields are marked *