Friday, April 18, 2014

Heartbleed Testing Tools [OpenSSL |CVE-2014-0160]


HeartBleed Response with Vulnerable System:-





 Here's a nice collection of heart bleed tools to help you along with this exploit:-
'ONLINE' OpenSSL Heartbleed Vulnerability Scanner: 
This is for those of you in this thread that are having trouble with the Python scripts below
--https://pentest-tools.com/vulnerability-scanning/openssl-heartbleed-scanner

A Checker:  (site and tool) for CVE-2014-0160:
--https://github.com/FiloSottile/Heartbleed  

ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford
--http://pastebin.com/WmxzjkXJ

ssltest.py: (modified version) Added URL crawler and auto-detection function, reducing the trouble to manually enter the URL. You can also use a proxy server, so you can choose your own search engine in the code, and change their keywords. Feel free to edit/modify to suit your needs.
--http://pastebin.com/cLt1Uk6H

ssltest.py: (modified version #2) This version is updated for handling different version of SSL/TLS
--http://pastebin.com/WtDbK1gR

pacemaker.py: Pacemaker Attempts to abuse OpenSSL clients that are vulnerable to Heartbleed (CVE-2014-0160). Compatible with Python 2 and 3.
--https://github.com/Lekensteyn/pacemaker

SSL Server Test:
--https://www.ssllabs.com/ssltest/index.html

Metasploit Module:
--https://github.com/rapid7/metasploit-framework/pull/3206/files

Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed:
--https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

Nmap NSE script: Quick'n'Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas
--https://gist.github.com/RealRancor/10140249

Heartbleeder: Tests your servers for OpenSSL:
--https://github.com/titanous/heartbleeder?files=1

Heartbleed Attack POC and Mass Scanner:
--https://bitbucket.org/fb1h2s/cve-2014-0160

Heartbleed Honeypot Script:
--http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Bleed Out Heartbleed Command Line Tool v.1.0.0.10:
Bleed Out is a command line tool written in C# for targeting instances of OpenSSL made vulnerable by the prolific "Heartbleed" bug. The tool aggressively exploits the OpenSSL vulnerability, dumping both ASCII and binary data to files. It also checks the uniqueness of each chunk before persisting it, to ensure that duplicate chunks are not saved.


http://packetstormsecurity.com/files/126102/BleedOut1.0.0.10.zip

Windows CMD example:
Code:
C:\Users\frank3nstien\Desktop\BleedOut1.0.0.10-1\Bin>BleedOut -h quirktools.com

Enjoy and Thanks for viewing my Blog

*Greetz to m0bi13_xT and My PC