그렇기 때문에 빠르게 테스트가 필요한 것들은 Scanner와 같은 툴의 도움을 많이 받습니다.
오늘은 SSL 관련 취약점 테스트가 쉬운 스크립트에 대해 소개할까 합니다.
(제가 제 작품을 소개하고 있으니...)
A2SV란?(What is A2SV?)
Auto Scanning to SSL Vulnerability 의 약자로 이름을 만들었습니다.그냥 쉽게 SSL에 대해 점검할 수 있다면 좋겠다. 라는 생각에서 출발하게 되었지요.
물론 상용/오픈소스 스캐너에서도 점검하는 항목이겠지만.. 그래도 하나쯤 만들어두면 편하게 사용할 수 있지요.
툴의 점검 코드는 공개된 POC코드를 이용하여 작성하였고, 신규 SSL 취약점이 나오면 더 추가하려고 생각중입니다.
설치하기(Install A2SV)
A. Download(clone) & Unpack A2SVgit clone https://github.com/hahwul/a2sv.git
cd a2sv
B. Install Python Package
pip install argparse
C. Run A2SV
python a2sv.py -h
간단한 사용법(Simple Manual)
usage: a2sv.py [-h] [-t T] [-p P] [-m M]optional arguments:
-h, --help show this help message and exit
-t T Target URL/IP Address
-p P Custom Port / Default: 443
-m M Check Module
ex)
python a2sv.py -t 127.0.0.1
python a2sv.py -t 127.0.0.1 -m heartbleed
python a2sv.py -t 127.0.0.1 -p 8111
옵션 설명
-t : 스캔할 타겟 IP/Host 입니다.
-p : 스캔할 포트입니다. 미 지정 시 443(https)으로 세팅됩니다.
-m : 단독 모듈로 실행합니다. (예를들어 CCS Injection 적용 시 CCS Injection에 대해서만 스캔을 진행합니다.
HaHwul #> a2sv -t github.com
█████╗ ██████╗ ███████╗██╗ ██╗
██╔══██╗╚════██╗██╔════╝██║ ██║
███████║ █████╔╝███████╗██║ ██║
.o oOOOOOOOo ██╔══██║██╔═══╝ ╚════██║╚██╗ ██╔╝ OOOo
Ob.OOOOOOOo O ██║ ██║███████╗███████║ ╚████╔╝ .adOOOOOOO
OboO'''''''''' ╚═╝ ╚═╝╚══════╝╚══════╝ ╚═══╝ ''''''''''OO
OOP.oOOOOOOOOOOO 'POOOOOOOOOOOo. `'OOOOOOOOOP,OOOOOOOOOOOB'
`O'OOOO' `OOOOo'OOOOOOOOOOO` .adOOOOOOOOO'oOOO' `OOOOo
.OOOO' `OOOOOOOOOOOOOOOOOOOOOOOOOO' `OO
OOOOO ''OOOOOOOOOOOOOOOO'` oOO
oOOOOOba. .adOOOOOOOOOOba .adOOOOo.
oOOOOOOOOOOOOOba. .adOOOOOOOOOO@^OOOOOOOba. .adOOOOOOOOOOOO
OOOOOOOOOOOOOOOOO.OOOOOOOOOOOOOO'` ''OOOOOOOOOOOOO.OOOOOOOOOOOOOO
'OOOO' 'YOoOOOOMOIONODOO'` . ''OOROAOPOEOOOoOY' 'OOO'
Y 'OOOOOOOOOOOOOO: .oOOo. :OOOOOOOOOOO?' :`
: .oO%OOOOOOOOOOo.OOOOOO.oOOOOOOOOOOOO? .
. oOOP'%OOOOOOOOoOOOOOOO?oOOOOO?OOOO'OOo
'%o OOOO'%OOOO%'%OOOOO'OOOOOO'OOO':
`$' `OOOO' `O'Y ' `OOOO' o .
. . OP' : o .
:
[Auto Scanning to SSL Vulnerability 1.3.7]
[By Hahwul / www.hahwul.com]
________________________________________________________________________
[SET] target => github.com
[SET] IP Address => 192.30.252.120
[SET] target port => 443
[SET] include => All Module
[INF] Scan CCS Injection..
- [LOG] TLSv1.2 192.30.252.120:443 rejected early CCS
- [LOG] TLSv1.1 192.30.252.120:443 rejected early CCS
- [LOG] TLSv1 192.30.252.120:443 rejected early CCS
- [LOG] [SSLv3] 192.30.252.120:443 Invalid handshake.
[RES] CCS Injection Result :: 0x00
[INF] Scan HeartBleed..
- [LOG] Sending Client Hello...
- [LOG] Waiting for Server Hello...
- [LOG] Sending heartbeat request..
[RES] HeartBleed :: 0x00
[INF] Scan SSLv3 POODLE..
- [LOG] SSLv3 Rejected
[RES] SSLv3 POODLE :: 0x00
[INF] Scan OpenSSL FREAK..
- [LOG] IP Check Ok.
- [LOG] Start SSL Connection / Gathering Information
- [LOG] Ending Get Information
- [LOG] 'Cipher is EXP' not in Response
[RES] OpenSSL FREAK :: 0x00
[INF] Scan OpenSSL LOGJAM..
- [LOG] IP Check Ok.
- [LOG] Start SSL Connection / Gathering Information
- [LOG] Ending Get Information
- [LOG] 'Cipher is DEH' not in Response
[RES] OpenSSL LOGJAM :: 0x00
[FIN] Scan Finish!
________________________________________________________________________
[A2SV REPORT]
[TARGET]: 192.30.252.120
[PORT]: 443
[SCAN TIME]: 2016-05-18 00:05:39.434007
[VULNERABILITY]
Vulnerability CVE CVSS v2 Base Score State
============== ============= ========================== ================
CCS Injection CVE-2014-0224 AV:N/AC:M/Au:N/C:P/I:P/A:P Not Vulnerable.
HeartBleed CVE-2014-0160 AV:N/AC:M/Au:N/C:P/I:N/A:N Not Vulnerable.
SSLv3 POODLE CVE-2014-3566 AV:N/AC:L/Au:N/C:P/I:N/A:N Not Vulnerable.
OpenSSL FREAK CVE-2015-0204 AV:N/AC:M/Au:N/C:N/I:P/A:N Not Vulnerable.
OpenSSL LOGJAM CVE-2015-4000 AV:N/AC:M/Au:N/C:N/I:P/A:N Not Vulnerable.
________________________________________________________________________
참여하기
아래 git에 같이 참여하셔도 좋습니다. (언제나 대환영)https://github.com/hahwul/a2sv
 |
HAHWULSecurity engineer, Gopher and H4cker!
 |
how to explit ?
ReplyDeleteThis tools is just ssl vulnerability scanner.
DeleteIf you want to exploit its vulnerability, you had better use metasploit ?
I get the following error when using it, any idea? Also: When I enter a custom port via -p command, I get the error that it is not an Integer. I manually edited the script to change the port, then it works.
ReplyDeleteThe following error still remains. What Python version are you using?
[S]CCS Injection Result :: 0x00
[INF] Scan HeartBleed..
- [LOG] Sending Client Hello...
- [LOG] Waiting for Server Hello...
- [LOG] Sending heartbeat request..
[RES] HeartBleed :: 0x00
[INF] Scan SSLv3 POODLE..
Traceback (most recent call last):
File "a2sv.py", line 163, in
runScan(checkVun)
File "a2sv.py", line 84, in runScan
poodle_result = m_poodle_run(targetIP,port)
File "/root/VunLink/a2sv/module/M_poodle.py", line 88, in m_poodle_run
result = test_server(hostname, port, ssl.PROTOCOL_SSLv3, timeout)
AttributeError: 'module' object has no attribute 'PROTOCOL_SSLv3'
I'm used python 2.7.9 version.
Delete#> python --version
Python 2.7.9
In my opinion this issue is python version issues or ssl, request (http send) module issue.
- similar issue. -
http://stackoverflow.com/questions/28987891/patch-pyopenssl-for-sslv3-issue
https://github.com/threatstream/shockpot/issues/8
By any chance, Did you find same error after test to other url?
=====
-p options error fixed
"TypeError: %d format: a number is required, not str" => 2.1.1