Beispiel #1
0
func main() {
	var (
		service = flag.String("service", "https", fmt.Sprintf(
			`Specify a service name to test (using STARTTLS if necessary).
		Besides HTTPS, currently supported services are:
		%s`, heartbleed.Services))
		check_cert = flag.Bool("check-cert", false, "check the server certificate")
	)
	flag.Parse()

	if flag.NArg() < 1 {
		usage()
	}

	tgt := &heartbleed.Target{
		Service: *service,
		HostIp:  flag.Arg(0),
	}

	// Parse the host out of URLs
	u, err := url.Parse(tgt.HostIp)
	if err == nil && u.Host != "" {
		tgt.HostIp = u.Host
		if u.Scheme != "" {
			tgt.Service = u.Scheme
		}
	}

	out, err := heartbleed.Heartbleed(tgt,
		[]byte("github.com/FiloSottile/Heartbleed"), !(*check_cert))
	if err == heartbleed.Safe {
		log.Printf("%v - SAFE", tgt.HostIp)
		os.Exit(0)
	} else if err != nil {
		if err.Error() == "Please try again" {
			log.Printf("%v - TRYAGAIN: %v", tgt.HostIp, err)
			os.Exit(2)
		} else {
			log.Printf("%v - ERROR: %v", tgt.HostIp, err)
			os.Exit(2)
		}
	} else {
		log.Printf("%v\n", out)
		log.Printf("%v - VULNERABLE", tgt.HostIp)
		os.Exit(1)
	}
}
Beispiel #2
0
func handleRequest(tgt *heartbleed.Target, w http.ResponseWriter, r *http.Request, skip bool) {
	if tgt.HostIp == "" {
		// tens of empty requests per minute, mah...
		return
	}

	w.Header().Set("Access-Control-Allow-Origin", "*")

	var rc int
	var errS string
	var data string

	cacheKey := tgt.Service + "://" + tgt.HostIp
	if skip {
		cacheKey += "/skip"
	}

	var cacheOk bool
	if withCache {
		cReply, ok := hbcache.Check(cacheKey)
		if ok {
			rc = int(cReply.Status)
			errS = cReply.Error
			data = cReply.Data
			cacheOk = true
		}
	}

	if !withCache || !cacheOk {
		out, err := heartbleed.Heartbleed(tgt, PAYLOAD, skip)

		if err == heartbleed.Safe || err == heartbleed.Closed {
			rc = 1
		} else if err != nil {
			rc = 2
		} else {
			rc = 0
			// _, err := bleed.Heartbleed(tgt, PAYLOAD)
			// if err == nil {
			// 	// Two VULN in a row
			// 	rc = 0
			// } else {
			// 	// One VULN and one not
			// 	_, err := bleed.Heartbleed(tgt, PAYLOAD)
			// 	if err == nil {
			// 		// 2 VULN on 3 tries
			// 		rc = 0
			// 	} else {
			// 		// 1 VULN on 3 tries
			// 		if err == bleed.Safe {
			// 			rc = 1
			// 		} else {
			// 			rc = 2
			// 		}
			// 	}
			// }
		}

		switch rc {
		case 0:
			data = out
			log.Printf("%v (%v) - VULNERABLE [skip: %v]", tgt.HostIp, tgt.Service, skip)
		case 1:
			log.Printf("%v (%v) - SAFE", tgt.HostIp, tgt.Service)
		case 2:
			errS = err.Error()
			if errS == "Please try again" {
				log.Printf("%v (%v) - MISMATCH", tgt.HostIp, tgt.Service)
			} else {
				log.Printf("%v (%v) - ERROR [%v]", tgt.HostIp, tgt.Service, errS)
			}
		}
	}

	if withCache && !cacheOk {
		hbcache.Set(cacheKey, rc, data, errS)
	}

	res := result{rc, data, errS, tgt.HostIp}
	j, err := json.Marshal(res)
	if err != nil {
		log.Println("[json] ERROR:", err)
	} else {
		w.Write(j)
	}
}