Linux 服务器会使用 OpenSSL 协议,但是 OpenSSL 有些低版本会存在漏洞,比如著名的"受戒礼"或"贵兵犬"漏洞,这里利用 Python paramiko 库编写了一个 Windows 下的 GUI 小程序,可以实现批量检测 Linux 服务器上的 OpenSSL 是否具有这两个漏洞。
Scanner2.py 文件代码(Python2.x):
# -*- coding:UTF-8 -*-
'''
OpenSSL受戒礼和Freak漏洞检测脚本
import os
from Tkinter import * server=[]
sjl_sign="Server certificaten"
freak_sign="Server certificaten" ip=raw_input("Please Input Plart IP:")
username=raw_input("Username:")
pwd=raw_input("Password:") def ReadServerlist():
print "The Plart:%s(Confirm Platform Always Online)"%ip
if os.path.exists("serverlist.txt"):
print "Find The Existing Serverlist."
else:
print "Didn't Find The Existing Serverlist,We Will Create It."
create=open("serverlist.txt",'w')
create.close()
ReadServerlist() def scan():
read=file("serverlist.txt","r")
for line in read.readlines():
server.append(line)
for i in server:
i=i.strip("n") #去掉行末换行符
cmd_sjl="openssl s_client -connect"+" "+i+":443 -cipher RC4"
cmd_freak="openssl s_client -connect"+" "+i+":443 -cipher EXPORT"
print "nScanning %s..."%i
scanbody(ip,username,pwd,cmd_sjl,cmd_freak)
print "@Colasoft2016" def scanbody(ip,username,pwd,cmd_sjl,cmd_freak):
try:
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
sjl=stdout.readlines()
stdin,stdout,stderr=ssh.exec_command(cmd_freak)
freak=stdout.readlines()
ssh.close()
list_freak=[]
list_sjl.append(k)
list_freak.append(j)
if freak_sign in list_freak:
print "危险:服务器存在OpenSSL受戒礼漏洞和Freak漏洞"
else:
print "危险:服务器存在OpenSSL受戒礼漏洞"
else:
if freak_sign in list_freak:
print "危险:服务器存在OpenSSLFreak漏洞"
else:
print "恭喜:服务器不存在OpenSSL受戒礼漏洞和Freak漏洞"
print 'Error'
print 'Error Detail',e #GUI Program
root=Tk()
root.title("OpenSSL受戒礼和Freak漏洞检测程序")
root.geometry('380x380') #设置窗口大小,中间是x
root.resizable(width=False,height=False) #设置窗口是否可以变化长宽,此处宽高不可变; notice1=Label(root,text="请输入需要扫描的服务器IP(每行一个IP)",fg='red')
notice1.pack(side=TOP)
#滚动条
scrollbar=Scrollbar(root)
scrollbar.pack(side=RIGHT,fill=Y)
scrollbar.set(1,5) #获取文件内容
content=file("serverlist.txt","r")
readtext=content.read()
content.close() #写入到文件
server_list=Text(root,width=35,height=22,yscrollcommand=scrollbar.set)
server_list.place(x=5,y=80)
server_list.insert(END,readtext)
scrollbar.config(command=server_list.yview) #保存函数
def save():
save=server_list.get('0.0',END).strip()
print "Save:"
print save
file_object=open("serverlist.txt","w")
file_object.writelines(save)
file_object.close()
#保存和扫描按钮
save_button=Button(root,text="保存",width=9,height=2,command=save).place(x=260,y=80)
scan_button=Button(root,text="扫描",width=9,height=2,command=scan).place(x=260,y=150) root.mainloop()
OpenSSL受戒礼和Freak漏洞检测脚本
DesignBy:XB
2016.07
import os
from Tkinter import * server=[]
sjl_sign="Server certificaten"
freak_sign="Server certificaten" ip=raw_input("Please Input Plart IP:")
username=raw_input("Username:")
pwd=raw_input("Password:") def ReadServerlist():
print "The Plart:%s(Confirm Platform Always Online)"%ip
if os.path.exists("serverlist.txt"):
print "Find The Existing Serverlist."
else:
print "Didn't Find The Existing Serverlist,We Will Create It."
create=open("serverlist.txt",'w')
create.close()
ReadServerlist() def scan():
read=file("serverlist.txt","r")
for line in read.readlines():
server.append(line)
for i in server:
i=i.strip("n") #去掉行末换行符
cmd_sjl="openssl s_client -connect"+" "+i+":443 -cipher RC4"
cmd_freak="openssl s_client -connect"+" "+i+":443 -cipher EXPORT"
print "nScanning %s..."%i
scanbody(ip,username,pwd,cmd_sjl,cmd_freak)
print "nAll Done"
print "@Colasoft2016" def scanbody(ip,username,pwd,cmd_sjl,cmd_freak):
try:
ssh=paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(ip,22,username,pwd)
stdin,stdout,stderr=ssh.exec_command(cmd_sjl)
sjl=stdout.readlines()
stdin,stdout,stderr=ssh.exec_command(cmd_freak)
freak=stdout.readlines()
ssh.close()
list_sjl=[]
list_freak=[]
for k in sjl:
list_sjl.append(k)
for j in freak:
list_freak.append(j)
if sjl_sign in list_sjl:
if freak_sign in list_freak:
print "危险:服务器存在OpenSSL受戒礼漏洞和Freak漏洞"
else:
print "危险:服务器存在OpenSSL受戒礼漏洞"
else:
if freak_sign in list_freak:
print "危险:服务器存在OpenSSLFreak漏洞"
else:
print "恭喜:服务器不存在OpenSSL受戒礼漏洞和Freak漏洞"
except paramiko.AuthenticationException,e:
print 'Error'
print 'Error Detail',e #GUI Program
root=Tk()
root.title("OpenSSL受戒礼和Freak漏洞检测程序")
root.geometry('380x380') #设置窗口大小,中间是x
root.resizable(width=False,height=False) #设置窗口是否可以变化长宽,此处宽高不可变; notice1=Label(root,text="请输入需要扫描的服务器IP(每行一个IP)",fg='red')
notice1.pack(side=TOP)
#滚动条
scrollbar=Scrollbar(root)
scrollbar.pack(side=RIGHT,fill=Y)
scrollbar.set(1,5) #获取文件内容
content=file("serverlist.txt","r")
readtext=content.read()
content.close() #写入到文件
server_list=Text(root,width=35,height=22,yscrollcommand=scrollbar.set)
server_list.place(x=5,y=80)
server_list.insert(END,readtext)
scrollbar.config(command=server_list.yview) #保存函数
def save():
save=server_list.get('0.0',END).strip()
print "Save:"
print save
file_object=open("serverlist.txt","w")
file_object.writelines(save)
file_object.close()
#保存和扫描按钮
save_button=Button(root,text="保存",width=9,height=2,command=save).place(x=260,y=80)
scan_button=Button(root,text="扫描",width=9,height=2,command=scan).place(x=260,y=150) root.mainloop()
投稿人:宋小兵
昵称:晓兵
邮箱:ssbandjl@163.com
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
评论(0)