Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def process_task(self, target, command, args):
MAX_THREADS = 15
sslVersionDict = {'sslv2': SSLV2,
'sslv3': SSLV3,
'tlsv1': TLSV1,
'tlsv1_1': TLSV1_1,
'tlsv1_2': TLSV1_2}
try:
sslVersion = sslVersionDict[command]
except KeyError:
raise Exception("PluginOpenSSLCipherSuites: Unknown command.")
# Get the list of available cipher suites for the given ssl version
sslClient = SslClient(sslVersion=sslVersion)
sslClient.set_cipher_list('ALL:COMPLEMENTOFALL')
cipher_list = sslClient.get_cipher_list()
# Create a thread pool
NB_THREADS = min(len(cipher_list), MAX_THREADS) # One thread per cipher
thread_pool = ThreadPool()
def process_task(self, target, command, args):
MAX_THREADS = 30
sslVersionDict = {'sslv2': SSLV2,
'sslv3': SSLV3,
'tlsv1': TLSV1,
'tlsv1_1': TLSV1_1,
'tlsv1_2': TLSV1_2}
try:
sslVersion = sslVersionDict[command]
except KeyError:
raise Exception("PluginOpenSSLCipherSuites: Unknown command.")
# Get the list of available cipher suites for the given ssl version
sslClient = SslClient(sslVersion=sslVersion)
sslClient.set_cipher_list('ALL:COMPLEMENTOFALL')
cipher_list = sslClient.get_cipher_list()
# Create a thread pool
NB_THREADS = min(len(cipher_list), MAX_THREADS) # One thread per cipher
thread_pool = ThreadPool()
def heartbleed_payload(sslVersion):
# This heartbleed payload does not exploit the server
# https://blog.mozilla.org/security/2014/04/12/testing-for-heartbleed-vulnerability-without-exploiting-the-server/
SSL_VERSION_MAPPING = {
SSLV3 : '\x00', # Surprising that it works with SSL 3 which doesn't define TLS extensions
TLSV1 : '\x01',
TLSV1_1: '\x02',
TLSV1_2: '\x03'}
payload = (
'\x18' # Record type - Heartbeat
'\x03{0}' # TLS version
'\x40\x00' # Record length
'\x01' # Heartbeat type - Request
'\x3f\xfd') # Heartbeat length
payload += '\x01'*16381 # Heartbeat data
payload += ( # Second Heartbeat request with no padding
'\x18' # Record type - Heartbeat
'\x03{0}'