Check for Ticketbleed (CVE-2016-9244) vulnerability.
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"log" | |
"strings" | |
"os" | |
) | |
var Target = "" | |
func main() { | |
if len(os.Args) != 2 { | |
fmt.Println("usage: ticketbleed [domain:port]") | |
os.Exit(1) | |
} | |
Target := os.Args[1] | |
conf := &tls.Config{ | |
InsecureSkipVerify: true, | |
ClientSessionCache: tls.NewLRUClientSessionCache(32), | |
} | |
conn, err := tls.Dial("tcp", Target, conf) | |
if err != nil { | |
log.Fatalln("Failed to connect:", err) | |
} | |
conn.Close() | |
conn, err = tls.Dial("tcp", Target, conf) | |
if err != nil && strings.Contains(err.Error(), "unexpected message") { | |
fmt.Println(Target, "is vulnerable to Ticketbleed") | |
} else if err != nil { | |
log.Fatalln("Failed to reconnect:", err) | |
} else { | |
fmt.Println(Target, "does NOT appear to be vulnerable") | |
conn.Close() | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment