Last active
December 18, 2017 06:01
-
-
Save nabla-c0d3/db3610017aff20941c29fe693744e919 to your computer and use it in GitHub Desktop.
Scanning for the ROBOT Vulnerability at Scale
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from sslyze.concurrent_scanner import ConcurrentScanner, PluginRaisedExceptionScanResult | |
from sslyze.plugins.robot_plugin import RobotScanCommand, RobotScanResultEnum | |
from sslyze.server_connectivity import ServerConnectivityInfo, ServerConnectivityError | |
from sslyze.ssl_settings import TlsWrappedProtocolEnum | |
SERVERS_TO_SCAN = [ | |
('www.google.com', 443, TlsWrappedProtocolEnum.HTTPS), | |
('smtp.gmail.com', 587, TlsWrappedProtocolEnum.STARTTLS_SMTP), | |
('imap.gmail.com', 993, TlsWrappedProtocolEnum.PLAIN_TLS), | |
('www.facebook.com', 443, TlsWrappedProtocolEnum.HTTPS), | |
('www.yahoo.com', 443, TlsWrappedProtocolEnum.HTTPS), | |
('jabber.org', 5269, TlsWrappedProtocolEnum.STARTTLS_XMPP_SERVER), | |
('github.com', 443, TlsWrappedProtocolEnum.HTTPS), | |
('travis-ci.org', 443, TlsWrappedProtocolEnum.HTTPS), | |
('web.whatsapp.com', 443, TlsWrappedProtocolEnum.HTTPS), | |
('vodafone.de', 443, TlsWrappedProtocolEnum.HTTPS), # This one is vulnerable as of 12/17/2017 | |
] | |
if __name__ == '__main__': | |
concurrent_scanner = ConcurrentScanner() | |
for hostname, port, protocol in SERVERS_TO_SCAN: | |
# Ensure the server is reachable | |
try: | |
print('Testing connectivity to {}:{}'.format(hostname, port)) | |
server_info = ServerConnectivityInfo(hostname=hostname, port=port, | |
tls_wrapped_protocol=protocol) | |
server_info.test_connectivity_to_server() | |
except ServerConnectivityError as e: | |
# Could not establish an SSL connection to the server | |
print('Error when connecting to {}: {}'.format(hostname, e.error_msg)) | |
continue | |
# Queue the ROBOT scan command | |
concurrent_scanner.queue_scan_command(server_info, RobotScanCommand()) | |
# Process the results | |
print('Waiting for results...') | |
for scan_result in concurrent_scanner.get_results(): | |
server_txt = '{}:{}:{}'.format(scan_result.server_info.hostname, | |
scan_result.server_info.ip_address, | |
scan_result.server_info.port) | |
# Did the scan command fail? | |
if isinstance(scan_result, PluginRaisedExceptionScanResult): | |
print('Scan command failed for {} : {}'.format(server_txt, | |
scan_result.as_text())) | |
continue | |
if isinstance(scan_result.scan_command, RobotScanCommand): | |
result_enum = scan_result.robot_result_enum | |
robot_txt = None | |
if result_enum == RobotScanResultEnum.VULNERABLE_STRONG_ORACLE: | |
robot_txt = 'VULNERABLE - Strong oracle, a real attack is possible' | |
elif result_enum == RobotScanResultEnum.VULNERABLE_WEAK_ORACLE: | |
robot_txt = 'VULNERABLE - Weak oracle, the attack would take too long' | |
elif result_enum == RobotScanResultEnum.NOT_VULNERABLE_NO_ORACLE: | |
robot_txt = 'OK - Not vulnerable' | |
elif result_enum == RobotScanResultEnum.NOT_VULNERABLE_RSA_NOT_SUPPORTED: | |
robot_txt = 'OK - Not vulnerable, RSA cipher suites not supported' | |
elif result_enum == RobotScanResultEnum.UNKNOWN_INCONSISTENT_RESULTS: | |
robot_txt = 'UNKNOWN - Received inconsistent results' | |
print('Result for {} : {}'.format(server_txt, robot_txt)) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment