HeartBleed – Exploiting the net “CVE-2014-0160”

 

heartbleed

Heartbleed has the potential to be one of the biggest most widespread vulnerability in the history of the modern Internet, at the root of Heartbleed is encryption. The internet has a set of protocols for security and encryption commonly known as “Security Socket Layers” S.S.L and its successor “Transport Layer Security” T.L.S, the most common implementation of SSL and TLS is a set of open source tools known as OpenSSL.

More information are available here : http://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html

You can test if your website is vulnerable to Heartbleed attack from this website : https://filippo.io/Heartbleed , well I was thinking about creating a tool that would test a list of websites “TOP 1 Million websites in my case” and if the script finds the target vulnerable it send an email to the webmaster telling him that he should fix it !

I have created that tool and its available for download here : https://github.com/MrNasro/heartbleed/

Before using the tool you need to change the following inside “exploit.py” :

fromaddr = ‘sender@email.com’
username = ’email_username’
password = ’email_password’
server = smtplib.SMTP(‘smtp.gmail.com:587’)

After the changes just just place the list of CSV domain names into the script directory and run it from the command line : python heartbleed.py

Screen Shot 2014-04-18 at 6.03.03 PM

Tagged , , , , ,

One thought on “HeartBleed – Exploiting the net “CVE-2014-0160”

  1. Ali says:

    Can you please make video for ( taking over router ) sorry noop🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: