HeartBleed – Exploiting the net “CVE-2014-0160”



Heartbleed has the potential to be one of the biggest most widespread vulnerability in the history of the modern Internet, at the root of Heartbleed is encryption. The internet has a set of protocols for security and encryption commonly known as “Security Socket Layers” S.S.L and its successor “Transport Layer Security” T.L.S, the most common implementation of SSL and TLS is a set of open source tools known as OpenSSL.

More information are available here : http://thehackernews.com/2014/04/heartbleed-bug-explained-10-most.html

You can test if your website is vulnerable to Heartbleed attack from this website : https://filippo.io/Heartbleed , well I was thinking about creating a tool that would test a list of websites “TOP 1 Million websites in my case” and if the script finds the target vulnerable it send an email to the webmaster telling him that he should fix it !

I have created that tool and its available for download here : https://github.com/MrNasro/heartbleed/

Before using the tool you need to change the following inside “exploit.py” :

fromaddr = ‘sender@email.com’
username = ’email_username’
password = ’email_password’
server = smtplib.SMTP(‘smtp.gmail.com:587’)

After the changes just just place the list of CSV domain names into the script directory and run it from the command line : python heartbleed.py

Screen Shot 2014-04-18 at 6.03.03 PM

Tagged , , , , ,

One thought on “HeartBleed – Exploiting the net “CVE-2014-0160”

  1. Ali says:

    Can you please make video for ( taking over router ) sorry noop 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: