OpenSSL 漏洞扫描(Python)

Linux 服务器会使用 OpenSSL 协议,但是 OpenSSL 有些低版本会存在漏洞,比如著名的"受戒礼"或"贵兵犬"漏洞,这里利用 Python paramiko 库编写了一个 Windows 下的 GUI 小程序,可以实现批量检测 Linux 服务器上的 OpenSSL 是否具有这两个漏洞。

Scanner2.py 文件代码(Python2.x):

# -*- coding:UTF-8 -*-

'''

OpenSSL受戒礼和Freak漏洞检测脚本

DesignBy:XB

2016.07

'''

import paramiko

import os

from Tkinter import *

server=[]

sjl_sign="Server certificate"

freak_sign="Server certificate"

ip=raw_input("Please Input Plart IP:")

username=raw_input("Username:")

pwd=raw_input("Password:")

def ReadServerlist():

print "The Plart:%s(Confirm Platform Always Online)"%ip

if os.path.exists("serverlist.txt"):

print "Find The Existing Serverlist."

else:

print "Didn't Find The Existing Serverlist,We Will Create It."

create=open("serverlist.txt",'w')

create.close()

ReadServerlist()

def scan():

read=file("serverlist.txt","r")

for line in read.readlines():

server.append(line)

for i in server:

i=i.strip("") #去掉行末换行符

cmd_sjl="openssl s_client -connect"+" "+i+":443 -cipher RC4"

cmd_freak="openssl s_client -connect"+" "+i+":443 -cipher EXPORT"

print "Scanning %s..."%i

scanbody(ip,username,pwd,cmd_sjl,cmd_freak)

print "All Done"

print "@Colasoft2016"

def scanbody(ip,username,pwd,cmd_sjl,cmd_freak):

try:

ssh=paramiko.SSHClient()

ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())

ssh.connect(ip,22,username,pwd)

stdin,stdout,stderr=ssh.exec_command(cmd_sjl)

sjl=stdout.readlines()

stdin,stdout,stderr=ssh.exec_command(cmd_freak)

freak=stdout.readlines()

ssh.close()

list_sjl=[]

list_freak=[]

for k in sjl:

list_sjl.append(k)

for j in freak:

list_freak.append(j)

if sjl_sign in list_sjl:

if freak_sign in list_freak:

print "危险:服务器存在OpenSSL受戒礼漏洞和Freak漏洞"

else:

print "危险:服务器存在OpenSSL受戒礼漏洞"

else:

if freak_sign in list_freak:

print "危险:服务器存在OpenSSLFreak漏洞"

else:

print "恭喜:服务器不存在OpenSSL受戒礼漏洞和Freak漏洞"

except paramiko.AuthenticationException,e:

print 'Error'

print 'Error Detail',e

#GUI Program

root=Tk()

root.title("OpenSSL受戒礼和Freak漏洞检测程序")

root.geometry('380x380') #设置窗口大小,中间是x

root.resizable(width=False,height=False) #设置窗口是否可以变化长宽,此处宽高不可变;

notice1=Label(root,text="请输入需要扫描的服务器IP(每行一个IP)",fg='red')

notice1.pack(side=TOP)

#滚动条

scrollbar=Scrollbar(root)

scrollbar.pack(side=RIGHT,fill=Y)

scrollbar.set(1,5)

#获取文件内容

content=file("serverlist.txt","r")

readtext=content.read()

content.close()

#写入到文件

server_list=Text(root,width=35,height=22,yscrollcommand=scrollbar.set)

server_list.place(x=5,y=80)

server_list.insert(END,readtext)

scrollbar.config(command=server_list.yview)

#保存函数

def save():

save=server_list.get('0.0',END).strip()

print "Save:"

print save

file_object=open("serverlist.txt","w")

file_object.writelines(save)

file_object.close()

#保存和扫描按钮

save_button=Button(root,text="保存",width=9,height=2,command=save).place(x=260,y=80)

scan_button=Button(root,text="扫描",width=9,height=2,command=scan).place(x=260,y=150)

root.mainloop()

OpenSSL 漏洞扫描(Python)

相关推荐