Cultura

#Heartbleed: Colección de Herramientas #pentest

Collection of Heartbleed Tools (OpenSSL CVE-2014-0160)

A checker (site and tool) for CVE-2014-0160:
https://github.com/FiloSottile/Heartbleed

ssltest.py: Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford http://pastebin.com/WmxzjkXJ

SSL Server Test https://www.ssllabs.com/ssltest/index.html

Metasploit Module: https://github.com/rapid7/metasploit-framework/pull/3206/files

Nmap NSE script: Detects whether a server is vulnerable to the OpenSSL Heartbleed: https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse

Nmap NSE script: Quick’n’Dirty OpenVAS nasl wrapper for ssl_heartbleed based on ssl_cert_expiry.nas https://gist.github.com/RealRancor/10140249

Heartbleeder: Tests your servers for OpenSSL: https://github.com/titanous/heartbleeder?files=1

Heartbleed Attack POC and Mass Scanner: https://bitbucket.org/fb1h2s/cve-2014-0160

Heartbleed Honeypot Script: http://packetstormsecurity.com/files/126068/hb_honeypot.pl.txt

Rafael Bucio

Rafael Bucio

Gov, Data Center Engineer, Speaker, Cyber Security Researcher, SysAdmin, CyberPunk, HackAnd.Beer c[|||] ~ ⠠⠵ Blog

3 Comments

Previous post

Infografía: #HeartBleed Contraseñas y datos personales que debes cambiar en sitios comprometidos.

Next post

Video: Varias vulnerabilidades encontradas en el subdominio de la Moda en Yahoo Taiwán