forked from averagesecurityguy/scripts
-
Notifications
You must be signed in to change notification settings - Fork 1
/
sweet32.go
134 lines (105 loc) · 3.03 KB
/
sweet32.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
package main
import (
"os"
"fmt"
"net"
"time"
"flag"
"crypto/tls"
)
var verbose bool
func vprint(msg string) {
if verbose {
fmt.Printf(msg)
}
}
func banner() {
fmt.Println(" [ The SWEET32 Tester ]")
}
func check(e error) {
if e != nil {
fmt.Println(e)
os.Exit(1)
}
}
func cipherstring(i uint16) string {
switch {
case i == 0x000a:
return "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
case i == 0xc012:
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
default:
return ""
}
}
func getConnection(server string, conf *tls.Config, timeout time.Duration) (*tls.Conn) {
// Create a TCP connection.
conn, err := net.DialTimeout("tcp", server, timeout)
check(err)
vprint(fmt.Sprintf("[+] Successfully connected to: %s\n", conn.RemoteAddr()))
// Create TLS connection using our TCP connection and set a deadline
// before attempting the handshake. This will ensure the handshake times
// out.
tlsconn := tls.Client(conn, conf)
tlsconn.SetDeadline(time.Now().Add(timeout))
err = tlsconn.Handshake()
if err != nil {
fmt.Println("[-] Unable to complete TLS handshake.")
os.Exit(0)
}
// Reset the deadline to zero.
tlsconn.SetDeadline(time.Time{})
// Document cipher suite
state := tlsconn.ConnectionState()
vprint(fmt.Sprintf("[+] Using: %s\n", cipherstring(state.CipherSuite)))
return tlsconn
}
func main() {
var server string
var port string
flag.BoolVar(&verbose, "v", false, "Verbose output.")
flag.StringVar(&server, "s", "", "IP address or hostname of web server.")
flag.StringVar(&port, "p", "", "Port number of web server.")
flag.Parse()
if server == "" || port == "" {
flag.Usage()
os.Exit(0)
}
target := fmt.Sprintf("%s:%s", server, port)
timeout := 30 * time.Second
banner()
fmt.Printf("[*] Testing connection to %s.\n", target)
// Build TLS Config
conf := &tls.Config{
InsecureSkipVerify: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
},
}
// Make our connection
conn := getConnection(target, conf, timeout)
defer conn.Close()
// Write data to the connection.
for i := 1; i <= 10000; i++ {
send := []byte(fmt.Sprintf("GET / HTTP/1.1\r\nHost: %s\r\n\r\n", target))
_, err := conn.Write(send)
if err != nil {
vprint("\n")
vprint(fmt.Sprintf("[+] Connection closed after %d requests.\n", i))
fmt.Printf("[+] %s is not vulnerable.\n", server)
break
}
resp := make([]byte, 512)
conn.Read(resp)
if i % 20 == 0 {
vprint(".")
}
if i == 10000 {
vprint("\n")
vprint(fmt.Sprintf("[-] The server accepted 10000 requests.\n"))
fmt.Printf("[-] %s is likely vulnerable.\n", server)
}
}
fmt.Println("")
}