Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-0204 PoC — OpenSSL 加密问题漏洞

Source
https://github.com/scottjpack/Freak-Scanner
Associated Vulnerability
Title:OpenSSL 加密问题漏洞 (CVE-2015-0204)
Description:The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak ephemeral RSA key in a noncompliant role, related to the "FREAK" issue. NOTE: the scope of this CVE is only client code based on OpenSSL, not EXPORT_RSA issues associated with servers or other TLS implementations.
Description
Multithreaded FREAK scanner, used to detect SSL EXP Ciphers, vulnerable to CVE-2015-0204
Readme
# Freak-Scanner
Multithreaded Python FREAK scanner, used to detect SSL EXP Ciphers, vulnerable to CVE-2015-0204

It's pretty quick, should be able to scan just shy of 1k hosts in an hour.
The output is messy though, you'll have to grep on Vulnerable/NotVulnerable
I'll try to clean this up later if there's any demand for it.
File Snapshot

 [4.0K]  /data/pocs/bac16dee1575d331f69448f5f84205a9bd0fa6c2
├── [3.1K]  freak_scanner.py
└── [ 326]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →