Linux 服务器会使用 OpenSSL 协议 但是 OpenSSL 有些低版本会存在漏洞 比如著名的"受戒礼"或"贵兵犬"漏洞 这里利用 Python paramiko 库编写了一个 Windows 下的 GUI 小程序 可以实现批量检测 Linux 服务器上的 OpenSSL 是否具有这两个漏洞。

Scanner2.py 文件代码(Python2.x):

# -*- coding:UTF-8 -*-'''OpenSSL受戒礼和Freak漏洞检测脚本DesignBy:XB2016.07'''import paramikoimport osfrom Tkinter import *server=[]sjl_sign="Server certificaten"freak_sign="Server certificaten"ip=raw_input("Please Input Plart IP:")username=raw_input("Username:")pwd=raw_input("Password:")def ReadServerlist():print "The Plart:%s(Confirm Platform Always Online)"%ipif os.path.exists("serverlist.txt"):print "Find The Existing Serverlist."else:print "Didn't Find The Existing Serverlist,We Will Create It."create=open("serverlist.txt",'w')create.close()ReadServerlist()def scan():read=file("serverlist.txt","r")for line in read.readlines():server.append(line)for i in server:i=i.strip("n") #去掉行末换行符cmd_sjl="openssl s_client -connect"+" "+i+":443 -cipher RC4"cmd_freak="openssl s_client -connect"+" "+i+":443 -cipher EXPORT"print "nScanning %s..."%iscanbody(ip,username,pwd,cmd_sjl,cmd_freak)print "nAll Done"print "@Colasoft2016"def scanbody(ip,username,pwd,cmd_sjl,cmd_freak):try:ssh=paramiko.SSHClient()ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())ssh.connect(ip,22,username,pwd)stdin,stdout,stderr=ssh.exec_command(cmd_sjl)sjl=stdout.readlines()stdin,stdout,stderr=ssh.exec_command(cmd_freak)freak=stdout.readlines()ssh.close()list_sjl=[]list_freak=[]for k in sjl:list_sjl.append(k)for j in freak:list_freak.append(j)if sjl_sign in list_sjl:if freak_sign in list_freak:print "危险:服务器存在OpenSSL受戒礼漏洞和Freak漏洞"else:print "危险:服务器存在OpenSSL受戒礼漏洞"else:if freak_sign in list_freak:print "危险:服务器存在OpenSSLFreak漏洞"else:print "恭喜:服务器不存在OpenSSL受戒礼漏洞和Freak漏洞"except paramiko.AuthenticationException,e:print 'Error'print 'Error Detail',e#GUI Programroot=Tk()root.title("OpenSSL受戒礼和Freak漏洞检测程序")root.geometry('380x380') #设置窗口大小 中间是xroot.resizable(width=False,height=False) #设置窗口是否可以变化长宽 此处宽高不可变;notice1=Label(root,text="请输入需要扫描的服务器IP(每行一个IP)",fg='red')notice1.pack(side=TOP)#滚动条scrollbar=Scrollbar(root)scrollbar.pack(side=RIGHT,fill=Y)scrollbar.set(1,5)#获取文件内容content=file("serverlist.txt","r")readtext=content.read()content.close()#写入到文件server_list=Text(root,width=35,height=22,yscrollcommand=scrollbar.set)server_list.place(x=5,y=80)server_list.insert(END,readtext)scrollbar.config(command=server_list.yview)#保存函数def save():save=server_list.get('0.0',END).strip()print "Save:"print savefile_object=open("serverlist.txt","w")file_object.writelines(save)file_object.close()#保存和扫描按钮save_button=Button(root,text="保存",width=9,height=2,command=save).place(x=260,y=80)scan_button=Button(root,text="扫描",width=9,height=2,command=scan).place(x=260,y=150)root.mainloop()

投稿人:宋小兵

昵称:晓兵

邮箱:ssbandjl@163.com