HynekPetrak / Detect_bluekeep.py
Licence: apache-2.0
Python script to detect bluekeep vulnerability (CVE-2019-0708) with TLS/SSL and x509 support
Stars: ✭ 19
Programming Languages
python
139335 projects - #7 most used programming language
Labels
Projects that are alternatives of or similar to Detect bluekeep.py
Kube Cert Manager
Manage Lets Encrypt certificates for a Kubernetes cluster.
Stars: ✭ 518 (+2626.32%)
Mutual labels: tls
Netcoreserver
Ultra fast and low latency asynchronous socket server & client C# .NET Core library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and 10K connections problem solution
Stars: ✭ 799 (+4105.26%)
Mutual labels: tls
Leaf
A lightweight and fast proxy utility tries to include any useful features.
Stars: ✭ 530 (+2689.47%)
Mutual labels: tls
Blinksocks
A framework for building composable proxy protocol stack.
Stars: ✭ 587 (+2989.47%)
Mutual labels: tls
Certigo
A utility to examine and validate certificates in a variety of formats
Stars: ✭ 662 (+3384.21%)
Mutual labels: tls
Limnoria
A robust, full-featured, and user/programmer-friendly Python IRC bot, with many existing plugins. Successor of the well-known Supybot.
Stars: ✭ 515 (+2610.53%)
Mutual labels: tls
Simple Java Mail
Simple API, Complex Emails (JavaMail smtp wrapper)
Stars: ✭ 821 (+4221.05%)
Mutual labels: tls
Ponzu
Headless CMS with automatic JSON API. Featuring auto-HTTPS from Let's Encrypt, HTTP/2 Server Push, and flexible server framework written in Go.
Stars: ✭ 5,373 (+28178.95%)
Mutual labels: tls
Sshttp
SSH/HTTP(S) multiplexer. Run a webserver and a sshd on the same port w/o changes.
Stars: ✭ 766 (+3931.58%)
Mutual labels: tls
Mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
Stars: ✭ 25,495 (+134084.21%)
Mutual labels: tls
Athenz
Open source platform for X.509 certificate based service authentication and fine grained access control in dynamic infrastructures. Athenz supports provisioning and configuration (centralized authorization) use cases as well as serving/runtime (decentralized authorization) use cases.
Stars: ✭ 570 (+2900%)
Mutual labels: tls
Cppserver
Ultra fast and low latency asynchronous socket server & client C++ library with support TCP, SSL, UDP, HTTP, HTTPS, WebSocket protocols and 10K connections problem solution
Stars: ✭ 528 (+2678.95%)
Mutual labels: tls
Beetlex
high performance dotnet core socket tcp communication components, support TLS, HTTP, HTTPS, WebSocket, RPC, Redis protocols, custom protocols and 1M connections problem solution
Stars: ✭ 802 (+4121.05%)
Mutual labels: tls
Mruby Tls
mruby wrapper for libtls from http://www.libressl.org/
Stars: ✭ 5 (-73.68%)
Mutual labels: tls
Docker Nginx Http3
Alpine Linux image with Nginx 1.19.4 (mainline) with HTTP/3 (QUIC), TLSv1.3, 0-RTT, brotli, NJS support, and 10 MB size. All built on the bleeding edge for max performance. Built on the edge, for the edge.
Stars: ✭ 820 (+4215.79%)
Mutual labels: tls
detect_bluekeep.py
Python script to detect bluekeep vulnerability - CVE-2019-0708 - with TLS/SSL support
Work derived from the Metasploit module written by @zerosum0x0 https://github.com/zerosum0x0/CVE-2019-0708
RC4 taken from https://github.com/DavidBuchanan314/rc4
Prerequisites
detect_bluekeep.py requires pyasn1 and cryptography python modules.
Install them either via
pip install -r requirements.txt
or
pip3 install pyasn1 pyasn1_modules cryptography
Return codes
- SAFE - host appears to be not vulnerable
- VULNERABLE - host is likely vunerable to CVE-2019-0708
- HYBRID_REQUIRED_BY_SERVER - server requires CredSSP, which is currently not supported by detect_bluekeep.py
- NO RDP - RDP not enabled on the remote host on port 3389
- UNKNOWN - status is reported only in very rare cases (less than 5%). It ususally comes on protocol timeouts. Some other PoCs report UNKNOWN status even when server enforces SSL/TLS, we don't.
Changelog
Current stable version is 0.13
Added handling of x509 certificates. Fixed issue #3
Do not use version 0.9 and 0.10, they are broken, while doing experiments on issue #3
Added in version 0.6 - 4.5.2019
Fall back to standard RDP security if SSL/TLS is not supported by the server.
Added in version 0.5 - 4.5.2019
The scripts now supports SSL/TLS security, which is enabled by default. If you want to use the standard RDP security, use the --notls commandline parameter.
Added in version 0.1 - 3.5.2019
- some RDP PDU annotations
- decryption of the server traffic.
- properly packetized server to client traffic, including fast path traffic
Commandline parameters
# ./detect_bluekeep.py
usage: detect_bluekeep.py [-h] [--version] [-d] [--notls] [-l [LOGFILE]] [-w WORKERS]
[host [host ...]]
positional arguments:
host List of targets (addresses or subnets)
optional arguments:
-h, --help show this help message and exit
--version show program's version number and exit
-d, --debug verbose output
--notls disable TLS security
-l [LOGFILE], --logfile [LOGFILE]
log to file
-w WORKERS, --workers WORKERS
number of parallel worker tasks
Running
You may run with a list of IPv4 addresses:
# ./detect_bluekeep.py 192.168.158.241 192.168.158.242 192.168.158.247 192.168.162.73 192.168.162.70
2019-06-03 09:58:01,255 'Starting ./detect_bluekeep.py'
2019-06-03 09:58:01,255 './detect_bluekeep.py 192.168.158.241 192.168.158.242 192.168.158.247 192.168.162.73 192.168.162.70'
2019-06-03 09:58:01,256 'Going to scan 5 hosts, in 300 parallel tasks'
2019-06-03 09:58:01,366 '[-] [192.168.162.73] Status: Unknown'
2019-06-03 09:58:02,222 '[+] [192.168.158.241] Status: Vulnerable'
2019-06-03 09:58:02,887 '[+] [192.168.158.242] Status: Vulnerable'
2019-06-03 09:58:06,262 '[-] [192.168.162.70] Status: No RDP'
2019-06-03 09:58:06,262 '[-] [192.168.158.247] Status: No RDP'
or for whole subnets:
# ./detect_bluekeep.py 192.168.158.241/24 192.168.162.70/28
License
Apache 2.0
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].