DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for internet security. These protocols allow everyone on the internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.
DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.
How to install
step 1 : chmod +x scanner.py
step 2 : sudo apt-get install tcpdump python-enum python-pyasn1 scapy python-crypto
step 3 : pip install scapy-ssl_tls
How to usage example
scanner.py localhost 443... scanner.py localhost 587 -esmtp... scanner.py localhost 143 -imap...scanner.py localhost 25 -esmtp... scanner.py localhost 110 -pop3...scanner.py localhost 443 -bare
Demo :
Fzuckerman© 