The Awesome Pentest Tool Series – public_drown_scanner

DROWN is a serious vulnerability that affects HTTPS and other services that rely on SSL and TLS, some of the essential cryptographic protocols for internet security. These protocols allow everyone on the internet to browse the web, use email, shop online, and send instant messages without third-parties being able to read the communication.

DROWN allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack.

How to install

step 1 : chmod +x scanner.py

step 2 : sudo apt-get install tcpdump python-enum python-pyasn1 scapy python-crypto

step 3 : pip install scapy-ssl_tls

How to usage example

 scanner.py localhost 443... scanner.py localhost 587 -esmtp... scanner.py localhost 143 -imap... scanner.py localhost 25 -esmtp... scanner.py localhost 110 -pop3... scanner.py localhost 443 -bare

Demo :

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: