• Stars
    star
    235
  • Rank 171,079 (Top 4 %)
  • Language
    Shell
  • Created about 9 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

MassBleed SSL Vulnerability Scanner

MassBleed SSL Vulnerability Scanner

alt tag

USAGE:

sh massbleed.sh [CIDR|IP] [single|port|subnet] [port] [proxy]

ABOUT:

This script has four main functions with the ability to proxy all connections:

  • To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16)
  • To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443)
  • To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single)
  • To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh massbleed.sh 192.168.0. subnet)

PROXY:

A proxy option has been added to scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work.

PROXY USAGE EXAMPLES:

  • (example: ./massbleed 192.168.0.0/16 0 0 proxy)
  • (example: ./massbleed 192.168.0.0/16 port 8443 proxy)
  • (example: ./massbleed 127.0.0.1 single 0 proxy)
  • (example: ./massbleed 192.168.0. subnet 0 proxy)

VULNERABILITIES:

  1. OpenSSL HeartBleed Vulnerability (CVE-2014-0160)
  2. OpenSSL CCS (MITM) Vulnerability (CVE-2014-0224)
  3. Poodle SSLv3 Vulnerability (CVE-2014-3566)
  4. WinShock SChannel Vulnerability (MS14-066)
  5. DROWN Attack (CVE-2016-0800)

REQUIREMENTS:

  • Is the heartbleed POC present?
  • Is the openssl CCS script present?
  • Is the winshock script present?
  • Is unicornscan installed?
  • Is nmap installed?
  • Is sslscan installed?

LICENSE:

This software is free to distribute, modify and use with the condition that credit is provided to the creator (1N3@CrowdShield) and is not for commercial use.

DONATIONS:

Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support.

  • BTC 1Fav36btfmdrYpCAR65XjKHhxuJJwFyKum
  • DASH XoWYdMDGb7UZmzuLviQYtUGb5MNXSkqvXG
  • ETH 0x20bB09273702eaBDFbEE9809473Fd04b969a794d
  • LTC LQ6mPewec3xeLBYMdRP4yzeta6b9urqs2f

More Repositories

1

Sn1per

Attack Surface Management Platform
Shell
7,009
star
2

BruteX

Automatically brute force all services running on a target.
Shell
1,741
star
3

Findsploit

Find exploits in local and online databases instantly
Shell
1,499
star
4

BlackWidow

A Python based web application scanner to gather OSINT and fuzz for OWASP vulnerabilities on a target website.
Python
1,354
star
5

PrivEsc

A collection of Windows, Linux and MySQL privilege escalation scripts and exploits.
C
913
star
6

Goohak

Automatically Launch Google Hacking Queries Against A Target Domain
Shell
679
star
7

ReverseAPK

Quickly analyze and reverse engineer Android packages
Shell
645
star
8

Wordpress-XMLRPC-Brute-Force-Exploit

Wordpress XMLRPC System Multicall Brute Force Exploit (0day) by 1N3 @ CrowdShield
Python
431
star
9

Exploits

Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Python
188
star
10

PRISM-AP

An automated Wireless RogueAP MITM attack framework.
Shell
156
star
11

XSSTracer

A small python script to check for Cross-Site Tracing (XST)
Python
137
star
12

HTTPoxyScan

HTTPoxy Exploit Scanner by 1N3 @CrowdShield
Python
104
star
13

PowerExfil

A collection of data exfiltration scripts for Red Team assessments.
PowerShell
86
star
14

AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Shell
66
star
15

SuperMicro-Password-Scanner

Supermicro IPMI/BMC Cleartext Password Scanner
Shell
40
star
16

CloudHunter

Find unreferenced AWS S3 buckets which have CloudFront CNAME records pointing to them
Python
33
star
17

1N3

Founder of @Sn1perSecurity LLC. Creator of Sn1per. Top 20 worldwide on @bugcrowd in 2016. OSCE/OSCP/CISSP/Security+
22
star
18

CTF-Writeups

CTF Writeups
17
star