cat /etc/redhat-release

CentOS Linux release 7.4.1708 (Core)

python -V
Python 2.7.5

rpm -qa | grep gmpy

python-gmpy2-2.0.5-1.el7.x86_64

RSA N: 0xc04d8e883114ce11d6cbf4178e3a9d514744be355c3e84efdc07c16c0b1594aa9d164c776e42d01d795de5accdacff41c98c8363f478e0070e10361ad35f2181d2aabbb2575ed9b1aaad699178af2f56210aebf7f132ea36b49005702f618c69db317bf6313d782ae5eacd7dc3617fece74bfec16b43c11db212e425803a5a60a1009939531c08f96adfca1bfe0b8f5ab687e4a077649514aacfb6570e3cc00b53dc72bb5bddc6071d58a2ea9e82356e4058e173396b8a9bd6acff877a8d7e0a11e906cb47032a8a82b20bdd6ca9e7b92b0d04179d7a056914413522391819f5d7da32eeb9eec55655dcc26e5ad0e39683b6b4eed43af43dcb814627bec51dbdL
RSA e: 0x10001
Modulus size: 2048 bits, 256 bytes
Traceback (most recent call last):
File "robot-detect", line 183, in
pms_good = int(gmpy2.powmod(pms_good_in, e, N)).to_bytes(modulus_bytes, byteorder="big")
AttributeError: 'long' object has no attribute 'to_bytes'

README should be updated as I also had to install python3-cryptography (on Ubuntu 16.04) due to x509 import.

Hi @hannob I like to run your program on one of my servers which has Python 2.7 installed by default.
Now I wonder if it would be possible to make it compatible with this version. I already did some tests on my own but without success (I'm not a Python expert). The following error is shown if I execute it:

...
RSA e: 0x10001
Modulus size: 2048 bits, 256 bytes
Traceback (most recent call last):
  File "./robot-detect", line 184, in <module>
    pms_good = int(gmpy2.powmod(pms_good_in, e, N)).to_bytes(modulus_bytes, byteorder="big")
AttributeError: 'long' object has no attribute 'to_bytes'

From what I understood a to_bytes attribute doesn't exist for that version, but people seem to have discussed this kind of problem already and provided possible workarounds: therealmik/pyrdiff#1

Great job on this! I have a comment, I tested offline testssl.sh and dev.ssllabs.com
Your publication on Page 4 calls out that RSA Key Exchange is problematic but your website doesn't.
As a result other tools not marking RSA Key exchange as a problem so for example,
TLS_RSA_WITH_AES_128_CBC_SHA* is marked okay.

Can you clarify? @hannob

Failed building wheel for gmpy2
Running setup.py clean for gmpy2
Failed to build gmpy2
Installing collected packages: gmpy2, robot-detect
Running setup.py install for gmpy2 ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-kh5vvxll/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-5kh81p28/install-record.txt --single-version-externally-managed --compile:
running install
running build
running build_ext
building 'gmpy2' extension
creating build
creating build/temp.linux-i686-3.7
creating build/temp.linux-i686-3.7/src
i686-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DWITHMPFR -DWITHMPC -I/usr/include/python3.7m -c src/gmpy2.c -o build/temp.linux-i686-3.7/src/gmpy2.o
In file included from src/gmpy2.c:426:
src/gmpy.h:252:12: fatal error: mpfr.h: No such file or directory
252 | # include "mpfr.h"
| ^~~~~~~~
compilation terminated.
error: command 'i686-linux-gnu-gcc' failed with exit status 1

----------------------------------------

Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-kh5vvxll/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-5kh81p28/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-kh5vvxll/gmpy2/

I Don't know if this is good or not, but sites which do not have SSLv3 enabled are generating an error as shown below:

Scanning host www.ssllabs.com ip 64.41.200.100 port 443
Cannot connect to server: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)

Does this mean the site is not vulnerable? If so, then i think it would be nice that this error is catched and reported to be secure.

Hi,

does this script support SNI? (I assume that it doesn't support SNI.) It seems to me that it is always scanning the "default" VHOST on an apache-webserver.

Thanks and Best Regards!

On running the following command python robot-detect it is giving the following error.

Please provide the solution

Qualys detected the vulnerability in one of the servers on port 1434
when running robot-detect -p 1434 host this is the error

C:\Users\xxxxx\Downloads\robot-detect-master>python robot-detect -p1434 10.0.0.6
Scanning host 10.0.0.6 ip 10.0.0.6 port 1434
Traceback (most recent call last):
File "C:\Users\xxxxx\Downloads\robot-detect-master\robot-detect", line 201, in
N, e = get_rsa_from_server(ip, args.port)
File "C:\Users\xxxxx\Downloads\robot-detect-master\robot-detect", line 46, in get_rsa_from_server
s.connect((server, port))
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.2288.0_x64__qbz5n2kfra8p0\lib\ssl.py", line 1375, in connect
self._real_connect(addr, False)
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.2288.0_x64__qbz5n2kfra8p0\lib\ssl.py", line 1366, in _real_connect
self.do_handshake()
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.2288.0_x64__qbz5n2kfra8p0\lib\ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
FileNotFoundError: [Errno 2] No such file or directory

Running on port 443, works fine. Please advise

I would love to have the ability to scan entire subnets with this tool, unless I am missing something on how this is done? (Using .* and 0/24 both do not work)

Hello,

Can not verify web sites that require a client certificate :

Cannot connect to server: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:777)

is it possible to add an option to indicate the path of the certificate to use ?

Thank you

I tried installing robot-detect as directed in README.md but the installation failed with following error message:
gmp.h: No such file or directory

When running pip3 install robot-detect:

Collecting robot-detect
  Could not find a version that satisfies the requirement robot-detect (from versions: )
No matching distribution found for robot-detect

When running pip install robot-detect:

Collecting robot-detect
  Downloading robot_detect-0.1-py2-none-any.whl
Requirement already satisfied: cryptography in /usr/lib/python2.7/dist-packages (from robot-detect)
Collecting gmpy2 (from robot-detect)
  Downloading gmpy2-2.0.8.zip (280kB)
    100% |████████████████████████████████| 286kB 1.9MB/s 
Installing collected packages: gmpy2, robot-detect
  Running setup.py install for gmpy2 ... error
    Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-1MSZY7/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-kbOeQO-record/install-record.txt --single-version-externally-managed --compile:
    running install
    running build
    running build_ext
    building 'gmpy2' extension
    creating build
    creating build/temp.linux-x86_64-2.7
    creating build/temp.linux-x86_64-2.7/src
    x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-IY_Jmw/python2.7-2.7.13=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -DWITHMPFR -DWITHMPC -I/usr/include/python2.7 -c src/gmpy2.c -o build/temp.linux-x86_64-2.7/src/gmpy2.o
    In file included from src/gmpy2.c:426:0:
    src/gmpy.h:106:19: fatal error: gmp.h: No such file or directory
     #  include "gmp.h"
                       ^
    compilation terminated.
    error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
    
    ----------------------------------------
Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-1MSZY7/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-kbOeQO-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-1MSZY7/gmpy2/

What am I missing here?

So I have this host that I've ran previous scans on, and those scans warn about the host using
TLS_RSA_WITH_3DES_EDE_CBC_SHA
which should be vulnerable to the ROBOT attack, no?
At this moment I have an active https connection to this host, and Firefox ESR also warns about the site using weak encryption, more specifically:
Broken Encryption(TLS_RSA_WITH_AES_128_CBC_SHA, 128 bit keys, TLS 1.0)

So it seems the site really is using TLS_RSA encryption, however when I run the robot-detect tool, this is the response:
Cannot connect to server: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1076)
Server does not seem to allow connections with TLS_RSA (this is ideal).

What is actually going on here?

It would be great, to have a Dockerfile for easy deployment and testing. I have created an example image on docker hub with an open Dockerfile in github:

https://hub.docker.com/r/devsecur/robot-attack/