robotattackorg / robot-detect Goto Github PK
View Code? Open in Web Editor NEWDetection script for the ROBOT vulnerability
Home Page: https://robotattack.org/
License: Creative Commons Zero v1.0 Universal
Detection script for the ROBOT vulnerability
Home Page: https://robotattack.org/
License: Creative Commons Zero v1.0 Universal
CentOS Linux release 7.4.1708 (Core)
python -V
Python 2.7.5
python-gmpy2-2.0.5-1.el7.x86_64
RSA N: 0xc04d8e883114ce11d6cbf4178e3a9d514744be355c3e84efdc07c16c0b1594aa9d164c776e42d01d795de5accdacff41c98c8363f478e0070e10361ad35f2181d2aabbb2575ed9b1aaad699178af2f56210aebf7f132ea36b49005702f618c69db317bf6313d782ae5eacd7dc3617fece74bfec16b43c11db212e425803a5a60a1009939531c08f96adfca1bfe0b8f5ab687e4a077649514aacfb6570e3cc00b53dc72bb5bddc6071d58a2ea9e82356e4058e173396b8a9bd6acff877a8d7e0a11e906cb47032a8a82b20bdd6ca9e7b92b0d04179d7a056914413522391819f5d7da32eeb9eec55655dcc26e5ad0e39683b6b4eed43af43dcb814627bec51dbdL
RSA e: 0x10001
Modulus size: 2048 bits, 256 bytes
Traceback (most recent call last):
File "robot-detect", line 183, in
pms_good = int(gmpy2.powmod(pms_good_in, e, N)).to_bytes(modulus_bytes, byteorder="big")
AttributeError: 'long' object has no attribute 'to_bytes'
README should be updated as I also had to install python3-cryptography (on Ubuntu 16.04) due to x509 import.
Hi @hannob I like to run your program on one of my servers which has Python 2.7 installed by default.
Now I wonder if it would be possible to make it compatible with this version. I already did some tests on my own but without success (I'm not a Python expert). The following error is shown if I execute it:
...
RSA e: 0x10001
Modulus size: 2048 bits, 256 bytes
Traceback (most recent call last):
File "./robot-detect", line 184, in <module>
pms_good = int(gmpy2.powmod(pms_good_in, e, N)).to_bytes(modulus_bytes, byteorder="big")
AttributeError: 'long' object has no attribute 'to_bytes'
From what I understood a to_bytes
attribute doesn't exist for that version, but people seem to have discussed this kind of problem already and provided possible workarounds: therealmik/pyrdiff#1
Great job on this! I have a comment, I tested offline testssl.sh and dev.ssllabs.com
Your publication on Page 4 calls out that RSA Key Exchange is problematic but your website doesn't.
As a result other tools not marking RSA Key exchange as a problem so for example,
TLS_RSA_WITH_AES_128_CBC_SHA* is marked okay.
Can you clarify? @hannob
Failed building wheel for gmpy2
Running setup.py clean for gmpy2
Failed to build gmpy2
Installing collected packages: gmpy2, robot-detect
Running setup.py install for gmpy2 ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-kh5vvxll/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-5kh81p28/install-record.txt --single-version-externally-managed --compile:
running install
running build
running build_ext
building 'gmpy2' extension
creating build
creating build/temp.linux-i686-3.7
creating build/temp.linux-i686-3.7/src
i686-linux-gnu-gcc -pthread -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DWITHMPFR -DWITHMPC -I/usr/include/python3.7m -c src/gmpy2.c -o build/temp.linux-i686-3.7/src/gmpy2.o
In file included from src/gmpy2.c:426:
src/gmpy.h:252:12: fatal error: mpfr.h: No such file or directory
252 | # include "mpfr.h"
| ^~~~~~~~
compilation terminated.
error: command 'i686-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-kh5vvxll/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-5kh81p28/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-kh5vvxll/gmpy2/
I Don't know if this is good or not, but sites which do not have SSLv3 enabled are generating an error as shown below:
Scanning host www.ssllabs.com ip 64.41.200.100 port 443
Cannot connect to server: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)
Does this mean the site is not vulnerable? If so, then i think it would be nice that this error is catched and reported to be secure.
Hi,
does this script support SNI? (I assume that it doesn't support SNI.) It seems to me that it is always scanning the "default" VHOST on an apache-webserver.
Thanks and Best Regards!
Qualys detected the vulnerability in one of the servers on port 1434
when running robot-detect -p 1434 host this is the error
C:\Users\xxxxx\Downloads\robot-detect-master>python robot-detect -p1434 10.0.0.6
Scanning host 10.0.0.6 ip 10.0.0.6 port 1434
Traceback (most recent call last):
File "C:\Users\xxxxx\Downloads\robot-detect-master\robot-detect", line 201, in
N, e = get_rsa_from_server(ip, args.port)
File "C:\Users\xxxxx\Downloads\robot-detect-master\robot-detect", line 46, in get_rsa_from_server
s.connect((server, port))
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.2288.0_x64__qbz5n2kfra8p0\lib\ssl.py", line 1375, in connect
self._real_connect(addr, False)
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.2288.0_x64__qbz5n2kfra8p0\lib\ssl.py", line 1366, in _real_connect
self.do_handshake()
File "C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.10_3.10.2288.0_x64__qbz5n2kfra8p0\lib\ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
FileNotFoundError: [Errno 2] No such file or directory
Running on port 443, works fine. Please advise
I would love to have the ability to scan entire subnets with this tool, unless I am missing something on how this is done? (Using .* and 0/24 both do not work)
Hello,
Can not verify web sites that require a client certificate :
Cannot connect to server: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:777)
is it possible to add an option to indicate the path of the certificate to use ?
Thank you
I tried installing robot-detect as directed in README.md but the installation failed with following error message:
gmp.h: No such file or directory
When running pip3 install robot-detect
:
Collecting robot-detect
Could not find a version that satisfies the requirement robot-detect (from versions: )
No matching distribution found for robot-detect
When running pip install robot-detect
:
Collecting robot-detect
Downloading robot_detect-0.1-py2-none-any.whl
Requirement already satisfied: cryptography in /usr/lib/python2.7/dist-packages (from robot-detect)
Collecting gmpy2 (from robot-detect)
Downloading gmpy2-2.0.8.zip (280kB)
100% |████████████████████████████████| 286kB 1.9MB/s
Installing collected packages: gmpy2, robot-detect
Running setup.py install for gmpy2 ... error
Complete output from command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-1MSZY7/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-kbOeQO-record/install-record.txt --single-version-externally-managed --compile:
running install
running build
running build_ext
building 'gmpy2' extension
creating build
creating build/temp.linux-x86_64-2.7
creating build/temp.linux-x86_64-2.7/src
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fno-strict-aliasing -Wdate-time -D_FORTIFY_SOURCE=2 -g -fdebug-prefix-map=/build/python2.7-IY_Jmw/python2.7-2.7.13=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -DWITHMPFR -DWITHMPC -I/usr/include/python2.7 -c src/gmpy2.c -o build/temp.linux-x86_64-2.7/src/gmpy2.o
In file included from src/gmpy2.c:426:0:
src/gmpy.h:106:19: fatal error: gmp.h: No such file or directory
# include "gmp.h"
^
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-1MSZY7/gmpy2/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-kbOeQO-record/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-build-1MSZY7/gmpy2/
What am I missing here?
So I have this host that I've ran previous scans on, and those scans warn about the host using
TLS_RSA_WITH_3DES_EDE_CBC_SHA
which should be vulnerable to the ROBOT attack, no?
At this moment I have an active https connection to this host, and Firefox ESR also warns about the site using weak encryption, more specifically:
Broken Encryption(TLS_RSA_WITH_AES_128_CBC_SHA, 128 bit keys, TLS 1.0)
So it seems the site really is using TLS_RSA encryption, however when I run the robot-detect tool, this is the response:
Cannot connect to server: [SSL: UNSUPPORTED_PROTOCOL] unsupported protocol (_ssl.c:1076)
Server does not seem to allow connections with TLS_RSA (this is ideal).
What is actually going on here?
It would be great, to have a Dockerfile for easy deployment and testing. I have created an example image on docker hub with an open Dockerfile in github:
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.