Maltego OpenSSL Heartbleed Transform

heartbleed_maltego.png
Since the release of the OpenSSL Heartbleed attack, there have been many scripts, websites, and offered services to perform checks on whether a site is vulnerable to this devastating attack. Each check has its benefits and specific application; I am providing another solution which is a Maltego Transform based on the ssltest.py script by Jared Stafford (jspenguin@jspenguin.org).

You will need the following two files in order to set this up:

1.) MaltegoTransform-py.zip (Maltego Basic Python Library)
http://www.paterva.com/web6/documentation/MaltegoTransform-Python.zip

2.) maltego_heartbleedtest.py (The Custom Maltego Transform)
https://github.com/DisK0nn3cT/MaltegoHeartbleed

Once you have downloaded the files, move the MaltegoTransform.py file to your python library directory and the maltego_heartbleedtest.py into a directory of your liking (remember this directory for later).

Now we are ready to setup the local transform within Maltego. Under the “manage” tab, choose the “Local Transform” button.

On this screen we need to enter the display name, description, and input entity type. You may use the information in the screenshot below or modify it to your own liking. However, I strongly recommend setting the input entity type to “website” for the best results.
maltego_openssl_heartbleed_1.PNG

After clicking the “Next” button you will be taken to a page where you will need to enter the following fields:

maltego_openssl_heartbleed_2.PNG

Once you have finished setting up the local transform, you will be able to see it in your dropdown options for “website” entities:
maltego_openssl_heartbleed_3.PNG

When the script has completed you will have a new “phrase” entity attached to your website target if the heartbleed detection returned True. If the target website is NOT vulnerable, no entities will be added.
maltego_openssl_heartbleed_4.PNG

Please leave comments on any errors you experience on the github repository: MaltegoHeartbleed

import sys
sys.exit("enjoy.")
 
31
Kudos
 
31
Kudos

Now read this

XSS Through HTML5 PostMessage()

XSS with HTML5 postMessage() # This is going to be a technical dive into the new HTML5 postMessage() method which can be exploited to launch XSS attacks against a site which otherwise was properly filtering client provided input. The... Continue →