fluidasserts.proto.ssl module

This modulle allows to check SSL vulnerabilities.

Heartbleed code inspired from original PoC by Jared Stafford (jspenguin@jspenguin.org)

fluidasserts.proto.ssl.PORT = 443
fluidasserts.proto.ssl.TYPRECEIVE = typing.Tuple[typing.Union[str, NoneType], typing.Union[int, NoneType], typing.Union[int, NoneType]]
fluidasserts.proto.ssl.allows_anon_ciphers(site, port=443)

Check if site accepts anonymous cipher suites.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.allows_insecure_downgrade(site, port=443)

Check if site has support for TLS_FALLBACK_SCSV extension.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.allows_modified_mac(site, port=443)

Check if site allows messages with modified MAC.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.allows_weak_ciphers(site, port=443)

Check if site accepts weak cipher suites.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.has_beast(site, port=443)

Check if site allows BEAST attack.

See our blog entry on BEAST.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.has_breach(site, port=443)

Check if BREACH is present.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.has_heartbleed(site, port=443)

Check if site allows Heartbleed attack.

See our blog entry on Heartbleed.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.has_poodle_sslv3(site, port=443)

Check if POODLE SSLv3 is present.

See our blog entry on POODLE.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.has_poodle_tls(site, port=443)

Check if POODLE TLS is present.

See our blog entry on POODLE.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.has_sweet32(site, port=443)

Check if server is vulnerable to SWEET32.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.has_tls13_downgrade_vuln(site, port=443)

Check if server is prone to TLSv1.3 downgrade attack.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.is_pfs_disabled(site, port=443)

Check if PFS is enabled.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.is_sslv3_enabled(site, port=443)

Check if SSLv3 suites are enabled.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.is_tlsv11_enabled(site, port=443)

Check if TLSv1.1 suites are enabled.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.is_tlsv1_enabled(site, port=443)

Check if TLSv1 suites are enabled.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.not_tls13_enabled(site, port=443)

Check if site has TLSv1.3 enabled.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool

fluidasserts.proto.ssl.tls_uses_cbc(site, port=443)

Check if TLS connection uses CBC.

Parameters
  • site (str) – Address to connect to.

  • port (int) – If necessary, specify port to connect to.

Return type

bool