Create check_weak_crypto.py

This commit is contained in:
Omar Santos 2023-09-18 19:58:44 -04:00
parent 6b1d13b3f4
commit b850d7eba3

View file

@ -0,0 +1,49 @@
'''
This script checks for weak crypto implementations in a website.
Author: Omar Santos @santosomar
'''
# Import the necessary modules
import ssl
import socket
import argparse
# List of weak cipher suites
# Change this list to include the weak cipher suites that you want to check
WEAK_CIPHER_SUITES = [
'aNULL', 'eNULL', 'EXPORT', 'DES', 'MD5', 'PSK', 'RC4', 'SSLv2', 'SSLv3', 'TLSv1', 'TLSv1.1', 'SEED'
]
def check_weak_crypto(hostname, port=443):
'''
check for weak crypto implementations
:param hostname: hostname
:param port: port
:return: None
'''
for cipher in WEAK_CIPHER_SUITES:
context = ssl.SSLContext(ssl.PROTOCOL_SSL23)
context.set_ciphers(cipher)
try:
conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname=hostname)
conn.connect((hostname, port))
print(f"Weak cipher suite detected: {cipher}")
except Exception:
pass
finally:
conn.close()
if __name__ == "__main__":
'''
The following are the arguments required for the script to run successfully
-d, --domain: domain name to check
-p, --port: port number (default: 443)
'''
parser = argparse.ArgumentParser(description='Check for weak crypto implementations in a website')
parser.add_argument('domain', type=str, help='Domain name to check')
parser.add_argument('--port', type=int, default=443, help='Port number (default: 443)')
args = parser.parse_args()
check_weak_crypto(args.domain, args.port)