error handling and doc changes

johndekroon · Nov 26, 2015 · c49357e · c49357e
1 parent 9ec6c01
commit c49357e
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -33,5 +33,14 @@ Congratz! But keep in mind that this script only scans some default ports.
 *E.g. If you have a vulnerable Jenkins server on port 80, the SerializeKiller won't find it.*
 If you want to scan non-default ports, you can specify those ports in the targets file.
 
+##I've patched (some) of my servers. Will SerializeKiller detect that?
+Yes. And No. We couldn't find a way to verify a patched WebSphere server (OK, we could run the exploit, but thats not desirable).
+AFAIK it will detect a patched Jenkins, Jboss and Weblogic.
+*We decided to mark vulnerable WebSphere servers as possibly vulnerable, because we can't verify the patch.*
+
 ##I want to contribute
 Please send your pull request.
+
+###Known issues
+- After specifing a port, it could take a long time to finish the scan. This is not a bug, it just takes a while.
+- Some SSL libs doesn't have the method create_default_context. As a result, it wont scan JBOSS and Jenkins proper.
diff --git a/serializekiller.py b/serializekiller.py
@@ -76,25 +76,25 @@ def websphere(url, port, retry=False):
         ctx.verify_mode = ssl.CERT_NONE
         output = urllib2.urlopen('https://'+url+":"+port, context=ctx, timeout=8).read()
         if "rO0AB" in output:
-            print " - Vulnerable Websphere: "+url+" ("+port+")"
+            print " - (possibly) Vulnerable Websphere: "+url+" ("+port+")"
             return True
     except urllib2.HTTPError, e:
         if e.getcode() == 500:
             if "rO0AB" in e.read():
-                print " - Vulnerable Websphere: "+url+" ("+port+")"
+                print " - (possibly) Vulnerable Websphere: "+url+" ("+port+")"
                 return True
     except:
         pass
 
     try:
         output = urllib2.urlopen('http://'+url+":"+port, timeout=3).read()
         if "rO0AB" in output:
-            print " - Vulnerable Websphere: "+url+" ("+port+")"
+            print " - (possibly) Vulnerable Websphere: "+url+" ("+port+")"
             return True
     except urllib2.HTTPError, e:
         if e.getcode() == 500:
             if "rO0AB" in e.read():
-                print " - Vulnerable Websphere: "+url+" ("+port+")"
+                print " - (possibly) Vulnerable Websphere: "+url+" ("+port+")"
                 return True
     except:
         pass
@@ -122,24 +122,27 @@ def weblogic(url, port):
     except socket_error:
         return False
 
-
 #Used something from https://github.com/foxglovesec/JavaUnserializeExploits
 def jenkins(url, port):
-    cli_port = False
-    ctx = ssl.create_default_context()
-    ctx.check_hostname = False
-    ctx.verify_mode = ssl.CERT_NONE
     try:
-        output = urllib2.urlopen('https://'+url+':'+port+"/jenkins/", context=ctx, timeout=8).info()
-        cli_port =  int(output['X-Jenkins-CLI-Port'])
-    except urllib2.HTTPError, e:
-        if e.getcode() == 404:
-            try:
-                output = urllib2.urlopen('https://'+url+':'+port, context=ctx, timeout=8).info()
-                cli_port =  int(output['X-Jenkins-CLI-Port'])
-            except:
-                pass
+        cli_port = False
+        ctx = ssl.create_default_context()
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
+        try:
+            output = urllib2.urlopen('https://'+url+':'+port+"/jenkins/", context=ctx, timeout=8).info()
+            cli_port =  int(output['X-Jenkins-CLI-Port'])
+        except urllib2.HTTPError, e:
+            if e.getcode() == 404:
+                try:
+                    output = urllib2.urlopen('https://'+url+':'+port, context=ctx, timeout=8).info()
+                    cli_port =  int(output['X-Jenkins-CLI-Port'])
+                except:
+                    pass
+        except:
+            pass
     except:
+        print " ! Could not check Jenkins on https. Maybe your SSL lib is broken."
         pass
 
     if cli_port == False:
@@ -167,12 +170,12 @@ def jenkins(url, port):
 
         data1 =sock.recv(1024)
         if "rO0AB" in data1:
-            print " - Vulnerable Jenkins: "+url+":"+str(port)
+            print " - Vulnerable Jenkins: "+url+" ("+str(port)+")"
             return True
         else:
             data2 = sock.recv(1024)
             if "rO0AB" in data2:
-                print " - Vulnerable Jenkins: "+url+":"+str(port)
+                print " - Vulnerable Jenkins: "+url+" ("+str(port)+")"
                 return True
     except:
         pass
@@ -258,6 +261,12 @@ def worker():
     print "Start SerializeKiller..."
     print "This could take a while. Be patient."
     print
+
+    try:
+        ssl.create_default_context()
+    except:
+        print " ! WARNING: Your SSL lib isn't supported. Results might be incomplete."
+        pass
 
     target_list = {}
     shellCounter = 0