CVE-2022-3602-and-CVE-2022-3786

This is a detection script which will determine whether client authentication is required by the SSL server, in which case servers based on OpenSSL 3.0.0 to 3.0.6 will be vulnerable to both CVE-2022-3602 and CVE-2022-3786

Prerequisite's

• python3
• pip install -r requirements.txt

Usage

usage: openssl_cert_detector.py [-h] [-t TARGET] [-T TARGETS]

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Single IP with port separate by colon. Example: -t 192.168.0.3:3000
  -T TARGETS, --targets TARGETS
                        List of IP and port separate by colon and separated by new line in text file

Example 1:

To check for openssl vulnerability on single ip and port

python openssl_cert_detector.py -t 192.168.0.3:3000

Example 2:

To check for openssl vulnerability on list of ip and its port in separated by new line in text file

python openssl_cert_detector.py -T check.txt

References

• https://github.com/colmmacc/CVE-2022-3602
• https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/openssl-punycode-vulnerability
• https://github.com/jfrog/jfrog-openssl-tools