Skip to content
/ Heartbleed-PoC-Exploit-Script Public

This Python PoC script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with heartbeat extension and sending a crafted heartbeat request. It parses responses to identify leaked memory, helping assess server susceptibility to this critical OpenSSL flaw.

License

MIT license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

indrajeetmp11/Heartbleed-PoC-Exploit-Script

BranchesTags

Repository files navigation

Heartbleed-PoC-Exploit-Script This Python Proof-of-Concept (PoC) script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with the heartbeat extension and sending a crafted heartbeat request. It parses server responses to identify leaked memory, helping assess vulnerability to this critical OpenSSL flaw.

About Heartbleed is a severe buffer over-read vulnerability in OpenSSL’s TLS heartbeat extension that allows attackers to read up to 64KB of server memory, potentially exposing private keys, passwords, and other sensitive data. This script simulates a heartbeat request that triggers the leak if the server is vulnerable.

Improvements and Fixes Correct TLS record header parsing using proper struct unpacking for content type, version, and payload length.

Full handshake parsing implemented, detecting the ServerHelloDone message reliably within TLS records.

Use of select makes socket reading responsive and avoids blocking.

Added clean termination of heartbeat receive loop after detecting leakage once, preventing indefinite waits and repeated logs.

Parameterized TLS version to improve compatibility with various servers.

Comprehensive exception handling ensures resilience to socket errors, timeouts, and protocol anomalies.

Usage Requirements Python 3.x installed

Network access to the target TLS server

Running the Script Clone the repository:

bash git clone https://github.com/indrajeetmp11/Heartbleed-PoC-Exploit-Script.git cd Heartbleed-PoC-Exploit-Script Edit the target host and port in the script or modify heartbleed_poc() call in python3_heartbleed_poc.py.

Run the script:

bash python3 python3_heartbleed_poc.py Observe logs for vulnerability detection and leaked data in hex.

Important Notice Use this tool only within legal scope and on systems you own or have explicit permission to test.

Heartbleed tests can trigger security alerts on protected networks.

This PoC is for educational and research purposes.

License This project is licensed under the MIT License. See the LICENSE file for details.

References CVE-2014-0160 (Heartbleed)

OpenSSL Heartbeat Extension (RFC 6520)

Heartbleed Official Page

This README provides a clear, professional presentation of your PoC, details its improvements, and guides users on how to run it responsibly. Let me know if you want me to help create or format any other documentation files!

About

This Python PoC script detects the Heartbleed vulnerability (CVE-2014-0160) by performing a TLS handshake with heartbeat extension and sending a crafted heartbeat request. It parses responses to identify leaked memory, helping assess server susceptibility to this critical OpenSSL flaw.

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages