• OpenSSL Heartbeat (Heartbleed) Information Leak
    Disclosure Date: 2014-04-07
    First seen: 2020-04-26
    auxiliary/scanner/ssl/openssl_heartbleed
    This module implements the OpenSSL Heartbleed attack. The problem exists in the handling of heartbeat requests, where a fake length can be used to leak memory data in the response. Services that support STARTTLS may also be vulnerable. The module supports several actions, allowing for scanning, dumping of memory contents to loot, and private key recovery. The LEAK_COUNT option can be used to specify leaks per SCAN or DUMP. The repeat command can be used to make running the SCAN or DUMP many times more powerful. As in: repeat -t 60 run; sleep 2 To run every two seconds for one minute. Authors: - Neel Mehta - Riku - Antti - Matti - Jared Stafford <jspenguin@jspenguin.org> - FiloSottile - Christian Mehlmauer <FireFart@gmail.com> - wvu <wvu@metasploit.com> - juan vazquez <juan.vazquez@metasploit.com> - Sebastiano Di Paola - Tom Sellers - jjarmoc - Ben Buchanan - herself
  • OpenSSL Heartbeat (Heartbleed) Client Memory Exposure
    Disclosure Date: 2014-04-07
    First seen: 2020-04-26
    auxiliary/server/openssl_heartbeat_client_memory
    This module provides a fake SSL service that is intended to leak memory from client systems as they connect. This module is hardcoded for using the AES-128-CBC-SHA1 cipher. Authors: - Neel Mehta - Riku - Antti - Matti - hdm <x@hdm.io>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers. Visit metasploit web site for more details
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!