OpenSSL DROWN vulnerability scanner
About this tool
The DROWN vulnerability scanner tests a range of IP addresses (or just a single host) for the DROWN vulnerability in OpenSSL. The DROWN attack (Decrypting RSA With Obsolete and Weakened Encryption) can decrypt modern TLS sessions between a client and a server if that particular server (or another server that shares the same SSL certificate) supports SSLv2 cipher suites.
The attack is facilitated by a series of vulnerabilities in the SSLv2 implementation of OpenSSL:
- CVE-2016-0800 - allows the "General DROWN" attack
- CVE-2015-3197 - this allows using SSLv2 ciphers even if they are explicitly disabled by the server
- CVE-2016-0703 - this permits a much faster version of the attack, called "Special DROWN"
The cross-protocol nature of the DROWN attack makes it more dangerous in the case where the target server is fully secure (ex. a web server that uses TLS v1.2) but another server (ex. SMTPS) from the company/organization is vulnerable because it uses SSLv2 and the same SSL certificate as the target server. In this case, an attacker could use the vulnerable SSLv2 server to decrypt the communication of clients with the secure web server.
The OpenSSL DROWN vulnerability scanner is based on the public scanner for DROWN, but improved in terms of speed, accuracy and multi-protocol testing capabilities.
- Target host(s): This specifies the target that will be tested for DROWN. It can be in the form of an IP range (ex. 100.101.102.1-254), a single IP or a hostname. Maximum 255 hosts can be scanned at a time. When a single IP/hostname is scanned, the tool will provide additional details such as the cipher suites supported by the vulnerable server.
- Target service: This is the service that will be scanned for DROWN vulnerability. The supported protocols are: HTTPS, SMTPS, IMAPS, POP3S and FTPS.
How it works
The OpenSSL DROWN vulnerability scanner attempts to initiate SSLv2 connections with the target service by using a set of vulnerable cipher suites (specific to SSLv2):
The full technical details of the DROWN attack are presented in the original paper DROWN: Breaking TLS using SSLv2.