Need help with Jetleak-Testing-Script?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

GDSSecurity
129 Stars 57 Forks 7 Commits 4 Opened issues

Description

Script to test if a server is vulnerable to the JetLeak vulnerability

Services available

!
?

Need anything else?

Contributors list

Jetleak Testing Script

This tool is intended to provide a quick-and-dirty way for organizations to test whether their Jetty web server versions are vulnerable to JetLeak. Currently, this script does not handle sites with invalid SSL certs. This will be fixed in a future iteration.

For additional details on the Jetleak vulnerability refer to our blog post: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html

Sample Usage: python jetleak_tester.py [url] [port]

Sample Output for a server that is not vulnerable:

$ python jetleak_tester.py http://[ENTER HOSTNAME] 80

This version of Jetty is NOT vulnerable to JetLeak.

Sample Output for a server that is vulnerable:

$ python jetleak_tester.py http://[ENTER HOSTNAME] 80

This version of Jetty is VULNERABLE to JetLeak!

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.