Skip to content

KeenRivals/Bugsite-Index

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits

archives

archives

 
 

README.md

README.md

 
 

test.py

test.py

 
 

urls.txt

urls.txt

 
 

Repository files navigation

Overview

The goal of this project is to maintain a list of bug websites such as Heartbleed.com. Contributions welcome!

Websites

  • Backronym.fail – allows for an attacker to downgrade and snoop on the SSL/TLS connection that MySQL client libraries use to communicate to a MySQL server.
  • Badlock.org – MITM attack for samba in an Active Directory environment.
  • BreachAttack.com – HTTPS information leak by compression. Related to CRIME.
  • Dirty COW – a privilege escalation vulnerability in the Linux Kernel.
  • DUHK Attack – devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key allows attackers to recover the secret key.
  • DrownAttack.com – attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol.
  • Factorable.net – widespread weak keys in network devices.
  • FreakAttack.com – allows an attacker to intercept HTTPS connections between vulnerable clients and servers and force them to use weakened encryption
  • GoToFail.com – certain Apple iOS versions did not check TLS certificate validity.
  • Heartbleed.com – OpenSSL memory leak which could leak private keys.
  • httpoxy.org – insecure handling of HTTP proxy environment variable in CGI applications.
  • ImageTragick.com – remote code execution in imagemagick via user-submitted images.
  • KRACKAttacks.com – WPA2 vulnerability resulting from nonce reuse that enables decryption of sent packets. In some cases this leads to MITM.
  • MeltdownAttack.com - Information leak via broken isolation between priviledged and unpriviledged memory.
  • OCSP Status Request - Allows exhaustion of server memory through OSCP Status Requests.
  • Poodle.io – allows MITM attacker to downgrade TLS connections and decrypt SSLv3 connections.
  • ROBOTAttack.org – Return of a 19-year-old vulnerability that allows performing RSA decryption and signing operations with the private key of a TLS server.
  • SHAttered.io - Collision attack against SHA-1.
  • SpectreAttack.com - Information leak via speculative execution behaviors in modern CPUs.
  • Sweet32.info - Birthday attacks on 64-bit block ciphers in TLS and OpenVPN.
  • WeakDH.org – applications which support DHE_EXPORT ciphers allow MITM via weak Diffie-Hellman keys.

About

Index of websites publishing bugs along the lines of heartbleed.com

Topics

tls ssl security netsec mitm-attacks heartbleed

Resources

Readme
Activity

Stars

40 stars

Watchers

6 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages