Metadata-Version: 2.4
Name: DHEater
Version: 0.5.0
Summary: D(HE)ater is the proof-of-concept implementation of the D(HE)at attack (CVE-2002-20001) against TLS and SSH
Author: Szilárd Pfeiffer
Maintainer-email: Szilárd Pfeiffer <coroner@pfeifferszilard.hu>
License-Expression: Apache-2.0
Project-URL: Homepage, https://dheatattack.com/dheater
Project-URL: Repository, https://gitlab.com/dheatattack/dheater
Project-URL: Issues, https://gitlab.com/dheatattack/dheater/-/issues
Project-URL: Technical paper, https://ieeexplore.ieee.org/document/10374117
Keywords: dhe,denial-of-service,tls,ssh
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: System Administrators
Classifier: Natural Language :: English
Classifier: Operating System :: MacOS
Classifier: Operating System :: Microsoft :: Windows
Classifier: Operating System :: POSIX
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Programming Language :: Python :: Implementation :: PyPy
Classifier: Programming Language :: Python
Classifier: Topic :: Security
Classifier: Topic :: Security :: Cryptography
Classifier: Topic :: Software Development :: Testing :: Traffic Generation
Classifier: Topic :: Software Development :: Testing
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE.txt
Requires-Dist: attrs>=19.2.0
Requires-Dist: cryptolyzer==1.0.0
Requires-Dist: urllib3
Provides-Extra: test
Requires-Dist: unittest2; extra == "test"
Requires-Dist: coverage; extra == "test"
Requires-Dist: six; extra == "test"
Provides-Extra: pep8
Requires-Dist: flake8; extra == "pep8"
Provides-Extra: pylint
Requires-Dist: pylint; extra == "pylint"
Provides-Extra: dev
Requires-Dist: tox; extra == "dev"
Dynamic: license-file

# D(HE)ater

[![PyPI version](https://img.shields.io/pypi/v/dheater.svg)](https://pypi.org/project/dheater/)
[![Python versions](https://img.shields.io/pypi/pyversions/dheater.svg)](https://pypi.org/project/dheater/)
[![License](https://img.shields.io/pypi/l/dheater.svg)](https://choosealicense.com/licenses/apache-2.0/)

D(HE)ater is the proof-of-concept implementation of the D(HE)at attack ([CVE-2002-20001](
https://nvd.nist.gov/vuln/detail/CVE-2002-20001)). For further information about the attack visit the
[project page](https://dheatattack.com/dheater) or read the [full technical paper](
https://ieeexplore.ieee.org/document/10374117) on [IEEE Access](https://ieeeaccess.ieee.org/).

## Disclaimer

D(HE)ater is a proof-of-concept denial-of-service tool intended **only** for defensive
security testing, mitigation verification, and research. Run it exclusively against systems
you own or for which you have explicit, written authorization. Using it against systems
without permission may be illegal and is likely to disrupt the targeted service. The authors
provide the code as-is, without warranty, and accept no liability for any misuse or damage.

## Usage

D(HE)ater is a command-line tool. The `--protocol` option and the target `uri` are mandatory:

```shell
# enforce DHE key exchange against a TLS service
dheat --protocol tls example.com:443

# enforce DHE key exchange against an SSH service
dheat --protocol ssh example.com:22
```

Optional arguments:

| Option | Default | Description |
| --- | --- | --- |
| `--timeout` | `5` | socket timeout in seconds |
| `--thread-num` | `1` | number of threads to run |
| `--key-size` | none | key size to enforce |

```shell
# 16 threads, 10 second timeout
dheat --protocol tls --thread-num 16 --timeout 10 example.com:443
```

## Mitigation

Guidance on detecting and mitigating the D(HE)at attack is maintained on the official project
site: [dheatattack.com](https://dheatattack.com/dheater).

## Requirements

D(HE)ater requires Python 3.9 or newer and depends on [CryptoLyzer](https://gitlab.com/coroner/cryptolyzer)
to check DHE support and generate the necessary traffic. The dependency is installed automatically with the
methods described below.

## Installation

Install the latest release from PyPI:

```shell
pip install dheater
```

To install the current development version directly from the source repository:

```shell
pip install git+https://gitlab.com/dheatattack/dheater.git
```

## License

The code is available under the terms of Apache License Version 2.0. 
A non-comprehensive, but straightforward description and also the full license text can be found at 
[Choose an open source license](https://choosealicense.com/licenses/apache-2.0/) website.

## Credits

D(HE)ater uses [CryptoLyzer](https://gitlab.com/coroner/cryptolyzer) to check DHE support of TLS/SSH
services and also to generate the traffic necessary to perform D(HE)at attack.
