D(HE)ater is the proof-of-concept implementation of the D(HE)at attack (CVE-2002-20001) against TLS and SSH
Project description
D(HE)ater
D(HE)ater is the proof-of-concept implementation of the D(HE)at attack (CVE-2002-20001). For further information about the attack visit the project page or read the full technical paper on IEEE Access.
Disclaimer
D(HE)ater is a proof-of-concept denial-of-service tool intended only for defensive security testing, mitigation verification, and research. Run it exclusively against systems you own or for which you have explicit, written authorization. Using it against systems without permission may be illegal and is likely to disrupt the targeted service. The authors provide the code as-is, without warranty, and accept no liability for any misuse or damage.
Usage
D(HE)ater is a command-line tool. The --protocol option and the target uri are mandatory:
# enforce DHE key exchange against a TLS service
dheat --protocol tls example.com:443
# enforce DHE key exchange against an SSH service
dheat --protocol ssh example.com:22
Optional arguments:
| Option | Default | Description |
|---|---|---|
--timeout |
5 |
socket timeout in seconds |
--thread-num |
1 |
number of threads to run |
--key-size |
none | key size to enforce |
# 16 threads, 10 second timeout
dheat --protocol tls --thread-num 16 --timeout 10 example.com:443
Mitigation
Guidance on detecting and mitigating the D(HE)at attack is maintained on the official project site: dheatattack.com.
Requirements
D(HE)ater requires Python 3.9 or newer and depends on CryptoLyzer to check DHE support and generate the necessary traffic. The dependency is installed automatically with the methods described below.
Installation
Install the latest release from PyPI:
pip install dheater
To install the current development version directly from the source repository:
pip install git+https://gitlab.com/dheatattack/dheater.git
License
The code is available under the terms of Apache License Version 2.0. A non-comprehensive, but straightforward description and also the full license text can be found at Choose an open source license website.
Credits
D(HE)ater uses CryptoLyzer to check DHE support of TLS/SSH services and also to generate the traffic necessary to perform D(HE)at attack.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dheater-1.0.0.tar.gz.
File metadata
- Download URL: dheater-1.0.0.tar.gz
- Upload date:
- Size: 16.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8465beeba6e6bdfdc26f91ad1513916d8dccf7836d99c5aa1f7760778ec827e2
|
|
| MD5 |
042329d0ee5f85564bb1d115c2ac3eae
|
|
| BLAKE2b-256 |
c0899a67c4fe23b6d6e8ddcf1f2df9a9f2afcebca639c9a857a8bc770be1984b
|
File details
Details for the file dheater-1.0.0-py3-none-any.whl.
File metadata
- Download URL: dheater-1.0.0-py3-none-any.whl
- Upload date:
- Size: 13.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
425ec7af2b889886f82b79b3b66df61de5a946b3c00f95835580d2fc0d222e8d
|
|
| MD5 |
34447caf5e100ef3b3545e49bcdd444a
|
|
| BLAKE2b-256 |
0a067d0dc7d8b04d23ee47043c7d8c37a3a3c8971a74cc6667fe5a7297c0e89c
|
