Share
## https://sploitus.com/exploit?id=2D1CF102-1932-5BC7-AB3F-30C658A986DC
# CVE-2025-8671-vulnerability-POC-
CVE-2025-8671 vulnerability POC 


# CVE-2025-8671 Vulnerability Scanner

A professional security research tool for detecting the **MadeYouReset** vulnerability (CVE-2025-8671) in HTTP/2 servers. This scanner uses multiple detection heuristics to identify servers vulnerable to stream accounting manipulation attacks.

![Python Version](https://img.shields.io/badge/python-3.7+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![Maintenance](https://img.shields.io/badge/Maintained%3F-yes-green.svg)

---

## ๐Ÿ” About CVE-2025-8671

The **MadeYouReset** vulnerability exploits HTTP/2 stream accounting by forcing servers to send `RST_STREAM` frames via malformed protocol violations while backend processing continues. This creates a resource exhaustion condition that can lead to:

- **Denial of Service (DoS)** - Server resource exhaustion
- **Backend overload** - Processing continues despite stream resets
- **Service degradation** - Increased latency and 5xx errors

### Attack Mechanism

The scanner tests three primary attack primitives:

1. **WINDOW_UPDATE with increment=0** - Protocol violation per RFC 7540
2. **WINDOW_UPDATE overflow** - Flow control window overflow
3. **DATA on half-closed stream** - Sending data after END_STREAM

---

## โœจ Features

- โœ… **Multi-indicator detection** - Analyzes 7+ vulnerability signals
- โœ… **Low false positives** - Scoring system with confidence levels
- โœ… **Batch scanning** - Test multiple domains from a file
- โœ… **Iterative testing** - Multiple test runs for accuracy
- โœ… **Detailed reporting** - Verbose mode with real-time analysis
- โœ… **Color-coded output** - Easy-to-read terminal results

---

## ๐Ÿ“‹ Requirements

- **Python 3.7+**
- **h2** library (hyper-h2)

---

## ๐Ÿš€ Installation

### 1. Clone the Repository

```bash
git clone https://github.com/yourusername/cve-2025-8671-scanner.git
cd cve-2025-8671-scanner
```

### 2. Install Dependencies

```bash
pip3 install -r requirements.txt
```

Or install manually:

```bash
pip3 install h2
```

### 3. Make Scanner Executable

```bash
chmod +x cve-2025-8671-scanner.py---

## ๐Ÿ“ Domain List Format

Create a `domains.txt` file with one domain per line:

```text
# Production servers
prod-api.example.com
prod-web.example.com

# Staging servers
staging.example.org

# CDN endpoints
cdn1.example.net
cdn2.example.net
```

- Lines starting with `#` are treated as comments
- Empty lines are ignored---


## ๐Ÿ“ Domain List Format

Create a `domains.txt` file with one domain per line:

```text
# Production servers
prod-api.example.com
prod-web.example.com

# Staging servers
staging.example.org

# CDN endpoints
cdn1.example.net
cdn2.example.net
```

- Lines starting with `#` are treated as comments
- Empty lines are ignored---



## ๐Ÿ’ป Usage

### Basic Usage

**Test a single domain:**

```bash
python3 cve-2025-8671-scanner.py example.com
```

**Test multiple domains from a file:**

```bash
python3 cve-2025-8671-scanner.py domains.txt
```

### Advanced Options

```bash
python3 cve-2025-8671-scanner.py  [options]

Options:
  --verbose    Show detailed testing output
  --runs N     Number of test iterations (default: 3)
```

### Examples

**Verbose single domain scan:**
```bash
python3 cve-2025-8671-scanner.py vulnerable-server.com --verbose
```

**Batch scan with 5 iterations:**
```bash
python3 cve-2025-8671-scanner.py domains.txt --runs 5
```

**Detailed analysis with verbose output:**
```bash
python3 cve-2025-8671-scanner.py target.example.org --verbose --runs 5
```


- No `http://` or `https://` prefix needed

---

## ๐Ÿ“Š Output Interpretation

### Vulnerability Scores

The scanner calculates a vulnerability score (0-15+) based on multiple indicators:

| Score Range | Classification | Confidence | Action Required |
|-------------|----------------|------------|-----------------|
| **6+** | โœ… VULNERABLE | HIGH | Immediate patching recommended |
| **4-5** | โš ๏ธ LIKELY VULNERABLE | MEDIUM | Further investigation needed |
| **2-3** | โ“ POSSIBLY VULNERABLE | LOW | Monitor and retest |
| **0-1** | โŒ NOT VULNERABLE | N/A | No action needed |

### Detection Indicators

The scanner analyzes these vulnerability signals:

1. **Server RST_STREAM count** - Server sending stream resets (key indicator)
2. **HTTP 5xx errors** - Backend overload symptoms
3. **Latency increase** - Performance degradation during attack
4. **No GOAWAY received** - Server doesn't detect abuse
5. **Sustained impact** - Consistent degradation across measurements
6. **Backend mismatch** - Processing continues after RST
7. **Control frame tolerance** - Server accepts malformed frames

### Example Output

```
======================================================================
Testing: vulnerable-api.example.com
======================================================================

โœ“ vulnerable-api.example.com - VULNERABLE
  Confidence: HIGH (score: 8.0/max: 9)
  Indicators: 7.3 avg server RST, 2.0 avg 5xx, no GOAWAY

======================================================================
SCAN SUMMARY
======================================================================

  Total tested: 5
  Vulnerable: 2
  Likely vulnerable: 1
  Possibly vulnerable: 0
  Not vulnerable: 2
```

---

## ๐Ÿ”ง Technical Details

### Detection Methodology

1. **Baseline Measurement**
   - Establishes normal server RTT via PING frames
   - Measures 5 baseline samples for statistical validity

2. **Attack Phase**
   - Opens up to 100 HTTP/2 streams
   - Sends malformed frames to trigger protocol violations
   - Monitors server responses in real-time

3. **Analysis Phase**
   - Aggregates metrics across multiple test runs
   - Calculates vulnerability score from 7+ indicators
   - Provides confidence-based classification

### Attack Primitives

```python
# WINDOW_UPDATE with increment=0 (RFC 7540 violation)
USE_WINDOW_UPDATE_ZERO = True

# WINDOW_UPDATE causing flow control overflow
USE_WINDOW_OVERFLOW = True

# DATA frames on half-closed streams
USE_HALF_CLOSED_DATA = True
```

### Configuration

Key parameters (adjustable in source code):

```python
PORT = 443                   # Target port
TIMEOUT = 6                  # Connection timeout
TOTAL_STREAMS = 100          # Max streams to open
SCAN_TIME_LIMIT = 15         # Max scan duration (seconds)
BASELINE_PINGS = 5           # Baseline RTT measurements
```

---

## โš ๏ธ Disclaimer

**FOR SECURITY RESEARCH AND AUTHORIZED TESTING ONLY**

This tool is provided for legitimate security research and vulnerability assessment. Users must:

- โœ… Obtain explicit authorization before scanning any systems
- โœ… Comply with all applicable laws and regulations
- โœ… Follow responsible disclosure practices
- โŒ NOT use for malicious purposes or unauthorized access

The authors assume no liability for misuse or damage caused by this software.


---

## ๐Ÿ”— References

- **CVE-2025-8671**: [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-8671)
- **RFC 7540**: [HTTP/2 Specification](https://tools.ietf.org/html/rfc7540)
- **hyper-h2**: [Python HTTP/2 Library](https://python-hyper.org/projects/h2/)

---





---

**โšก Stay secure and scan responsibly!**