import httplib, urllib, ssl, string, sys, getoptfrom urlparse import urlparse'''Author: Gotham Digital SciencePurpose: This tool is intended to provide a quick-and-dirty way for organizations to test whether their Jetty web server versions are vulnerable to JetLeak. Currently, this script does not handle sites with invalid SSL certs. This will be fixed in a future iteration.'''if len(sys.argv) < 3: print("Usage: jetleak.py [url] [port]") sys.exit(1)url = urlparse(sys.argv[1])if url.scheme == '' and url.netloc == '': print("Error: Invalid URL Entered.") sys.exit(1)port = sys.argv[2]conn = Noneif url.scheme == "https": conn = httplib.HTTPSConnection(url.netloc + ":" + port)elif url.scheme == "http": conn = httplib.HTTPConnection(url.netloc + ":" + port)else: print("Error: Only 'http' or 'https' URL Schemes Supported") sys.exit(1) x = "\x00"headers = { "Referer": x}conn.request("POST", "/", "", headers)r1 = conn.getresponse()if (r1.status == 400 and ("Illegal character 0x0 in state" in r1.reason)): print("\r\nThis version of Jetty is VULNERABLE to JetLeak!")else: print("\r\nThis version of Jetty is NOT vulnerable to JetLeak.")