CVE-2016-2107
CVE-2016-2107 copied to clipboard
Lowered the timeout from one minute to a default of 20 seconds
which in my tests proved to be around 10 times the required time to get a response from a patched or vulnerable server - but it of course depends on your network latency.
Cool, Could you squash? It may be a good idea to add this as a flag, since 2 seconds is in the realms of a TCP connection missing something, and in some cases you really want to avoid a false positive, and other times you are less caring :)
I'm unlikely to put in a default lower than 20 seconds. Some of us have crappy connections :) Please make this a flag if you want to be able to configure something lower.
Thanks for the feedback. I can see the benefit of making this a flag, so I have converted the PR to use flags while keeping backwards compability by making the usage of the flags optional.
Example usage: ./CVE-2016-2107 --help Usage of ./CVE-2016-2107: -address string Server to test (default "127.0.0.1") -timeout int Connection timeout in seconds (default 20)
time ./CVE-2016-2107 8.8.8.8 2016/05/13 23:19:55 dial tcp 8.8.8.8:443: i/o timeout
real 0m20.002s user 0m0.000s sys 0m0.000s
./CVE-2016-2107 -address filippo.io -timeout 2 2016/05/13 23:22:06 Vulnerable: false