Posted on Thursday, 16th October 2014 by Michael

I know I am a bit behind this one however I been too busy to update my site. This code was written for a organization I work for to rule out false positives while scanning our organization for Heart Bleed.

For those that do not know what Heart Bleed is check out this site: Troy Hunt: Everything you need to know about Heart bleed

Code: a5.sh (no reason why it is named a5.sh, i just got tired of long names through the hundreds of reiterations trying to get to 99% error proof).

#!/bin/bash
###################################################
## Automate the HeartBleed Vuln Testing ##
## BY: Michael ##
###################################################
###VARIABLES
nV=not-vulnerable/
iV=vulnerable/
#Learn how to use my app already :)
if [ $# -eq 0 ]
then
echo "No arguments supplied"
echo "Proper usage is: ./a5.sh host_list Output_file"
exit
fi
#Remove Empty lines
sed '/^$/d' $1 >> $1.bk
mv $1.bk $1
#READ THE LIST OF HOSTS FROM host.bk and NAMP FOR KNOWN SSL PORTS
while read p;
do
#Check to see if the host resolves:
nmap $p -p 80 -oG $p-v.txt > /dev/null
uHOST=`cat $p-v.txt | grep -v "initiated" | awk -F"#" {'print $2'} | cut -d"-" -f3 | awk -F"I" {'print $1'}`
if [ $uHOST -eq "0" ]
then
echo "$p : NOT RESOLVABLE"
echo "$p,NOT RESOLVABLE" >> $2.csv
rm -Rf $p-v.txt
else
nmap $p -p 25,143,443,465,563,636,695,898,989,990,992,993,994,995,2083,2087,2096,2484,8081,8082,8089,8443,8883,9091,2381 | grep "open" | awk -F"/" {'print $1'} | grep -v "Nmap" >> $p.txt
if [ ! -s $p.txt ]
then
echo "$p : NO VULNERABLE PORTS FOUND"
echo "$p,NO VULNERABLE PORTS FOUND" >> $2.csv
else
while read i;
do
echo "Results for server: $p" >> $nV$p-results.txt
python ssltest.py $p -p $i >> $nV$p-results.txt
done <$p.txt
if grep -q WARNING "$nV$p-results.txt"; then
mv $nV$p-results.txt VULNERABLE_$p-results.txt
mv VULNERABLE_$p-results.txt $iV
echo "$p is VULNERABLE. LOGGING ISSUE"
echo "$p,VULNERABLE" >> $2.csv
else
echo "$p is NOT VULNERABLE MOVE ALONG"
echo "$p,NOT VULNERABLE" >> $2.csv
fi
fi
fi
rm -Rf $p.txt
rm -Rf $p-v.txt
done <$1

The code will create some directory structure for saving the results, a vulnerable and not vulnerable folder. This is to save the results of each site that is tested for manual verification if there is any question if the code is working correctly. We next verify the host is up and running. No need to scan a site that is dead! However we will record the sites status for auditing later.If the site is up and running we then check the site for a slue of ports that have been taking from the heart bleed IPS signatures as known SSL ports. if the script detects a known vulnerable port it will then try to exploit the site. The exploit script is called ssltest.py and was not developed by me. It can be downloaded here: https://gist.github.com/sh1n0b1/10100394. Depending on the results of the exploit the script will mark it as vulnerable or not vulnerable.

How to use the code?

Step 1: Create the Shell Script

  1. vi a5.sh
  2. coy and paste the above code into the file.
  3. Save the file
  4. chmod 777 a5.sh

Step 2: Run the code

  1. ./a5.sh list_of_hosts output_file (ie. ./a5.sh heartbleed_hosts heartbleed_results.csv)

Step 3: Next steps

  1. Review the results.csv file you created
  2. Review the Vulnerable directory for any sites that were detected vulnerable to review the results.

 

 

 

Posted in Code | Comments (0)

Leave a Reply

*