-
-
Save infoslack/eaa054393b1fb9edbc3f to your computer and use it in GitHub Desktop.
Revisions
-
martinseener revised this gist
Mar 3, 2015 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,7 +12,6 @@ VERSION="v0.1" AUTHOR="2015, Martin Seener ([email protected])" print_help() { echo "" echo "$PROGNAME is a small shell script which checks remote SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)" echo "It will return if the service is vulnerable or not and exit with 0 (OK) or 2 (CRIT) so it can be used as" -
Mar 3, 2015 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,76 @@ #!/usr/bin/env bash # check_freak.sh # (c) 2015 Martin Seener # Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204) # It will output if the checked host is vulnerable and returns the right exit code # so it can also be used as a nagios check! PROGNAME=$(basename $0) VERSION="v0.1" AUTHOR="2015, Martin Seener ([email protected])" print_help() { print_version $PROGNAME $VERSION echo "" echo "$PROGNAME is a small shell script which checks remote SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)" echo "It will return if the service is vulnerable or not and exit with 0 (OK) or 2 (CRIT) so it can be used as" echo "a nagios check too" echo "" echo "Usage: $0 <IP or Hostname> <port>" echo "Example: $0 www.google.com 443" echo "" } initialize() { if [ -z "$1" ]; then echo "The Hostname/IP Argument is missing!" echo "" print_help exit 3 fi if [[ ! $2 =~ ^[0-9]+$ ]] || [ $2 -eq 0 ] || [ $2 -gt 65535 ] ; then echo "The Port argument must be a positive integer value starting at 1 up to 65535" echo "" print_help exit 3 fi OPENSSL=$(which openssl) if [ "$OPENSSL" == "" ]; then echo "Cannot find openssl! Aborting!" echo "" print_help exit 3 fi } check_freak() { # Get the information CHK=$($OPENSSL s_client -host $1 -port $2 -cipher EXPORT < /dev/null 2>/dev/null) # Check if there is an export cipher echo $CHK | grep "Cipher is EXP" > /dev/null } case "$1" in --help|-h) print_help exit 3;; *) ;; esac # Initialize initialize $1 $2 # Do the check check_freak $1 $2 # Return the result if [ $? -eq 1 ]; then echo "OK - The Service at $1 on port $2 is NOT vulnerable to FREAK (CVE 2015-0204)" exit 0 else echo "CRITICAL - The Service at $1 on port $2 IS PROBABLY VULNERABLE to FREAK (CVE 2015-0204)" exit 2 fi