Behold, the world’s worst POODLE scanner for HTTPS services:
#!/bin/bash subnets="192.168.0.0/16 10.0.0.0/8" for subnet in $subnets; do echo -e "########## SCANNING $subnet ##########\n" https_servers=`nmap -sS -P0 -n -p 443 -oG - $subnet | grep open | awk '{print $2}'` echo "TCP/443 found open on:" echo -e "$https_servers\n" echo "Scanning for SSLv3..." for https_srv in $https_servers; do echo -n | openssl s_client -connect $https_srv:443 -ssl3 &> /dev/null if [ $? -eq 0 ]; then echo "SSLv3 ENABLED on $https_srv:443" fi done echo -e "\nCOMPLETED SCAN FOR $subnet\n" done |
All it really does is tell you if SSL 3.0 is enabled on port TCP/443 when given a list of IP addresses and/or subnets to scan.
The above code depends on several things:
- bash or bash-like shell
- nmap, running with root privileges
- openssl command line utility
- awk and grep
Define the variable $subnet with a space-delimited nmap-compatible list of IP and/or subnet addresses.
The code can be easily modified to check for SSLv3 presence on other services/ports but I didn’t build that into the functionality because this is, after all, the world’s worst POODLE scanner.
Quick? Check. Dirty? Check. Yep, it’s a hack.