Behold, the world’s worst POODLE scanner for HTTPS services:
#!/bin/bash
subnets="192.168.0.0/16 10.0.0.0/8"
for subnet in $subnets; do
echo -e "########## SCANNING $subnet ##########\n"
https_servers=`nmap -sS -P0 -n -p 443 -oG - $subnet | grep open | awk '{print $2}'`
echo "TCP/443 found open on:"
echo -e "$https_servers\n"
echo "Scanning for SSLv3..."
for https_srv in $https_servers; do
echo -n | openssl s_client -connect $https_srv:443 -ssl3 &> /dev/null
if [ $? -eq 0 ]; then
echo "SSLv3 ENABLED on $https_srv:443"
fi
done
echo -e "\nCOMPLETED SCAN FOR $subnet\n"
done |
#!/bin/bash
subnets="192.168.0.0/16 10.0.0.0/8"
for subnet in $subnets; do
echo -e "########## SCANNING $subnet ##########\n"
https_servers=`nmap -sS -P0 -n -p 443 -oG - $subnet | grep open | awk '{print $2}'`
echo "TCP/443 found open on:"
echo -e "$https_servers\n"
echo "Scanning for SSLv3..."
for https_srv in $https_servers; do
echo -n | openssl s_client -connect $https_srv:443 -ssl3 &> /dev/null
if [ $? -eq 0 ]; then
echo "SSLv3 ENABLED on $https_srv:443"
fi
done
echo -e "\nCOMPLETED SCAN FOR $subnet\n"
done
All it really does is tell you if SSL 3.0 is enabled on port TCP/443 when given a list of IP addresses and/or subnets to scan.
The above code depends on several things:
- bash or bash-like shell
- nmap, running with root privileges
- openssl command line utility
- awk and grep
Define the variable $subnet with a space-delimited nmap-compatible list of IP and/or subnet addresses.
The code can be easily modified to check for SSLv3 presence on other services/ports but I didn’t build that into the functionality because this is, after all, the world’s worst POODLE scanner.
Quick? Check. Dirty? Check. Yep, it’s a hack.