HeartBleed test script
Hopefully we all have seen the news about the Heartbleed vulnerability. There are some testing scripts out there that provide you the capability the check if a site is vulnerable to the attack. But what if you are an administrator and you want to make sure that your services are not using an openssl lib that is vulnerable? Maybe a library that came with the software instead of the system one? Well... queue the trumpets :P
Here is a quick script that will find if you are using 1.0.1 versions (except g) of OpenSSL. Feel free to steal it and make it your own :) (sharing is caring)
#!/bin/bash
# make a buffer file
tempfile=`mktemp -p /tmp heartbleedtester.XXXXXXXXXX`
# get the PIDs
for pid in $(grep -l 'libssl' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps | grep -v "PID TTY" | awk '{print $1}'); do
# look for libssl on each proc, sort uniq them too
for file in $(grep libssl /proc/$pid/maps | awk '{print $6}' | sort -u ); do
# in each proc file matching libssl look for strings of 1.0.1 and not 1.0.1g
for result in $(strings $file | grep 1.0.1 | grep -v 1.0.1g); do
output=`echo $?`
# if there is output (=0) then count it
if [ $output = 0 ]; then
procname=`ps ax | grep -v grep | grep $pid | awk '{print $5 $6 $7}'`
echo "Process $procname (PID:$pid) is using a vulnerable version of OpenSSL ($file)" >> $tempfile
fi
done
done
done
# spit out the output
cat $tempfile | sort -u
rm -f $tempfile
Enjoy :)
Here is a quick script that will find if you are using 1.0.1 versions (except g) of OpenSSL. Feel free to steal it and make it your own :) (sharing is caring)
#!/bin/bash
# make a buffer file
tempfile=`mktemp -p /tmp heartbleedtester.XXXXXXXXXX`
# get the PIDs
for pid in $(grep -l 'libssl' /proc/*/maps | tr -cd 0-9\\n | xargs -r ps | grep -v "PID TTY" | awk '{print $1}'); do
# look for libssl on each proc, sort uniq them too
for file in $(grep libssl /proc/$pid/maps | awk '{print $6}' | sort -u ); do
# in each proc file matching libssl look for strings of 1.0.1 and not 1.0.1g
for result in $(strings $file | grep 1.0.1 | grep -v 1.0.1g); do
output=`echo $?`
# if there is output (=0) then count it
if [ $output = 0 ]; then
procname=`ps ax | grep -v grep | grep $pid | awk '{print $5 $6 $7}'`
echo "Process $procname (PID:$pid) is using a vulnerable version of OpenSSL ($file)" >> $tempfile
fi
done
done
done
# spit out the output
cat $tempfile | sort -u
rm -f $tempfile
Enjoy :)