Scan your network for vulnerable https (OpenSSL TLS Heartbeat Extension Bug - CVE-2014-0160)
We are going to locally build on a linux machine the Heartbleed checker wrote by https://github.com/FiloSottile (thank you!) in order to check for OpenSSL Heartbleed Bug CVE-2014-0160. Fire up your shell terminal and install golang package via aptitude or yum.
yum install golang
Now create the go environment and get the Heartbleed checker:
export GOPATH=~/go
export GOBIN=$GOPATH
mkdir $GOPATH
cd $GOPATH
go get github.com/FiloSottile/Heartbleed
You should have something like the following structure:
# ls -l
total 6268
-rwxr-xr-x 1 root root 6409872 Apr 8 15:52 Heartbleed
drwxr-xr-x 3 root root 4096 Apr 8 15:52 pkg
drwxr-xr-x 3 root root 4096 Apr 8 15:52 src
Check if Heartbleed executable works:
./Heartbleed tumblr.com:443
2014/04/08 15:55:44 tumblr.com:443 - SAFE
Looks good :-) Now scan your network (eg. 10.11.12.0/24) for open HTTPS:
nmap -PN -p 443 --open -oG - 10.11.12.0/24 | awk '$NF~/https/{print $2}'
You should ha ve a list of IP like the following:
10.11.12.1
10.11.12.3
10.11.12.4
10.11.12.5
10.11.12.6
10.11.12.13
10.11.12.14
...
Copy & paste this list in a file (eg. list_443.txt), in the same path of the Heartbleed executable (in my example: ~/go/list_443.txt). Now you may launch the Heartbleed checker in a while loop as follows:
# while read LIST ; do ./Heartbleed ${LIST}:443 ; done < list_443.txt
Example output:
2014/04/08 16:01:31 10.11.12.1:443 - SAFE
2014/04/08 16:01:34 10.11.12.3:443 - SAFE
2014/04/08 16:04:52 ([]uint8) {
00000000 02 00 79 68 65 61 72 74 62 6c 65 65 64 2e 66 69 |..yheartbleed.fi|
00000010 6c 69 70 70 6f 2e 69 6f 59 45 4c 4c 4f 57 20 53 |lippo.ioYELLOW S|
00000020 55 42 4d 41 52 49 4e 45 76 d7 6e 8a 38 30 59 03 |UBMARINEv.n.80Y.|
00000030 2c 73 be a2 1e 73 d5 af 19 37 8d 77 03 03 03 03 |,s…s…7.w….|
00000040 72 60 d9 30 ca 7a d1 18 7f bd 5f f4 18 0f 6c d6 |r`.0.z…._…l.|
00000050 c5 6d 06 4e 1e cf 7d 3d d0 1b d8 70 16 7f 51 b2 |.m.N..}=…p..Q.|
00000060 91 dd db 85 2c d3 7c 50 40 46 04 ee d2 dd 13 14 |….,.|P@F……|
00000070 73 3f e2 bc cf ce 77 40 1f 28 da dc 82 f6 57 62 |s?….w@.(….Wb|
00000080 2b ac e8 01 59 9a 18 2a 7d e3 be d4 |+…Y..*}…|
}
2014/04/08 16:04:52 10.11.12.4:8443 - VULNERABLE
Heads up and go patch your openssl! source: https://github.com/FiloSottile/Heartbleed UPDATE: you may want to thoroughly test your key services against https://www.ssllabs.com/ssltest