James Eduard

James Eduard

  • Pentesting Tools
  • Sniffing & Spoofing

    • MassBleed SSL Vulnerability Scanner

    pir8g33k1 mins0

    USAGE:

    sh massbleed.sh [CIDR|IP] [single|port|subnet] [port] [proxy]

    About:
    -This script has four main functions with the ability to proxy all connections:

    • To mass scan any CIDR range for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh massbleed.sh 192.168.0.0/16)
    • To scan any CIDR range for OpenSSL vulnerabilities via any custom port specified (example: sh massbleed.sh 192.168.0.0/16 port 8443)
    • To individual scan every port (1-10000) on a single system for vulnerable versions of OpenSSL (example: sh massbleed.sh 127.0.0.1 single)
    • To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh massbleed.sh 192.168.0. subnet)

    Proxy:
    -A proxy option has been added to scan via proxychains. You’ll need to configure /etc/proxychains.conf for this to work.
    Proxy usage example:

    sh massbleed.sh 192.168.0.0/16 0 0 proxy

    sh massbleed.sh 192.168.0.0/16 port 8443 proxy

    sh massbleed.sh 127.0.0.1 single 0 proxy

    sh massbleed.sh 192.168.0. subnet 0 proxy

    Vulnerabilities:

    • OpenSSL HeartBleed Vulnerability (CVE-2014-0160)
    • OpenSSL CCS (MITM) Vulnerability (CVE-2014-0224)
    • Poodle SSLv3 vulnerability (CVE-2014-3566)

    Requirements:
    Is the heartbleed POC present? Is the openssl CCS script present? Is unicornscan installed? Is nmap installed? Is sslscan installed?

    pir8g33k

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Related Articles

    1 mins
    You May Have Missed