alexoslabs · thiagolabs · Aug 29, 2017 · Aug 29, 2017 · Aug 30, 2017 · Aug 30, 2017
diff --git a/README.md b/README.md
@@ -18,7 +18,7 @@ Cygwin dependencies:
 
 Usage:
 
-bash httpsscan.sh [target] [port] [option]
+bash httpsscan.sh [target_file] -p [ports] [option]
 
 Options:
 

diff --git a/httpsscan.sh b/httpsscan.sh
@@ -42,7 +42,9 @@
 VERSION=1.8.2
 function Help {
 echo "-------------------------------"
-echo "Use: ./httpsscan IP PORT OP"
+echo "Use: ./httpsscan TARGET_FILE -p TARGET_PORTs OP"
+echo "Ex: $0 /tmp/hosts -p 443 ssl2"
+echo "Ex: $0 /tmp/hosts -p 443,4443 ssl2"
 echo -e "OP:
 	all, --all, a
 	ssl2, --ssl2
@@ -68,220 +70,310 @@ echo "#+#    #+#    #+#        #+#    #+#        #+#    #+##+#    #+##+#    #+##
 echo "###    ###    ###        ###    ###        ########  ########  ######## ###     ######    #### "
 echo "V. $VERSION by Alexos Core Labs                                                       "
 
-if [ $# -ne 3 ]; then
-   echo Usage: $0 IP PORT OP
+if [ $# -ne 4 ]; then
+   echo Usage: $0 TARGET_FILE -p TARGET_PORTs OP
+   echo "Ex: $0 /tmp/hosts -p 443 ssl2"
+   echo "Ex: $0 /tmp/hosts -p 443,4443 ssl2"
    Help
    exit
 fi
-
-HOST=$1
-PORT=$2
-TARGET=$HOST:$PORT
-OP=$3
+TARGET_PORTS="$3"; PORTS=`echo $TARGET_PORTS | sed -e 's/,/ /g'`
+OP=$4
 red=`tput setaf 1 2>/dev/null`
+green=`tput setaf 2 2>/dev/null`
 reset=`tput sgr0 2>/dev/null`
 timeout_bin=`which timeout 2>/dev/null`
 
 
-function ssl2 {
+
+function ssl2() {
 echo
 echo "${red}==> ${reset} Checking SSLv2 (CVE-2011-1473) (CVE-2016-0800)"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -ssl2 -connect "$TARGET" 2>/dev/null`"
 
 proto=`echo "$ssl" | grep '^ *Protocol *:' | awk '{ print $3 }'`
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
+
+echo -e "\n Checking $HOST:$PORT... \n"
 
 if [ "$cipher" = '' ]; then
-        echo 'Not vulnerable.  Failed to establish SSLv2 connection.'
+        echo "${green}Not vulnerable.${reset}  Failed to establish SSLv2 connection."
 else
         echo "${red}Vulnerable!${reset}  SSLv2 connection established using $proto/$cipher"
 fi
+   done
+done
 }
 
 function crime {
 echo
 echo "${red}==> ${reset} Checking CRIME (CVE-2012-4929)"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -connect "$TARGET" 2>/dev/null`"
 compr=`echo "$ssl" |grep 'Compression: ' | awk '{ print $2 } '`
 
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [ "$compr" = 'NONE' ] || [ "$compr" = "" ]; then
-        echo 'Not vulnerable. TLS Compression is not enabled.'
+        echo "${green}Not vulnerable.${reset} TLS Compression is not enabled."
 else
         echo "${red}Vulnerable!${reset} Connection established using $compr compression."
 fi
+   done
+done
 }
 
 function rc4 {
 echo
 echo "${red}==> ${reset} Checking RC4 (CVE-2013-2566)"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -cipher RC4 -connect "$TARGET" 2>/dev/null`"
 proto=`echo "$ssl" | grep '^ *Protocol *:' | awk '{ print $3 }'`
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
+
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [ "$cipher" = '' ]; then
-echo 'Not vulnerable. Failed to establish RC4 connection.'
+echo "${green}Not vulnerable.${reset} Failed to establish RC4 connection."
 else
 echo "${red}Vulnerable!${reset} Connection established using $proto/$cipher"
 fi
+   done
+done
 }
 
 function heartbleed {
 echo
 echo "${red}==> ${reset} Checking Heartbleed (CVE-2014-0160)"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo "QUIT"|openssl s_client -connect "$TARGET" -tlsextdebug 2>&1|grep 'server extension "heartbeat" (id=15)' || echo safe 2>/dev/null`"
 
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [ "$ssl" = 'safe' ]; then
-        echo 'The host is not vulnerable to Heartbleed attack.'
+        echo "The host is ${green}not vulnerable${reset} to Heartbleed attack."
 else
         echo "${red}Vulnerable!${reset} The host is vulnerable to Heartbleed attack."
 fi
+   done
+done
 }
 
 function poodle {
 echo
 echo "${red}==> ${reset} Checking Poodle (CVE-2014-3566)"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -ssl3 -connect "$TARGET" 2>/dev/null`"
 
 proto=`echo "$ssl" | grep '^ *Protocol *:' | awk '{ print $3 }'`
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
 
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [ "$cipher" = '0000'  -o  "$cipher" = '(NONE)' ] || [ "$cipher" = "" ]; then
-        echo 'Not vulnerable.  Failed to establish SSLv3 connection.'
+        echo "${green}Not vulnerable.${reset}  Failed to establish SSLv3 connection."
 else
         echo "${red}Vulnerable!${reset} SSLv3 connection established using $proto/$cipher"
 fi
+   done
+done
 }
 
 function freak {
 echo
 echo "${red}==> ${reset} Checking FREAK (CVE-2015-0204)"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -cipher EXPORT -connect "$TARGET" 2>/dev/null`"
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
+
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [ "$cipher" = '' ]; then
-         echo 'Not vulnerable.  Failed to establish connection with an EXPORT cipher.'
+         echo "${green}Not vulnerable.${reset}  Failed to establish connection with an EXPORT cipher."
 else
          echo "${red}Vulnerable!${reset} Connection established using $cipher"
 fi
+   done
+done
 }
 
 function null {
 echo
 echo "${red}==> ${reset}Checking NULL Cipher"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -cipher NULL -connect "$TARGET" 2>/dev/null`"
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
+
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [ "$cipher" = '' ]; then
-         echo 'Not vulnerable.  Failed to establish connection with a NULL cipher.'
+         echo "${green}Not vulnerable.${reset}  Failed to establish connection with a NULL cipher."
 else
          echo "${red}Vulnerable!${reset} Connection established using $cipher"
 fi
+   done
+done
 }
 
-
 function weak40 {
 echo
 echo "${red}==> ${reset} Checking Weak Ciphers"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -cipher EXPORT40 -connect "$TARGET" 2>/dev/null`"
 
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
 
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [  "$cipher" = '' ]; then
-        echo 'Not vulnerable. Failed to establish connection with 40 bit cipher.'
+        echo "${green}Not vulnerable.${reset} Failed to establish connection with 40 bit cipher."
 else
         echo "${red}Vulnerable!${reset} Connection established using 40 bit cipher"
 fi
+   done
+done
 }
 
 
 function weak56 {
 echo
 echo "${red}==> ${reset} Checking Weak Ciphers"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -cipher EXPORT56 -connect "$TARGET" 2>/dev/null`"
 
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
 
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [  "$cipher" = '' ]; then
-        echo 'Not vulnerable. Failed to establish connection with 56 bit cipher.'
+        echo "${green}Not vulnerable.${reset} Failed to establish connection with 56 bit cipher."
 else
         echo "${red}Vulnerable!${reset} Connection established using 56 bit cipher"
 fi
+   done
+done
 }
 
 function forward {
 echo
 echo "${red}==> ${reset}Checking Forward Secrecy"
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
 
 ssl="`echo 'Q' | ${timeout_bin:+$timeout_bin 5} openssl s_client -cipher 'ECDH:DH' -connect "$TARGET" 2>/dev/null`"
 
 proto=`echo "$ssl" | grep '^ *Protocol *:' | awk '{ print $3 }'`
 cipher=`echo "$ssl" | grep '^ *Cipher *:' | awk '{ print $3 }'`
 
+echo -e "\n Checking $HOST:$PORT... \n"
+
 if [ "$cipher" = ''  -o  "$cipher" = '(NONE)' ]; then
         echo 'Forward Secrecy is not enabled.'
 else
         echo "Enabled! Established using $proto/$cipher"
 fi
+   done
+done
 }
 
-function online {
-ssl="`echo Q | openssl s_client -connect "$TARGET" 2>/dev/null | wc -l`"
+function online() {
+for HOST in `cat $1`; do
+   for PORT in ${PORTS[@]}; do
+      TARGET=$HOST:$PORT
+ssl="`echo Q | ${timeout_bin:+$timeout_bin 5} openssl s_client -connect "$TARGET" 2>/dev/null | wc -l`"
 if [ "$ssl" -lt 5 ]; then
-        echo "Host $TARGET is unreachable.  Halting test."
-        exit -1
+	echo
+        echo "Host $TARGET is unreachable." 
 fi
+   done
+done
 }
 
 
 #----------------------------------------------------------------------------------------------------------------------------------
 
-online
 echo
-echo [*] Analyzing SSL/TLS Vulnerabilities on $HOST:$PORT ...
+echo [*] Analyzing SSL/TLS Vulnerabilities...
 echo
 echo Generating Report...Please wait
+online $1
+
 
 # Nova chamada das funções:
-case $3 in
+case $4 in
 	"--help"|"help")
 		Help;;
 	"all"|"--all"|"a")
-		ssl2
-		crime
-		rc4
-		heartbleed
-		poodle
-		freak
-		null
-		weak40
-		weak56
-		forward;;
+		ssl2 $1
+		crime $1
+		rc4 $1
+		heartbleed $1
+		poodle $1
+		freak $1
+		null $1
+		weak40 $1
+		weak56 $1
+		forward $1
+	;;
 	"ssl2"|"--ssl2")
-		ssl2;;
+		ssl2 $1
+	;;
 	"crime"|"--crime")
-                crime;;
+                crime $1
+	;;
 	"rc4"|"--rc4")
-                rc4;;
+                rc4 $1
+	;;
  	"heartbleed"|"--heartbleed")
-            heartbleed;;
+            	heartbleed $1
+	;;
 	"poodle"|"--poodle")
-                poodle;;
+                poodle $1
+	;;
 	"freak"|"--freak")
-                freak;;
+                freak $1
+	;;
 	"null"|"--null")
-                null;;
+                null $1
+	;;
 	"weak40"|"--weak40")
-                weak40;;
+                weak40 $1
+	;;
 	"weak56"|"--weak56")
-                weak56;;
+                weak56 $1
+	;;
 	"forward"|"--forward")
-                forward;;
+                forward $1
+	;;
 	*)
 		echo -e "${red}Parameter invalid, check --help${reset}"
 esac
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,7 +18,7 @@ Cygwin dependencies: @@
     Usage:
-    bash httpsscan.sh [target] [port] [option]
+    bash httpsscan.sh [target_file] -p [ports] [option]
     Options:
@@ Expand Down @@