Skip to content

Instantly share code, notes, and snippets.

Forked from martinseener/
Last active August 29, 2015 14:16
Show Gist options
  • Save infoslack/eaa054393b1fb9edbc3f to your computer and use it in GitHub Desktop.
Save infoslack/eaa054393b1fb9edbc3f to your computer and use it in GitHub Desktop.
#!/usr/bin/env bash
# (c) 2015 Martin Seener
# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
# It will output if the checked host is vulnerable and returns the right exit code
# so it can also be used as a nagios check!
PROGNAME=$(basename $0)
AUTHOR="2015, Martin Seener ([email protected])"
print_help() {
echo ""
echo "$PROGNAME is a small shell script which checks remote SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)"
echo "It will return if the service is vulnerable or not and exit with 0 (OK) or 2 (CRIT) so it can be used as"
echo "a nagios check too"
echo ""
echo "Usage: $0 <IP or Hostname> <port>"
echo "Example: $0 443"
echo ""
initialize() {
if [ -z "$1" ]; then
echo "The Hostname/IP Argument is missing!"
echo ""
exit 3
if [[ ! $2 =~ ^[0-9]+$ ]] || [ $2 -eq 0 ] || [ $2 -gt 65535 ] ; then
echo "The Port argument must be a positive integer value starting at 1 up to 65535"
echo ""
exit 3
OPENSSL=$(which openssl)
if [ "$OPENSSL" == "" ]; then
echo "Cannot find openssl! Aborting!"
echo ""
exit 3
check_freak() {
# Get the information
CHK=$($OPENSSL s_client -host $1 -port $2 -cipher EXPORT < /dev/null 2>/dev/null)
# Check if there is an export cipher
echo $CHK | grep "Cipher is EXP" > /dev/null
case "$1" in
exit 3;;
# Initialize
initialize $1 $2
# Do the check
check_freak $1 $2
# Return the result
if [ $? -eq 1 ]; then
echo "OK - The Service at $1 on port $2 is NOT vulnerable to FREAK (CVE 2015-0204)"
exit 0
echo "CRITICAL - The Service at $1 on port $2 IS PROBABLY VULNERABLE to FREAK (CVE 2015-0204)"
exit 2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment