jmoggr · October 16, 2015 00:27
diff --git a/Diffie-Hellman_exploit_detection.sh b/Diffie-Hellman_exploit_detection.sh
 #!/bin/bash

 declare -A all_connections

 while true; do
    new_connections=()
    for i in $(netstat -natp 2>/dev/null | grep :443 | awk '{ print $5 }'); do
        if [[ ! ${all_connections[$i]} ]]; then
            all_connections[$i]=1
            new_connections+=($i)
        fi
    done

    for i in "${new_connections[@]}"; do
        output="$(openssl s_client -connect $i -cipher EDH 2>/dev/null </dev/null)" 
        if [ $? -eq 0 ]; then

            name=$(echo "${output}" | grep -E "subject" | sed 's/^.*\/O=//' | sed 's/\/.*//' | sed 's/subject=//')
            security=$(echo "${output}" | grep -E "Server Temp Key" | cut -d ' ' -f 5)
            address=$(dig +short -x $(echo $i | sed 's/:.*//'))

            if [[ $security -lt 2048 ]]; then
                echo "orginization: " $name
                echo "address:      " $address
                echo "security:     " $security " bits"
                echo ""
            fi
        fi
    done

    sleep 5

 done
	#!/bin/bash

	declare -A all_connections

	while true; do
	new_connections=()
	for i in $(netstat -natp 2>/dev/null \| grep :443 \| awk '{ print $5 }'); do
	if [[ ! ${all_connections[$i]} ]]; then
	all_connections[$i]=1
	new_connections+=($i)
	fi
	done

	for i in "${new_connections[@]}"; do
	output="$(openssl s_client -connect $i -cipher EDH 2>/dev/null </dev/null)"
	if [ $? -eq 0 ]; then

	name=$(echo "${output}" \| grep -E "subject" \| sed 's/^.\/O=//' \| sed 's/\/.//' \| sed 's/subject=//')
	security=$(echo "${output}" \| grep -E "Server Temp Key" \| cut -d ' ' -f 5)
	address=$(dig +short -x $(echo $i \| sed 's/:.*//'))

	if [[ $security -lt 2048 ]]; then
	echo "orginization: " $name
	echo "address: " $address
	echo "security: " $security " bits"
	echo ""
	fi
	fi
	done

	sleep 5

	done