Last active
August 29, 2015 14:07
-
-
Save matthewdfuller/841406c50a04b8f26451 to your computer and use it in GitHub Desktop.
Queries AWS for all load balancers and iterates through each, checking if they support SSLv3 to protect against POODLE
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Created in response to the POODLE SSLv3 security vulnerability | |
| // To use, node/npm is required, then run: | |
| // npm install aws-sdk | |
| // npm install async | |
| // node awsSSLv3.js | |
| var AWS = require('aws-sdk'); | |
| var async = require('async'); | |
| var ACCESS_KEY = 'KEY-HERE'; | |
| var SECRET_KEY = 'SECRET-HERE'; | |
| var REGION = 'us-east-1'; | |
| AWS.config.update({accessKeyId: ACCESS_KEY, secretAccessKey: SECRET_KEY, region: REGION}); | |
| var run = function(callback){ | |
| console.log('Running SSLv3 test'); | |
| var elb = new AWS.ELB(); | |
| elb.describeLoadBalancers(function(err, data){ | |
| if (err) { | |
| callback(err); | |
| return; | |
| } | |
| if (data) { | |
| // Loop through data and collect LB names and policies | |
| var paramArray = []; | |
| for (i in data.LoadBalancerDescriptions) { | |
| var lb = data.LoadBalancerDescriptions[i]; | |
| for (i in lb.ListenerDescriptions) { | |
| var lbld = lb.ListenerDescriptions[i]; | |
| // Only add LBs handling SSL connections | |
| if (lbld.Listener.Protocol = 'HTTPS' && lbld.PolicyNames.length > 0) { | |
| var params = { | |
| LoadBalancerName: lb.LoadBalancerName, | |
| PolicyNames: [ | |
| lbld.PolicyNames[0] | |
| ] | |
| } | |
| paramArray.push(params); | |
| } | |
| } | |
| } | |
| // Now make queries for each LB | |
| async.eachSeries(paramArray, function(param, done){ | |
| elb.describeLoadBalancerPolicies(param, function(err, data){ | |
| if(err) { | |
| console.log(err); | |
| done(); | |
| } else { | |
| for (i in data.PolicyDescriptions[0].PolicyAttributeDescriptions) { | |
| if (data.PolicyDescriptions[0].PolicyAttributeDescriptions[i].AttributeName == 'Protocol-SSLv3') { | |
| if (data.PolicyDescriptions[0].PolicyAttributeDescriptions[i].AttributeValue == 'true') { | |
| console.log('WARNING: ' + param.LoadBalancerName + ' supports SSLv3'); | |
| } else { | |
| console.log('OK: ' + param.LoadBalancerName + ' does not support SSLv3'); | |
| } | |
| } | |
| } | |
| done(); | |
| } | |
| }); | |
| }, function(err){ | |
| if (err) { | |
| callback(err); | |
| } else { | |
| callback(null, 'Finished'); | |
| } | |
| }); | |
| } else { | |
| callback('unexpected return data'); | |
| } | |
| }); | |
| } | |
| run(function(err, data){ | |
| if (err) { | |
| console.log(err); | |
| } else { | |
| console.log(data); | |
| } | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment