forked from MalwareTech/SpookySSLTools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
openssl_scan.ps1
38 lines (32 loc) · 1.29 KB
/
openssl_scan.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# BEGIN CONFIG
# set to $true to scan all drives
$scan_all_drives = $false
# set the directory to search for OpenSSL libraries in (default: C:\)
# only needed if scanalldrives is $false !
$search_directory = "C:\"
# set to $true to show only OpenSSL version vulnerable to this bug
$only_vulnerable = $false
# END CONFIG
$confirm = Read-Host "This is an example script not meant for production use. To confirm that you understand and accept all responsibility, type: confirm"
if ($confirm -eq "confirm") {
echo "starting scan"
if ($only_vulnerable) {
$regex = "OpenSSL\s*3\.0\.[0-6]"
}else{
$regex = "OpenSSL\s*[0-9]\.[0-9]\.[0-9]"
}
if ($scan_all_drives){
$search_directory = (Get-PSDrive -PSProvider FileSystem).Root
}
# search for any DLLs whose name begins with libcrypto
Get-ChildItem -Path $search_directory -Include libcrypto*.dll,libssl*.dll -File -Recurse -ErrorAction SilentlyContinue | Foreach-Object {
# use RegEx to parse the dll strings for an OpenSSL Version Number
$openssl_version = select-string -Path $_ -Pattern $regex -AllMatches | % { $_.Matches } | % { $_.Value }
if ($openssl_version) {
# Print OpenSSL version number followed by file name
echo "$openssl_version - $_ "
}
}
}else{
echo "aborting"
}