Skip to content

Instantly share code, notes, and snippets.

@jhochwald
Created November 2, 2022 11:56
Show Gist options
  • Save jhochwald/b62dc7831bf001ff9138abc910719103 to your computer and use it in GitHub Desktop.
Save jhochwald/b62dc7831bf001ff9138abc910719103 to your computer and use it in GitHub Desktop.
<#
.SYNOPSIS
Scan for CVE-2022-3602 vulnerable versions of OpenSSL
.DESCRIPTION
Scan for CVE-2022-3602 vulnerable versions of OpenSSL
.PARAMETER All
Scan for all versions or just for vulnerable versions of OpenSSL
.EXAMPLE
PS C:\> .\Invoke-ScanForCVE20223602.ps1
.NOTES
Additional information about the file.
#>
[CmdletBinding(ConfirmImpact = 'Low')]
[OutputType([string])]
param
(
[Parameter(ValueFromPipeline,
ValueFromPipelineByPropertyName)]
[Alias('AllVersions', 'ScanAll')]
[bool]
$All = $false
)
begin
{
if ($All -eq $true)
{
# All Versions
$OpensslRegex = 'OpenSSL\s*[0-9]\.[0-9]\.[0-9]'
}
else
{
# Scan for vulnerable versions only?
$OpensslRegex = 'OpenSSL\s*3\.0\.[0-6]'
}
}
process
{
# Get all Drives
$AllDrives = ((Get-PSDrive -PSProvider FileSystem).Root)
foreach ($DriveToScan in $AllDrives)
{
Write-Output -InputObject ('Start Scan on {1} on {0}' -f $env:COMPUTERNAME, $DriveToScan)
try
{
Get-ChildItem -Path $DriveToScan -Include libcrypto*.dll, libssl*.dll -File -Recurse -ErrorAction SilentlyContinue | ForEach-Object -Process {
# use RegEx to parse the dll strings for an OpenSSL Version Number
$OpensslVersion = (Select-String -Path $_ -Pattern $OpensslRegex -AllMatches | ForEach-Object -Process {
$_.Matches
} | ForEach-Object -Process {
$_.Value
})
if ($OpensslVersion)
{
# Print OpenSSL version number followed by file name
Write-Warning -Message ('{0} - {1} ' -f $OpensslVersion, $_)
}
}
}
catch
{
$_ | Write-Verbose
}
Write-Output -InputObject ('Done Scan on {1} on {0}' -f $env:COMPUTERNAME, $DriveToScan)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment