Skip to content

Instantly share code, notes, and snippets.

@matthewdfuller
Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save matthewdfuller/841406c50a04b8f26451 to your computer and use it in GitHub Desktop.
Save matthewdfuller/841406c50a04b8f26451 to your computer and use it in GitHub Desktop.
Queries AWS for all load balancers and iterates through each, checking if they support SSLv3 to protect against POODLE
// Created in response to the POODLE SSLv3 security vulnerability
// To use, node/npm is required, then run:
// npm install aws-sdk
// npm install async
// node awsSSLv3.js
var AWS = require('aws-sdk');
var async = require('async');
var ACCESS_KEY = 'KEY-HERE';
var SECRET_KEY = 'SECRET-HERE';
var REGION = 'us-east-1';
AWS.config.update({accessKeyId: ACCESS_KEY, secretAccessKey: SECRET_KEY, region: REGION});
var run = function(callback){
console.log('Running SSLv3 test');
var elb = new AWS.ELB();
elb.describeLoadBalancers(function(err, data){
if (err) {
callback(err);
return;
}
if (data) {
// Loop through data and collect LB names and policies
var paramArray = [];
for (i in data.LoadBalancerDescriptions) {
var lb = data.LoadBalancerDescriptions[i];
for (i in lb.ListenerDescriptions) {
var lbld = lb.ListenerDescriptions[i];
// Only add LBs handling SSL connections
if (lbld.Listener.Protocol = 'HTTPS' && lbld.PolicyNames.length > 0) {
var params = {
LoadBalancerName: lb.LoadBalancerName,
PolicyNames: [
lbld.PolicyNames[0]
]
}
paramArray.push(params);
}
}
}
// Now make queries for each LB
async.eachSeries(paramArray, function(param, done){
elb.describeLoadBalancerPolicies(param, function(err, data){
if(err) {
console.log(err);
done();
} else {
for (i in data.PolicyDescriptions[0].PolicyAttributeDescriptions) {
if (data.PolicyDescriptions[0].PolicyAttributeDescriptions[i].AttributeName == 'Protocol-SSLv3') {
if (data.PolicyDescriptions[0].PolicyAttributeDescriptions[i].AttributeValue == 'true') {
console.log('WARNING: ' + param.LoadBalancerName + ' supports SSLv3');
} else {
console.log('OK: ' + param.LoadBalancerName + ' does not support SSLv3');
}
}
}
done();
}
});
}, function(err){
if (err) {
callback(err);
} else {
callback(null, 'Finished');
}
});
} else {
callback('unexpected return data');
}
});
}
run(function(err, data){
if (err) {
console.log(err);
} else {
console.log(data);
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment