check_freak.sh

#!/usr/bin/env bash

# check_freak.sh
# (c) 2015 Martin Seener

# Simple script which checks SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)
# It will output if the checked host is vulnerable and returns the right exit code
# so it can also be used as a nagios check!

PROGNAME=$(basename $0)
VERSION="v0.1"
AUTHOR="2015, Martin Seener (martin@seener.de)"
TIMEOUT=3

print_help() {
  echo ""
  echo "$PROGNAME is a small shell script which checks remote SSL/TLS services for the FREAK vulnerability (CVE 2015-0204)"
  echo "It will return if the service is vulnerable or not and exit with 0 (OK) or 2 (CRIT) so it can be used as"
  echo "a nagios check too"
  echo ""
  echo "Usage: $0 <IP or Hostname> <port>"
  echo "Example: $0 www.google.com 443"
  echo ""
}

initialize() {
  if [ -z "$1" ]; then
    echo "The Hostname/IP Argument is missing!"
    echo ""
    print_help
    exit 3
  fi
  if [[ ! $2 =~ ^[0-9]+$ ]] || [ $2 -eq 0 ] || [ $2 -gt 65535 ] ; then
    echo "The Port argument must be a positive integer value starting at 1 up to 65535"
    echo ""
    print_help
    exit 3
  fi
  OPENSSL=$(which openssl)
  if [ "$OPENSSL" == "" ]; then
    echo "Cannot find openssl! Aborting!"
    echo ""
    print_help
    exit 3
  fi
}

check_freak() {
  # Get the information
  CHK=$(timeout ${TIMEOUT} $OPENSSL s_client -host $1 -port $2 -cipher EXPORT < /dev/null 2>/dev/null)
  # Check if there is an export cipher
  echo $CHK | grep "Cipher is EXP" > /dev/null
}

case "$1" in
  --help|-h)
    print_help
    exit 3;;
  *)
    ;;
esac

# Initialize
initialize $1 $2

# Do the check
check_freak $1 $2

# Return the result
if [ $? -eq 1 ]; then
  echo "OK - The Service at $1 on port $2 is NOT vulnerable to FREAK (CVE 2015-0204)"
  exit 0
else
  echo "CRITICAL - The Service at $1 on port $2 IS PROBABLY VULNERABLE to FREAK (CVE 2015-0204)"
  exit 2
fi