https://github.com/spaze/webleed
We Bleed scanner tools
https://github.com/spaze/webleed
Last synced: about 1 month ago
JSON representation
We Bleed scanner tools
- Host: GitHub
- URL: https://github.com/spaze/webleed
- Owner: spaze
- Created: 2015-02-16T01:40:03.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2016-04-07T20:17:23.000Z (about 9 years ago)
- Last Synced: 2024-12-25T13:41:34.696Z (6 months ago)
- Language: Python
- Size: 55.7 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# We Bleed scanner tools
https://heartbleed.michalspacek.cz/A bit about the project background: http://blog.testomato.com/michal-spacek-we-bleed/
The whole thing has two moving parts:
1. The scanner
2. The website (which is not moving much actually)## The scanner
You can run the back-end part (called the scanner) using the `scan.sh` script.This is what it does:
1. Download a list of IP ranges from RIPE
2. Parse the list for IP addresses for given country (CZ in my case)
3. For every port:
1. Run `masscan` to scan for open ports
2. Parse the result
3. Feed the parsed result to `ssltest.py` to scan for the Heartbleed vulnerability
4. Parse the results
5. Import the results
6. Run a query to generate more queries
7. Run those queries on the website database## The website
Displays just totals from the database, does not hold neither scan data nor list of vulnerable hosts.
Feel free to copy https://heartbleed.michalspacek.cz/ if you wish (including the `highcharts-webleed.js` code), that's fine.
I'll be happy for a link back to my site, but it's not required.## Setting it up
1. Download and compile `masscan` from https://github.com/robertdavidgraham/masscan
2. Clone `ssltest.py` from https://github.com/musalbas/heartbleed-masstest
3. Copy `ip.template` to `ip`, edit it
4. Load `database/scanner.sql` into a PostgreSQL database used for scan data
5. Load `database/website.sql` into a MySQL database used for displaying the charts## Run it
1. Run `scan.sh`
1. `masscan` displays how many hosts it's scanning (`Scanning 5534556 hosts`), copy the number and run `echo 5534556 > data/total`
2. Wait
3. Run `parse.sh`
4. Grab `data.tar.bz2`
5. Extract it
6. Import `data.sql` into a PostgreSQL database
7. Run `generate-query.py `, where
1. `table` is the name of the table where to insert the data for the website, I use `webleed`
2. `start` is the date from `data.tar.bz2` archive
3. `end` is when the scanner has finished the latest scan
8. Run the generated query on the PostgreSQL database
9. Run the resulting queries (one rather complicated `INSERT INTO`) on the website database
10. ...
11. Profit!## List of files in the repository
- `database/scanner.sql` - `CREATE TABLE` queries for scanner, for a PostgreSQL server
- `database/website.sql` - `CREATE TABLE` for the website, for MySQL server
- `resources/*` - icons and such
- `cleanup.sh` - a cleanup script, deletes the logs and generated files, run after the data has been imported into the database
- `exclude.txt` - excludes IP addresses, these networks do not like me
- `generate-query.py` - generates a query which generates another query to be run on the MySQL database
- `ip.template` - copy this to file called `ip` and add the IP address of your scanner, will be just inserted into the database for information purposes does not serve any other purpose
- `parse.sh` - parse the scan results, generate `data*.sql` files
- `parse-data.py` - parses data for one specific port, used by `parse.sh`
- `parse-ripedb.py` - parser for RIPE data file
- `README.md` - this file
- `scan.sh` - downloads the RIPE data, parses it, runs the scanner, aka the glue