heartbleed bug vulnerabilities scaner

1. #!/usr/local/bin/perl
2. #####################################################
3. #                                                   #
4. # Built to check for heartbleed bug vulnerabilities #
5. # Author: Andrew Speer                              #
6. # Date: 20140408                                    #
7. # Desc: Scans hosts which respond on common SSL     #
8. #       ports (443, 8443) for Heartbeat.            #
9. #                                                   #
10. #####################################################
11.  
12. use strict;
13. use warnings;
14. use Getopt::Std;
15. use NetAddr::IP;
16.  
17. my @ips;
18. my $date = `date`;
19. chomp ($date);
20. my $fn;
21. my @networks;
22. my @ports = ('443', '8443');
23. my $timeout;
24. my %args;
25. # -i ip address(s) to scan seperated by commas
26. # -n network(s) to scan seperated by commas
27. # -p port(s) to scan seperated by commas
28. # -t timeout in seconds for server to respond
29. # -o output filename
30. # -h help
31. getopts('i:n:p:t:o:h', \%args);
32.  
33. if ($args{h}){
34.   print "\nUsage of this tool:
35.  
36. # -i ip address(s)\/hostnames(s) to scan seperated by commas
37. # -n network(s) CIDR to scan seperated by commas
38. # -p port(s) to scan seperated by commas
39. # -t timeout in seconds for server to respond
40. # -o output filename
41. # -h help\n";
42. }
43. if ($args{i}){ @ips = split(',',$args{i}); }
44. if ($args{n}){ @networks = split(',', $args{n}); }
45. if ($args{p}){ @ports = split(',', $args{p}); }
46. if ($args{o}){
47.   $fn = $args{o};
48.   open (LOG,'>>',$fn) || die "Can't Open File: $fn\n";;
49.   print LOG "$date\n";
50. }
51. if ($args{t}){ $timeout = $args{t}; }
52. else{ $timeout = 2; }
53.  
54. if (@networks){
55.   foreach my $network (@networks){
56.     my $net = NetAddr::IP->new($network);
57.     my @hosts = $net->hostenum;
58.     for my $ip (@hosts) {
59.       push (@ips, $ip->addr);
60. }}}
61.  
62. if (@ips){
63.   foreach my $ip (@ips){
64.     foreach my $port (@ports){
65.       my $nmap = `nmap -p$port $ip 2>&1| grep open`;
66.       if ($nmap =~ "open"){
67.         my $return = `timeout $timeout openssl s_client -connect $ip:$port -tlsextdebug 2>&1| grep 'TLS server extension "heartbeat"'`;
68.         if ($return){
69.           my $hostname = `host $ip 2>&1`;
70.           chomp $hostname;
71.           print "$ip: Vulnerable  -  $hostname\n";
72.           if ($args{o}){
73.             print LOG "$ip: Vulnerable  -  $hostname\n";
74.           }
75.         }
76.         else{
77.           print "$ip: Not Vulnerable\n";
78.           if ($args{o}){
79.             print LOG "$ip: Not Vulnerable\n";}
80.           }
81. }}}}
82. if ($args{o}){ close (LOG); }