jgraham909/checktls.sh

## checktls.sh
#!/bin/bash

RED='\e[31m'
GREEN='\e[32m'
YELLOW='\e[33m'
BLUE='\e[34m'
NC='\e[0m'
FAIL="${RED}  FAIL: ${NC}"
PASS="${GREEN}  PASS: ${NC}"

echo "Testing $1";
# domain=${1%%/*};
# echo "domain: $domain";

# check if http redirects to https
redirect=`curl -Ls -o /dev/null -w %{url_effective} http://$1`
if [[ $redirect == https* ]]; then
  echo -e ${PASS}http redirects to https
else
  echo -e ${FAIL}http does NOT redirect to https
fi

# check if https request is 200
# use -S to show error
https=`curl -Ss -o /dev/null -w %{http_code} https://$1;`
if [[ "200" -ne "$https" ]]; then
  echo -e ${FAIL}https NOT functioning properly
else
  echo -e ${PASS}https functioning properly
fi

# check if http includes strict transport headers
strict=`curl -s -D- https://$1 | grep Strict`
if [[ -z "$strict" ]]; then
  echo -e ${FAIL}https is NOT strict
else
  echo -e ${PASS}https is strict
fi

# get headers and check cookies
cookies=$(curl --silent -s --head https://$1 | grep 'Set-Cookie:')
cookieCount=$(echo "$cookies" | grep -c 'Set-Cookie:')
# Naive cookies named *sess*
sessionCookies=$(echo "$cookies" | grep -i 'Set-Cookie: .*sess.*=')
sessionCookieCount=$(echo "$sessionCookies" | grep -c 'Set-Cookie:')
secureCount=$(echo "$cookies" | grep -c 'secure;')
httpOnlyCount=$(echo "$cookies" | grep -c 'HttpOnly')

echo -e "${YELLOW}  Set ${cookieCount} cookies.${NC}"
if (( "$sessionCookieCount" > 0 )); then
  echo '  Assuming the following is/are a session cookie(s)'
  echo -e ${BLUE} ${sessionCookies}${NC}
  if (( "$secureCount" < "$sessionCookieCount" )); then
    echo -e "  ${FAIL}not all suspected session cookies are secure"
  else
    echo -e "  ${PASS}all suspected session cookies are secure"
  fi

  if (( "$httpOnlyCount" < "$sessionCookieCount" )); then
    echo -e "  ${FAIL}not all suspected session cookies are httpOnly"
  else
    echo -e "  ${PASS}all suspected session cookies are httpOnly"
  fi
fi
echo
	#!/bin/bash

	RED='\e[31m'
	GREEN='\e[32m'
	YELLOW='\e[33m'
	BLUE='\e[34m'
	NC='\e[0m'
	FAIL="${RED} FAIL: ${NC}"
	PASS="${GREEN} PASS: ${NC}"

	echo "Testing $1";
	# domain=${1%%/*};
	# echo "domain: $domain";

	# check if http redirects to https
	redirect=`curl -Ls -o /dev/null -w %{url_effective} http://$1`
	if [[ $redirect == https* ]]; then
	echo -e ${PASS}http redirects to https
	else
	echo -e ${FAIL}http does NOT redirect to https
	fi

	# check if https request is 200
	# use -S to show error
	https=`curl -Ss -o /dev/null -w %{http_code} https://$1;`
	if [[ "200" -ne "$https" ]]; then
	echo -e ${FAIL}https NOT functioning properly
	else
	echo -e ${PASS}https functioning properly
	fi

	# check if http includes strict transport headers
	strict=`curl -s -D- https://$1 \| grep Strict`
	if [[ -z "$strict" ]]; then
	echo -e ${FAIL}https is NOT strict
	else
	echo -e ${PASS}https is strict
	fi

	# get headers and check cookies
	cookies=$(curl --silent -s --head https://$1 \| grep 'Set-Cookie:')
	cookieCount=$(echo "$cookies" \| grep -c 'Set-Cookie:')
	# Naive cookies named sess
	sessionCookies=$(echo "$cookies" \| grep -i 'Set-Cookie: .sess.=')
	sessionCookieCount=$(echo "$sessionCookies" \| grep -c 'Set-Cookie:')
	secureCount=$(echo "$cookies" \| grep -c 'secure;')
	httpOnlyCount=$(echo "$cookies" \| grep -c 'HttpOnly')

	echo -e "${YELLOW} Set ${cookieCount} cookies.${NC}"
	if (( "$sessionCookieCount" > 0 )); then
	echo ' Assuming the following is/are a session cookie(s)'
	echo -e ${BLUE} ${sessionCookies}${NC}
	if (( "$secureCount" < "$sessionCookieCount" )); then
	echo -e " ${FAIL}not all suspected session cookies are secure"
	else
	echo -e " ${PASS}all suspected session cookies are secure"
	fi

	if (( "$httpOnlyCount" < "$sessionCookieCount" )); then
	echo -e " ${FAIL}not all suspected session cookies are httpOnly"
	else
	echo -e " ${PASS}all suspected session cookies are httpOnly"
	fi
	fi
	echo