Skip to content

Instantly share code, notes, and snippets.

@markz0r markz0r/buggy.sh
Created Sep 17, 2019

Embed
What would you like to do?
#!/bin/bash
# chain_collector.sh [domain] [port]
# output to stdout
if [ $# -ne 2 ]; then
echo "USAGE: chain_collector.sh [domain] [port]"
exit 1
fi
SOURCE="${BASH_SOURCE[0]}"
while [ -h "$SOURCE" ]; do # resolve $SOURCE until the file is no longer a symlink
DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
SOURCE="$(readlink "$SOURCE")"
[[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE" # if $SOURCE was a relative symlink, we need to resolve it relative to the path where the symlink file was located
done
DIR="$( cd -P "$( dirname "$SOURCE" )" && pwd )"
echo "WORKING DIR OF SCRIPT: ${DIR}"
SERVER= $1:$2
TFILE="/tmp/$(basename $0).$$.tmp"
OUTPUT_DIR="${DIR}/${1}_${2}"
if [ -d $OUTPUT_DIR ]; then
rm -rf $OUTPUT_DIR
fi
mkdir $OUTPUT_DIR
openssl s_client -showcerts -servername $1 -connect $SERVER 2>/dev/null </dev/null > $TFILE
awk 'BEGIN {c=0;} /BEGIN CERT/{c++} { print > "tmpcert." c ".pem"}' < $TFILE
i=1
for X in tmpcert.*.pem; do
if openssl x509 -noout -in $X 2>/dev/null ; then
echo "#############################"
cn=$(openssl x509 -noout -subject -in $X | sed -e 's#.*CN=\(\)#\1#')
echo CN: $cn
cp $X $OUTPUT_DIR/${cn// /_}.$((i-1)).pem
cert_expiry_date=$(openssl x509 -noout -enddate -in $X \
| awk -F= ' /notAfter/ { printf("%s\n",$NF); } ')
seconds_until_expiry=$(echo "$(date --date="$cert_expiry_date" +%s) - $(date +%s)" |bc)
days_until_expiry=$(echo "$seconds_until_expiry/(60*60*24)" |bc)
echo Days until expiry: $days_until_expiry
echo $(openssl x509 -noout -text -in $X | grep -m1 "Signature Algorithm:" | head)
echo $(openssl x509 -noout -issuer -in $X)
if [ -a tmpcert.$i.pem ]; then
echo Parent: $(openssl x509 -noout -subject -in tmpcert.$i.pem | sed -e 's#.*CN=\(\)#\1#')
echo Parent Valid? $(openssl verify -verbose -CAfile tmpcert.$i.pem $X)
else
echo "Parent Valid? This is the trust anchor"
fi
echo "#############################"
if
((i++))
done
rm -f tmpcert.*.pem $TFILE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.