Weak SSL/TLS tester for bash
| #!/bin/bash | |
| BLUE='\033[0;36m' | |
| RED='\033[0;31m' | |
| NC='\033[0m' # No Color | |
| #based in OWASP wiki | |
| if [[ -z "$1" || -z "$2" ]]; then | |
| echo "./tls.sh host directory" | |
| else | |
| mkdir $2 | |
| cd $2 | |
| echo -e "${BLUE}Checking for Client-initiated Renegotiation and Secure Renegotiation via openssl...${NC}" | |
| openssl s_client -connect $1:443 > negotiations | |
| if grep -q 'Secure Renegotiation IS NOT supported' "negotiations"; then | |
| echo -e "${RED}Secure Renegotiation IS NOT supported.${NC}" | |
| else | |
| echo -e "${BLUE}Certificate validity ensured.${NC}" | |
| fi | |
| echo -e "${BLUE}Checking for Certificate information, Weak Ciphers and SSLv2 via nmap...${NC}" | |
| nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 $1 > ciphernmap | |
| if grep -q SSLv2 "ciphernmap"; then | |
| echo -e "${RED}Weak protocol found (SSLv2).${NC}" | |
| else | |
| echo -e "${BLUE}No weak protocol found.${NC}" | |
| fi | |
| echo -e "${BLUE}SSL service recognition via nmap...${NC}" | |
| nmap -sV --reason -PN -n --top-ports 100 $1 > nmapsslservice | |
| echo -e "${BLUE}Done.${NC}" | |
| echo -e "${RED}Don't forget to manually check the files created in case of doubt. Check OWASP wiki for more information.${NC}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment