Instantly share code, notes, and snippets.

Embed
What would you like to do?
Weak SSL/TLS tester for bash
#!/bin/bash
BLUE='\033[0;36m'
RED='\033[0;31m'
NC='\033[0m' # No Color
#based in OWASP wiki
if [[ -z "$1" || -z "$2" ]]; then
echo "./tls.sh host directory"
else
mkdir $2
cd $2
echo -e "${BLUE}Checking for Client-initiated Renegotiation and Secure Renegotiation via openssl...${NC}"
openssl s_client -connect $1:443 > negotiations
if grep -q 'Secure Renegotiation IS NOT supported' "negotiations"; then
echo -e "${RED}Secure Renegotiation IS NOT supported.${NC}"
else
echo -e "${BLUE}Certificate validity ensured.${NC}"
fi
echo -e "${BLUE}Checking for Certificate information, Weak Ciphers and SSLv2 via nmap...${NC}"
nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 $1 > ciphernmap
if grep -q SSLv2 "ciphernmap"; then
echo -e "${RED}Weak protocol found (SSLv2).${NC}"
else
echo -e "${BLUE}No weak protocol found.${NC}"
fi
echo -e "${BLUE}SSL service recognition via nmap...${NC}"
nmap -sV --reason -PN -n --top-ports 100 $1 > nmapsslservice
echo -e "${BLUE}Done.${NC}"
echo -e "${RED}Don't forget to manually check the files created in case of doubt. Check OWASP wiki for more information.${NC}"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment