Weak SSL/TLS tester for bash
#!/bin/bash | |
BLUE='\033[0;36m' | |
RED='\033[0;31m' | |
NC='\033[0m' # No Color | |
#based in OWASP wiki | |
if [[ -z "$1" || -z "$2" ]]; then | |
echo "./tls.sh host directory" | |
else | |
mkdir $2 | |
cd $2 | |
echo -e "${BLUE}Checking for Client-initiated Renegotiation and Secure Renegotiation via openssl...${NC}" | |
openssl s_client -connect $1:443 > negotiations | |
if grep -q 'Secure Renegotiation IS NOT supported' "negotiations"; then | |
echo -e "${RED}Secure Renegotiation IS NOT supported.${NC}" | |
else | |
echo -e "${BLUE}Certificate validity ensured.${NC}" | |
fi | |
echo -e "${BLUE}Checking for Certificate information, Weak Ciphers and SSLv2 via nmap...${NC}" | |
nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 $1 > ciphernmap | |
if grep -q SSLv2 "ciphernmap"; then | |
echo -e "${RED}Weak protocol found (SSLv2).${NC}" | |
else | |
echo -e "${BLUE}No weak protocol found.${NC}" | |
fi | |
echo -e "${BLUE}SSL service recognition via nmap...${NC}" | |
nmap -sV --reason -PN -n --top-ports 100 $1 > nmapsslservice | |
echo -e "${BLUE}Done.${NC}" | |
echo -e "${RED}Don't forget to manually check the files created in case of doubt. Check OWASP wiki for more information.${NC}" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment