Last active
January 10, 2023 11:34
-
-
Save luongvo/f5010481be2b79b7f10abedc316aaa87 to your computer and use it in GitHub Desktop.
SSL Pinning - Public key getting script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| certs=`openssl s_client -servername $1 -host $1 -port 443 -showcerts </dev/null 2>/dev/null | sed -n '/Certificate chain/,/Server certificate/p'` | |
| rest=$certs | |
| while [[ "$rest" =~ '-----BEGIN CERTIFICATE-----' ]] | |
| do | |
| cert="${rest%%-----END CERTIFICATE-----*}-----END CERTIFICATE-----" | |
| rest=${rest#*-----END CERTIFICATE-----} | |
| echo `echo "$cert" | grep 's:' | sed 's/.*s:\(.*\)/\1/'` | |
| echo "$cert" | openssl x509 -pubkey -noout | | |
| openssl rsa -pubin -outform der 2>/dev/null | | |
| openssl dgst -sha256 -binary | openssl enc -base64 | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This script works perfectly and returns the pin data of all the certificates returned by the server. I matched the results with the report from https://www.ssllabs.com/ssltest