Last active
June 26, 2022 18:57
-
-
Save terceranexus6/420cf35fdcbb87633c7aa8a5731ef26f to your computer and use it in GitHub Desktop.
Weak SSL/TLS tester for bash
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BLUE='\033[0;36m' | |
| RED='\033[0;31m' | |
| NC='\033[0m' # No Color | |
| #based in OWASP wiki | |
| if [[ -z "$1" || -z "$2" ]]; then | |
| echo "./tls.sh host directory" | |
| else | |
| mkdir $2 | |
| cd $2 | |
| echo -e "${BLUE}Checking for Client-initiated Renegotiation and Secure Renegotiation via openssl...${NC}" | |
| openssl s_client -connect $1:443 > negotiations | |
| if grep -q 'Secure Renegotiation IS NOT supported' "negotiations"; then | |
| echo -e "${RED}Secure Renegotiation IS NOT supported.${NC}" | |
| else | |
| echo -e "${BLUE}Certificate validity ensured.${NC}" | |
| fi | |
| echo -e "${BLUE}Checking for Certificate information, Weak Ciphers and SSLv2 via nmap...${NC}" | |
| nmap --script ssl-cert,ssl-enum-ciphers -p 443,465,993,995 $1 > ciphernmap | |
| if grep -q SSLv2 "ciphernmap"; then | |
| echo -e "${RED}Weak protocol found (SSLv2).${NC}" | |
| else | |
| echo -e "${BLUE}No weak protocol found.${NC}" | |
| fi | |
| echo -e "${BLUE}SSL service recognition via nmap...${NC}" | |
| nmap -sV --reason -PN -n --top-ports 100 $1 > nmapsslservice | |
| echo -e "${BLUE}Done.${NC}" | |
| echo -e "${RED}Don't forget to manually check the files created in case of doubt. Check OWASP wiki for more information.${NC}" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment