From a536a918ef83480c02a2a57dcd7fbfe947d9dacb Mon Sep 17 00:00:00 2001 From: Bobby Iliev Date: Thu, 4 Jun 2020 14:49:34 +0000 Subject: [PATCH] Some minor output updates --- README.md | 58 +++++++++++++++++++++- ssl | 142 ++++++++++++++++++++++++++++++++++++------------------ 2 files changed, 152 insertions(+), 48 deletions(-) diff --git a/README.md b/README.md index df83ddc..61a42e3 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,62 @@ # bash-ssl-checker-tool -This is a very simple bash script that you could use to gain general information for the SSL certificate of a certain domain name. It is based on the functionality of the popular https://sslshopper.com website, but it's a command line tool. +Very simple bash script which you could use to gain general information for the SSL certificate of a certain domain name. + +It is based on the functionality of the popular https://sslshopper.com website, but it's a command line tool. The script has been tested on CentOS, Ubuntu, Mint and Debian. +The script provides you with the following information: + +* The domain name that the SSL certificate has been issued for +* The number of days the SSL certificate expires in: +* The dates when the certificate was issued on and expieres on +* The certificate has been issued by: +* Supported TLS versions +* Certificate Fingerprint + +Usage: + +In order to use the script just download the ssl file, make it executable and run it: + +``` +wget https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl +chmod +x ssl +./ssl yourdomain.com +``` + +Output: + +The output that you would get will look like this: + +``` +The bobbyiliev.com domain name seems valid + +# The SSL certificate has been issued for: +Domain: CN = bobbyiliev.com +---- + +# The SSL certificate expires in: +90 days +---- + +# Dates: +Issued On: Jun 4 09:05:19 2020 GMT +Expires On: Sep 2 09:05:19 2020 GMT +---- + +# The certificate has been issued by: +Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 +---- + +# TLS supported: +| TLSv1.0: +| TLSv1.1: +| TLSv1.2: +---- + +# Fingerprint: +SHA1 Fingerprint=C1:E1:6C:46:8A:74:94:14:00:94:88:B9:4B:2B:C5:90:79:DE:72:64 +---- +``` + Note: You need to have 'openssl' installed. diff --git a/ssl b/ssl index 559335e..2d979fe 100644 --- a/ssl +++ b/ssl @@ -1,71 +1,119 @@ #!/bin/bash -# Gain some basic information about your SSL certificate +## +# Script which let's you gather some basic information about your SSL certificate +## -# Make sure that you have openssl installed +## +# Colors +## +green='\e[32m' +blue='\e[34m' +clear='\e[0m' +orange='\e[33m' +red='\e[31m' -# Check if there is an input -if [[ $1 ]]; then - validation=$(host $1) +## +# Color Functions +## + +ColorGreen(){ + echo -ne $green$1$clear +} +ColorBlue(){ + echo -ne $blue$1$clear +} +ColorRed(){ + echo -ne $red$1$clear +} +ColorOrange(){ + echo -ne $orange$1$clear +} + +## +# Make sure that openssl is installed +## +if ! [ -x "$(command -v openssl)" ] ; then + echo "The openssl command is required! Please install it and then try again" + exit 1 fi -# Check if domain is valid -if [[ $validation == *"NXDOMAIN"* ]]; then - echo "Please enter a valid domain"; - exit 0 +## +# Check if there is an input +## +if [[ $1 ]]; then + host $1 > /dev/null + if [ $? -eq 0 ]; then + echo -ne "The $(ColorGreen $1 ) domain name seems valid + +" + else + echo -ne "Could not resolve the $(ColorGreen ${1}) domain name... + +" + exit 1 + fi fi case $1 in -# Sample Usage +# Usage example help) - echo "Usage: -ssl domain.com" + echo -ne "Usage: +$(ColorGreen './ssl domain.com') +" exit 1 ;; "") - echo "Usage: -ssl domain.com" + echo -ne "Usage: +$(ColorGreen './ssl domain.com') +" exit 1 ;; -# If the domain is valid run the following: *) - today=$(date +%F) - expires=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep 'notAfter' | sed 's/notAfter=//') - #echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates + today=$(date +%F) + expires=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep 'notAfter' | sed 's/notAfter=//') + #echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates - echo '# The SSL certificate has been issued for: ' - echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -subject | sed 's/subject=/Domain: /' - #echo | openssl s_client -servername www.$1 -connect www.$1:443 2>/dev/null | openssl x509 -noout -subject - echo '----' + echo -ne "$(ColorRed '#') $(ColorGreen 'The SSL certificate has been issued for:')" + echo '' + echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -subject | sed 's/subject=/Domain: /' + #echo | openssl s_client -servername www.$1 -connect www.$1:443 2>/dev/null | openssl x509 -noout -subject + echo '----' - echo '' - echo '# The SSL certificate expires in: ' - echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days - echo '----' + echo '' + echo -ne "$(ColorRed '#') $(ColorGreen 'The SSL certificate expires in:')" + echo '' + echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days + echo '----' - echo '' - echo '# Dates: ' - echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued On: /' - echo '----' + echo '' + echo -ne "$(ColorRed '#') $(ColorGreen 'Dates:')" + echo '' + echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued On: /' + echo '----' - echo '' - echo '# The certificate has been issued by: ' - echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -issuer | sed 's/issuer=/Issuer: /' - echo '----' + echo '' + echo -ne "$(ColorRed '#') $(ColorGreen 'The certificate has been issued by:')" + echo '' + echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -issuer | sed 's/issuer=/Issuer: /' + echo '----' - echo '' - echo '# TLS supported: ' - nmap --script ssl-enum-ciphers -p 443 $1 | grep ':' | grep -i tls - echo '----' + echo '' + echo -ne "$(ColorRed '#') $(ColorGreen 'TLS supported:')" + echo '' + nmap --script ssl-enum-ciphers -p 443 $1 | grep ':' | grep -i tls + echo '----' - echo '' - echo '# Fingerprint: ' - echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -fingerprint - echo '----' + echo '' + echo -ne "$(ColorRed '#') $(ColorGreen 'Fingerprint:')" + echo '' + echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -fingerprint + echo '----' + + #echo '' + #echo -ne "$(ColorRed '#') $(ColorGreen 'Decode')" + #echo '' + #echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -text + #echo '#################' - #echo '' - #echo '##### Decode: ' - #echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -text - #echo '#################' - esac