Some minor output updates

This commit is contained in:
Bobby Iliev 2020-06-04 14:49:34 +00:00
parent e3c56d99cb
commit a536a918ef
2 changed files with 152 additions and 48 deletions

View file

@ -1,6 +1,62 @@
# bash-ssl-checker-tool
This is a very simple bash script that you could use to gain general information for the SSL certificate of a certain domain name. It is based on the functionality of the popular https://sslshopper.com website, but it's a command line tool.
Very simple bash script which you could use to gain general information for the SSL certificate of a certain domain name.
It is based on the functionality of the popular https://sslshopper.com website, but it's a command line tool.
The script has been tested on CentOS, Ubuntu, Mint and Debian.
The script provides you with the following information:
* The domain name that the SSL certificate has been issued for
* The number of days the SSL certificate expires in:
* The dates when the certificate was issued on and expieres on
* The certificate has been issued by:
* Supported TLS versions
* Certificate Fingerprint
Usage:
In order to use the script just download the ssl file, make it executable and run it:
```
wget https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl
chmod +x ssl
./ssl yourdomain.com
```
Output:
The output that you would get will look like this:
```
The bobbyiliev.com domain name seems valid
# The SSL certificate has been issued for:
Domain: CN = bobbyiliev.com
----
# The SSL certificate expires in:
90 days
----
# Dates:
Issued On: Jun 4 09:05:19 2020 GMT
Expires On: Sep 2 09:05:19 2020 GMT
----
# The certificate has been issued by:
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
----
# TLS supported:
| TLSv1.0:
| TLSv1.1:
| TLSv1.2:
----
# Fingerprint:
SHA1 Fingerprint=C1:E1:6C:46:8A:74:94:14:00:94:88:B9:4B:2B:C5:90:79:DE:72:64
----
```
Note: You need to have 'openssl' installed.

92
ssl
View file

@ -1,70 +1,118 @@
#!/bin/bash
# Gain some basic information about your SSL certificate
##
# Script which let's you gather some basic information about your SSL certificate
##
# Make sure that you have openssl installed
##
# Colors
##
green='\e[32m'
blue='\e[34m'
clear='\e[0m'
orange='\e[33m'
red='\e[31m'
# Check if there is an input
if [[ $1 ]]; then
validation=$(host $1)
##
# Color Functions
##
ColorGreen(){
echo -ne $green$1$clear
}
ColorBlue(){
echo -ne $blue$1$clear
}
ColorRed(){
echo -ne $red$1$clear
}
ColorOrange(){
echo -ne $orange$1$clear
}
##
# Make sure that openssl is installed
##
if ! [ -x "$(command -v openssl)" ] ; then
echo "The openssl command is required! Please install it and then try again"
exit 1
fi
# Check if domain is valid
if [[ $validation == *"NXDOMAIN"* ]]; then
echo "Please enter a valid domain";
exit 0
##
# Check if there is an input
##
if [[ $1 ]]; then
host $1 > /dev/null
if [ $? -eq 0 ]; then
echo -ne "The $(ColorGreen $1 ) domain name seems valid
"
else
echo -ne "Could not resolve the $(ColorGreen ${1}) domain name...
"
exit 1
fi
fi
case $1 in
# Sample Usage
# Usage example
help)
echo "Usage:
ssl domain.com"
echo -ne "Usage:
$(ColorGreen './ssl domain.com')
"
exit 1
;;
"")
echo "Usage:
ssl domain.com"
echo -ne "Usage:
$(ColorGreen './ssl domain.com')
"
exit 1
;;
# If the domain is valid run the following:
*)
today=$(date +%F)
expires=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep 'notAfter' | sed 's/notAfter=//')
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates
echo '# The SSL certificate has been issued for: '
echo -ne "$(ColorRed '#') $(ColorGreen 'The SSL certificate has been issued for:')"
echo ''
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -subject | sed 's/subject=/Domain: /'
#echo | openssl s_client -servername www.$1 -connect www.$1:443 2>/dev/null | openssl x509 -noout -subject
echo '----'
echo ''
echo '# The SSL certificate expires in: '
echo -ne "$(ColorRed '#') $(ColorGreen 'The SSL certificate expires in:')"
echo ''
echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
echo '----'
echo ''
echo '# Dates: '
echo -ne "$(ColorRed '#') $(ColorGreen 'Dates:')"
echo ''
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued On: /'
echo '----'
echo ''
echo '# The certificate has been issued by: '
echo -ne "$(ColorRed '#') $(ColorGreen 'The certificate has been issued by:')"
echo ''
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -issuer | sed 's/issuer=/Issuer: /'
echo '----'
echo ''
echo '# TLS supported: '
echo -ne "$(ColorRed '#') $(ColorGreen 'TLS supported:')"
echo ''
nmap --script ssl-enum-ciphers -p 443 $1 | grep ':' | grep -i tls
echo '----'
echo ''
echo '# Fingerprint: '
echo -ne "$(ColorRed '#') $(ColorGreen 'Fingerprint:')"
echo ''
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -fingerprint
echo '----'
#echo ''
#echo '##### Decode: '
#echo -ne "$(ColorRed '#') $(ColorGreen 'Decode')"
#echo ''
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -text
#echo '#################'