Some minor output updates
This commit is contained in:
parent
e3c56d99cb
commit
a536a918ef
2 changed files with 152 additions and 48 deletions
58
README.md
58
README.md
|
@ -1,6 +1,62 @@
|
|||
# bash-ssl-checker-tool
|
||||
This is a very simple bash script that you could use to gain general information for the SSL certificate of a certain domain name. It is based on the functionality of the popular https://sslshopper.com website, but it's a command line tool.
|
||||
Very simple bash script which you could use to gain general information for the SSL certificate of a certain domain name.
|
||||
|
||||
It is based on the functionality of the popular https://sslshopper.com website, but it's a command line tool.
|
||||
|
||||
The script has been tested on CentOS, Ubuntu, Mint and Debian.
|
||||
|
||||
The script provides you with the following information:
|
||||
|
||||
* The domain name that the SSL certificate has been issued for
|
||||
* The number of days the SSL certificate expires in:
|
||||
* The dates when the certificate was issued on and expieres on
|
||||
* The certificate has been issued by:
|
||||
* Supported TLS versions
|
||||
* Certificate Fingerprint
|
||||
|
||||
Usage:
|
||||
|
||||
In order to use the script just download the ssl file, make it executable and run it:
|
||||
|
||||
```
|
||||
wget https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl
|
||||
chmod +x ssl
|
||||
./ssl yourdomain.com
|
||||
```
|
||||
|
||||
Output:
|
||||
|
||||
The output that you would get will look like this:
|
||||
|
||||
```
|
||||
The bobbyiliev.com domain name seems valid
|
||||
|
||||
# The SSL certificate has been issued for:
|
||||
Domain: CN = bobbyiliev.com
|
||||
----
|
||||
|
||||
# The SSL certificate expires in:
|
||||
90 days
|
||||
----
|
||||
|
||||
# Dates:
|
||||
Issued On: Jun 4 09:05:19 2020 GMT
|
||||
Expires On: Sep 2 09:05:19 2020 GMT
|
||||
----
|
||||
|
||||
# The certificate has been issued by:
|
||||
Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
|
||||
----
|
||||
|
||||
# TLS supported:
|
||||
| TLSv1.0:
|
||||
| TLSv1.1:
|
||||
| TLSv1.2:
|
||||
----
|
||||
|
||||
# Fingerprint:
|
||||
SHA1 Fingerprint=C1:E1:6C:46:8A:74:94:14:00:94:88:B9:4B:2B:C5:90:79:DE:72:64
|
||||
----
|
||||
```
|
||||
|
||||
Note: You need to have 'openssl' installed.
|
||||
|
|
140
ssl
140
ssl
|
@ -1,71 +1,119 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Gain some basic information about your SSL certificate
|
||||
##
|
||||
# Script which let's you gather some basic information about your SSL certificate
|
||||
##
|
||||
|
||||
# Make sure that you have openssl installed
|
||||
##
|
||||
# Colors
|
||||
##
|
||||
green='\e[32m'
|
||||
blue='\e[34m'
|
||||
clear='\e[0m'
|
||||
orange='\e[33m'
|
||||
red='\e[31m'
|
||||
|
||||
# Check if there is an input
|
||||
if [[ $1 ]]; then
|
||||
validation=$(host $1)
|
||||
##
|
||||
# Color Functions
|
||||
##
|
||||
|
||||
ColorGreen(){
|
||||
echo -ne $green$1$clear
|
||||
}
|
||||
ColorBlue(){
|
||||
echo -ne $blue$1$clear
|
||||
}
|
||||
ColorRed(){
|
||||
echo -ne $red$1$clear
|
||||
}
|
||||
ColorOrange(){
|
||||
echo -ne $orange$1$clear
|
||||
}
|
||||
|
||||
##
|
||||
# Make sure that openssl is installed
|
||||
##
|
||||
if ! [ -x "$(command -v openssl)" ] ; then
|
||||
echo "The openssl command is required! Please install it and then try again"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Check if domain is valid
|
||||
if [[ $validation == *"NXDOMAIN"* ]]; then
|
||||
echo "Please enter a valid domain";
|
||||
exit 0
|
||||
##
|
||||
# Check if there is an input
|
||||
##
|
||||
if [[ $1 ]]; then
|
||||
host $1 > /dev/null
|
||||
if [ $? -eq 0 ]; then
|
||||
echo -ne "The $(ColorGreen $1 ) domain name seems valid
|
||||
|
||||
"
|
||||
else
|
||||
echo -ne "Could not resolve the $(ColorGreen ${1}) domain name...
|
||||
|
||||
"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
case $1 in
|
||||
# Sample Usage
|
||||
# Usage example
|
||||
help)
|
||||
echo "Usage:
|
||||
ssl domain.com"
|
||||
echo -ne "Usage:
|
||||
$(ColorGreen './ssl domain.com')
|
||||
"
|
||||
exit 1
|
||||
;;
|
||||
"")
|
||||
echo "Usage:
|
||||
ssl domain.com"
|
||||
echo -ne "Usage:
|
||||
$(ColorGreen './ssl domain.com')
|
||||
"
|
||||
exit 1
|
||||
;;
|
||||
# If the domain is valid run the following:
|
||||
*)
|
||||
today=$(date +%F)
|
||||
expires=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep 'notAfter' | sed 's/notAfter=//')
|
||||
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates
|
||||
today=$(date +%F)
|
||||
expires=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep 'notAfter' | sed 's/notAfter=//')
|
||||
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates
|
||||
|
||||
echo '# The SSL certificate has been issued for: '
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -subject | sed 's/subject=/Domain: /'
|
||||
#echo | openssl s_client -servername www.$1 -connect www.$1:443 2>/dev/null | openssl x509 -noout -subject
|
||||
echo '----'
|
||||
echo -ne "$(ColorRed '#') $(ColorGreen 'The SSL certificate has been issued for:')"
|
||||
echo ''
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -subject | sed 's/subject=/Domain: /'
|
||||
#echo | openssl s_client -servername www.$1 -connect www.$1:443 2>/dev/null | openssl x509 -noout -subject
|
||||
echo '----'
|
||||
|
||||
echo ''
|
||||
echo '# The SSL certificate expires in: '
|
||||
echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
|
||||
echo '----'
|
||||
echo ''
|
||||
echo -ne "$(ColorRed '#') $(ColorGreen 'The SSL certificate expires in:')"
|
||||
echo ''
|
||||
echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
|
||||
echo '----'
|
||||
|
||||
echo ''
|
||||
echo '# Dates: '
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued On: /'
|
||||
echo '----'
|
||||
echo ''
|
||||
echo -ne "$(ColorRed '#') $(ColorGreen 'Dates:')"
|
||||
echo ''
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued On: /'
|
||||
echo '----'
|
||||
|
||||
echo ''
|
||||
echo '# The certificate has been issued by: '
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -issuer | sed 's/issuer=/Issuer: /'
|
||||
echo '----'
|
||||
echo ''
|
||||
echo -ne "$(ColorRed '#') $(ColorGreen 'The certificate has been issued by:')"
|
||||
echo ''
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -issuer | sed 's/issuer=/Issuer: /'
|
||||
echo '----'
|
||||
|
||||
echo ''
|
||||
echo '# TLS supported: '
|
||||
nmap --script ssl-enum-ciphers -p 443 $1 | grep ':' | grep -i tls
|
||||
echo '----'
|
||||
echo ''
|
||||
echo -ne "$(ColorRed '#') $(ColorGreen 'TLS supported:')"
|
||||
echo ''
|
||||
nmap --script ssl-enum-ciphers -p 443 $1 | grep ':' | grep -i tls
|
||||
echo '----'
|
||||
|
||||
echo ''
|
||||
echo '# Fingerprint: '
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -fingerprint
|
||||
echo '----'
|
||||
echo ''
|
||||
echo -ne "$(ColorRed '#') $(ColorGreen 'Fingerprint:')"
|
||||
echo ''
|
||||
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -fingerprint
|
||||
echo '----'
|
||||
|
||||
#echo ''
|
||||
#echo '##### Decode: '
|
||||
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -text
|
||||
#echo '#################'
|
||||
#echo ''
|
||||
#echo -ne "$(ColorRed '#') $(ColorGreen 'Decode')"
|
||||
#echo ''
|
||||
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -text
|
||||
#echo '#################'
|
||||
|
||||
esac
|
||||
|
|
Loading…
Reference in a new issue