70 lines
2 KiB
Bash
70 lines
2 KiB
Bash
#!/bin/bash
|
|
|
|
# Gain some basic information about your SSL certificate
|
|
# Make sure that you have openssl installed
|
|
|
|
# Check if there is an input
|
|
if [[ $1 ]]; then
|
|
validation=$(host $1)
|
|
fi
|
|
|
|
# Check if domain is valid
|
|
if [[ $validation == *"NXDOMAIN"* ]]; then
|
|
echo "Please enter a valid domain";
|
|
exit 0
|
|
fi
|
|
|
|
case $1 in
|
|
# Sample Usage
|
|
help)
|
|
echo "Usage:
|
|
ssl domain.com"
|
|
exit 1
|
|
;;
|
|
"")
|
|
echo "Usage:
|
|
ssl domain.com"
|
|
exit 1
|
|
;;
|
|
# If the domain is valid run the following:
|
|
*)
|
|
today=$(date +%F)
|
|
expires=$(echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | grep 'notAfter' | sed 's/notAfter=//')
|
|
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates
|
|
|
|
echo '# The SSL certificate has been issued for: '
|
|
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -subject | sed 's/subject=/Domain: /'
|
|
#echo | openssl s_client -servername www.$1 -connect www.$1:443 2>/dev/null | openssl x509 -noout -subject
|
|
echo '----'
|
|
|
|
echo ''
|
|
echo '# The SSL certificate expires in: '
|
|
echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
|
|
echo '----'
|
|
|
|
echo ''
|
|
echo '# Dates: '
|
|
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -dates | sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued On: /'
|
|
echo '----'
|
|
|
|
echo ''
|
|
echo '# The certificate has been issued by: '
|
|
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -issuer | sed 's/issuer=/Issuer: /'
|
|
echo '----'
|
|
|
|
echo ''
|
|
echo '# TLS supported: '
|
|
nmap --script ssl-enum-ciphers -p 443 $1 | grep ':' | grep -i tls
|
|
echo '----'
|
|
|
|
echo ''
|
|
echo '# Fingerprint: '
|
|
echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -fingerprint
|
|
echo '----'
|
|
|
|
#echo ''
|
|
#echo '##### Decode: '
|
|
#echo | openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -text
|
|
#echo '#################'
|
|
|
|
esac
|