luisgulo/bash-ssl-checker-tool
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
bash-ssl-checker-tool/ssl
elvischang-lll 3ee7a8f174
ADDED: SANs, show serial#/fingerprints for leaf/intermediaries/root c… (#5) 
* ADDED: SANs, show serial#/fingerprints for leaf/intermediaries/root certificates, added color and general cleanups.

* Modified: serial#s to NOT include colon and also convert to lowercase

* ADDED: OS checks for linux/mac versions for DATE commands.

Co-authored-by: Elvis Chang <elvischang@gmail.com>
2021-01-19 18:24:30 +02:00

156 lines
4.8 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
##
# Script which let's you gather some basic information about your SSL certificate
##
##
# Colors
##
green=$(printf '\e[32m')
blue=$(printf '\e[34m')
clear=$(printf '\e[0m')
orange=$(printf '\e[33m')
red=$(printf '\e[31m')
cyan=$(printf '\e[36m')
##
# Color Functions
##
ColorGreen(){
echo -ne $green$1$clear
}
ColorBlue(){
echo -ne $blue$1$clear
}
ColorRed(){
echo -ne $red$1$clear
}
ColorOrange(){
echo -ne $orange$1$clear
}
ColorCyan(){
echo -ne $cyan$1$clear
}
# Enable Color - ON/Clear
#
ColorGreen(){
echo -ne $green$1$clear
}
ColorBlueON(){
echo -ne $blue
}
ColorRedON(){
echo -ne $red
}
ColorOrangeON(){
echo -ne $orange
}
ColorCyanON(){
echo -ne $cyan
}
ColorClear(){
echo -ne $clear
}
echo -ne "$(ColorRed '---------------------------------------------------------')\n"
##
# Make sure that openssl is installed
##
if ! [ -x "$(command -v openssl)" ] ; then
echo "The openssl command is required! Please install it and then try again"
exit 1
fi
##
# Check if there is an input
##
if [[ $1 ]]; then
host $1 > /dev/null
if [ $? -eq 0 ]; then
echo -e "$(ColorRed '#') $(ColorGreen 'Checking Domain/Hostname:')\n\t$1"
else
echo -e "Error: Could Not Resolve $(ColorGreen ${1}) Domain Name..."
exit 1
fi
fi
case $1 in
# Usage example
help)
echo -ne "Usage:
$(ColorGreen './ssl domain.com')
"
exit 1
;;
"")
echo -ne "Usage:
$(ColorGreen './ssl domain.com')
"
exit 1
;;
*)
today=$(date +%F)
expires=$(echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -dates|grep 'notAfter'|sed 's/notAfter=//')
echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Issued For:')"
echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -subject|sed 's/subject=/Domain: /'
echo "$(ColorRed '----')"
echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Expires In:')"
# Detect the platform (similar to $OSTYPE)
OS="`uname`"
case $OS in
'Linux'|'FreeBSD'|'SunOS'|'AIX')
echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
;;
'Darwin')
OS='Mac'
# macos - format
#date -j -f "%b %d %T %Y %Z" "$expires" +'%s'; date -j -f "%F" "$today" +'%s'
## echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
echo " $(( ( $(date -j -f "%b %d %T %Y %Z" "$expires" +'%s') - $(date -j -f "%F" "$today" +'%s') )/60/60/24 )) days"
;;
*)
echo "Error: Can't Find DATE command for your OS version!"
;;
esac
echo "$(ColorRed '----')"
echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Dates:')"
echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -dates|\
sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued On: /'
echo "$(ColorRed '----')"
echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Issued by:')"
echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -issuer|sed 's/issuer=/Issuer: /'
echo "$(ColorRed '----')"
echo -e "$(ColorRed '#') $(ColorGreen 'TLS supported:')"
#nmap --script ssl-cert -p 443 $1
nmap -sV --script ssl-enum-ciphers -p 443 $1 | egrep -i 'tls.*:'
echo "$(ColorRed '----')"
echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate SANs:')"
#echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -extensions subjectAltName
echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -text |egrep "DNS:"|tr -d " \t"|tr , '\n'|sed 's/^/ /'
echo "$(ColorRed '----')"
echo -e "$(ColorRed '#') $(ColorGreen 'Certificate Chains:')"
ColorOrangeON; timeout 2 openssl s_client -quiet -showcerts -servername $1 -connect $1:443;ColorClear
echo "$(ColorRed '----')"
echo -e "$(ColorRed '#') $(ColorGreen 'Certificates Details:')"
#certificates=$(openssl s_client -connect $1:443 -showcerts -tlsextdebug -tls1 2>&1 </dev/null| \
#sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/p}');
OLDIFS=$IFS; IFS=':'
certificates=$(echo|openssl s_client -servername $1 -showcerts -connect "$1:443" 2>&1| \
sed -n '/-----BEGIN/,/-----END/p'|sed 's/^-----BEGIN/:-----BEGIN/');
for certificate in ${certificates#:}; do ColorOrangeON
#echo $certificate | tee >(openssl x509 -noout -serial) >(openssl x509 -noout -subject)
for attr in subject serial fingerprint; do echo $certificate|openssl x509 -noout -$attr|tr -d ":"| tr '[:upper:]' '[:lower:]' ;done; echo ''
done; IFS=$OLDIFS
echo "$(ColorRed '----')"
# echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Decode:')"; ColorCyanON
# echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -text
esac
#echo -ne "$(ColorRed '\n---------------------------------------------------------')\n"
Reference in a new issue View git blame Copy permalink