BIN: starts verifySSL script
This will evolve to become a script that can be used to verify the findings of a tool like testssl Currently only supports "beast"
This commit is contained in:
Jonathan Hodgson
parent
349963cdad
commit
995b2a516e
1 changed files with 99 additions and 0 deletions
99
bin/.bin/webtest/verifySSL
Executable file
99
bin/.bin/webtest/verifySSL
Executable file
|
|
@ -0,0 +1,99 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
port=443
|
||||||
|
vulnerability=""
|
||||||
|
host=""
|
||||||
|
openssl="$(which openssl)"
|
||||||
|
|
||||||
|
die(){
|
||||||
|
echo "$@" >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
|
print_help(){
|
||||||
|
echo "Attempts to connect using different tls versions"
|
||||||
|
echo ""
|
||||||
|
echo "verifySSL [options] <host>"
|
||||||
|
echo ""
|
||||||
|
echo "-p | --port Port number (default 443)"
|
||||||
|
echo "-v | --vulnerability The vulnerability to test"
|
||||||
|
echo "--list List the vulnerabilities that can be tested"
|
||||||
|
}
|
||||||
|
|
||||||
|
list_vulnerabilites(){
|
||||||
|
echo "Beast"
|
||||||
|
}
|
||||||
|
|
||||||
|
check-beast(){
|
||||||
|
local tls1
|
||||||
|
local ssl3
|
||||||
|
local tmpfile="$(mktemp)"
|
||||||
|
# In order to test beast, you need to have a cbc cipher and tls1 or sslv3
|
||||||
|
echo "" | $openssl s_client -tls1 -connect "${host}:${port}" > /dev/null 2>&1
|
||||||
|
tls1="$?"
|
||||||
|
echo "" | $openssl s_client -ssl3 -connect "${host}:${port}" > /dev/null 2>&1
|
||||||
|
ssl3="$?"
|
||||||
|
|
||||||
|
$openssl ciphers -v | grep -i cbc | cut -d' ' -f1 | while read cipher; do
|
||||||
|
if [ $tls1 -eq 0 ]; then
|
||||||
|
echo "openssl s_client -tls1 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile"
|
||||||
|
echo "" | $openssl s_client -tls1 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1
|
||||||
|
if [ "$?" -eq 0 ]; then
|
||||||
|
cat "$tmpfile"
|
||||||
|
fi
|
||||||
|
rm "$tmpfile"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ $ssl3 -eq 0 ]; then
|
||||||
|
echo "openssl s_client -ssl3 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile"
|
||||||
|
echo "" | $openssl s_client -ssl3 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1
|
||||||
|
if [ "$?" -eq 0 ]; then
|
||||||
|
cat "$tmpfile"
|
||||||
|
fi
|
||||||
|
rm "$tmpfile"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
while [ "$#" -gt 0 ]; do
|
||||||
|
case "$1" in
|
||||||
|
-p|--port)
|
||||||
|
port="$2"
|
||||||
|
shift; shift
|
||||||
|
;;
|
||||||
|
-v|--vulnerability)
|
||||||
|
vulnerability="$2"
|
||||||
|
shift; shift
|
||||||
|
;;
|
||||||
|
--openssl)
|
||||||
|
openssl="$2"
|
||||||
|
shift;shift
|
||||||
|
;;
|
||||||
|
-h|--help)
|
||||||
|
print_help
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
--list)
|
||||||
|
list_vulnerabilites
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
host="$1"
|
||||||
|
shift
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z "$host" ]; then
|
||||||
|
die "No host provided"
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "$(echo "$vulnerability" | tr '[:upper:]' '[:lower:]')" in
|
||||||
|
beast)
|
||||||
|
check-beast
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
die "Unknown vulnerability $vulnerability"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
Loading…
Add table
Add a link
Reference in a new issue