129 lines
		
	
	
	
		
			2.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable file
		
	
	
	
	
			
		
		
	
	
			129 lines
		
	
	
	
		
			2.7 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable file
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| 
 | |
| port=443
 | |
| vulnerability=""
 | |
| host=""
 | |
| openssl="$(which openssl)"
 | |
| 
 | |
| die(){
 | |
| 	echo "$@" >&2
 | |
| 	exit 1
 | |
| }
 | |
| 
 | |
| print_help(){
 | |
| 	echo "Attempts to connect using different tls versions"
 | |
| 	echo ""
 | |
| 	echo "verifySSL [options] <host>"
 | |
| 	echo ""
 | |
| 	echo "-p | --port          Port number (default 443)"
 | |
| 	echo "-v | --vulnerability The vulnerability to test"
 | |
| 	echo "--list               List the vulnerabilities that can be tested"
 | |
| }
 | |
| 
 | |
| list_vulnerabilites(){
 | |
| 	echo "Beast"
 | |
| 	echo "Sweet32"
 | |
| 	echo "Lucky13"
 | |
| }
 | |
| 
 | |
| check-beast(){
 | |
| 	local tls1
 | |
| 	local ssl3
 | |
| 	local tmpfile="$(mktemp)"
 | |
| 	# In order to test beast, you need to have a cbc cipher and tls1 or sslv3
 | |
| 	echo "" | $openssl s_client -tls1 -connect "${host}:${port}" > /dev/null 2>&1
 | |
| 	tls1="$?"
 | |
| 	echo "" | $openssl s_client -ssl3 -connect "${host}:${port}" > /dev/null 2>&1
 | |
| 	ssl3="$?"
 | |
| 
 | |
| 	$openssl ciphers -v | grep -i cbc | cut -d' ' -f1 | while read cipher; do
 | |
| 		if [ $tls1 -eq 0 ]; then
 | |
| 			echo "\$ openssl s_client -tls1 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile"
 | |
| 			echo "" | $openssl s_client -tls1 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1
 | |
| 			if [ "$?" -eq 0 ]; then
 | |
| 				cat "$tmpfile"
 | |
| 			fi
 | |
| 			rm "$tmpfile"
 | |
| 		fi
 | |
| 
 | |
| 		if [ $ssl3 -eq 0 ]; then
 | |
| 			echo "\$ openssl s_client -ssl3 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile"
 | |
| 			echo "" | $openssl s_client -ssl3 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1
 | |
| 			if [ "$?" -eq 0 ]; then
 | |
| 				cat "$tmpfile"
 | |
| 			fi
 | |
| 			rm "$tmpfile"
 | |
| 		fi
 | |
| 	done
 | |
| 
 | |
| }
 | |
| 
 | |
| check-sweet32(){
 | |
| 	local tmpfile="$(mktemp)"
 | |
| 	echo "\$ openssl s_client -cipher 3DES -connect ${host}:${port}" >> "$tmpfile"
 | |
| 	echo "" | $openssl s_client -cipher 3DES -connect "${host}:${port}" >> "$tmpfile" 2>&1
 | |
| 	if [ "$?" -eq 0 ]; then
 | |
| 		cat "$tmpfile"
 | |
| 	fi
 | |
| 	rm "$tmpfile"
 | |
| }
 | |
| 
 | |
| check-lucky13(){
 | |
| 	local tmpfile="$(mktemp)"
 | |
| 	$openssl ciphers -v | grep -i cbc | cut -d' ' -f1 | while read cipher; do
 | |
| 		echo "\$ openssl s_client -cipher $cipher -connect ${host}:${port}" >> "$tmpfile"
 | |
| 		echo "" | $openssl s_client -tls1 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1
 | |
| 		if [ "$?" -eq 0 ]; then
 | |
| 			cat "$tmpfile"
 | |
| 		fi
 | |
| 		rm "$tmpfile"
 | |
| 	done
 | |
| }
 | |
| 
 | |
| while [ "$#" -gt 0 ]; do
 | |
| 	case "$1" in
 | |
| 		-p|--port)
 | |
| 			port="$2"
 | |
| 			shift; shift
 | |
| 			;;
 | |
| 		-v|--vulnerability)
 | |
| 			vulnerability="$2"
 | |
| 			shift; shift
 | |
| 			;;
 | |
| 		--openssl)
 | |
| 			openssl="$2"
 | |
| 			shift;shift
 | |
| 			;;
 | |
| 		-h|--help)
 | |
| 			print_help
 | |
| 			exit 0
 | |
| 			;;
 | |
| 		--list)
 | |
| 			list_vulnerabilites
 | |
| 			exit 0
 | |
| 			;;
 | |
| 		*)
 | |
| 			host="$1"
 | |
| 			shift
 | |
| 			;;
 | |
| 	esac
 | |
| done
 | |
| 
 | |
| if [ -z "$host" ]; then
 | |
| 	die "No host provided"
 | |
| fi
 | |
| 
 | |
| case "$(echo "$vulnerability" | tr '[:upper:]' '[:lower:]')" in
 | |
| 	beast)
 | |
| 		check-beast
 | |
| 		;;
 | |
| 	sweet32)
 | |
| 		check-sweet32
 | |
| 		;;
 | |
| 	lucky13)
 | |
| 		check-lucky13
 | |
| 		;;
 | |
| 	*)
 | |
| 		die "Unknown vulnerability $vulnerability"
 | |
| 		;;
 | |
| esac
 |