SSL Tests - v2, weak ciphers, MD5, Renegotiation

#!/usr/bin/env bash
 
# Description:
#       Script to extract the most security relevant details from a 
#       target SSL/TLS implementation by using sslscan.
# Author:  Raul Siles (raul _AT_ taddong _DOT_ com)
#          Taddong (www.taddong.com)
# Date:    2011-05-27
# Version: 1.0
#
# - Current SSL/TLS tests: 
#   SSLv2, NULL cipher, weak ciphers -key length-, strong 
#   ciphers -AES-, MD5 signed cert, SSL/TLS renegotiation
#
# Requires: 
# - sslscan
# https://sourceforge.net/projects/sslscan/
#
# Credits: Based on ssl_test.sh by Aung Khant, http://yehg.net.
# 
 
#
# /**************************************************************************
# *   Copyright 2011 by Taddong (Raul Siles)                                *
# *                                                                         *
# *   This program is free software; you can redistribute it and/or modify  *
# *   it under the terms of the GNU General Public License as published by  *
# *   the Free Software Foundation; either version 3 of the License, or     *
# *   (at your option) any later version.                                   *
# *                                                                         *
# *   This program is distributed in the hope that it will be useful,       *
# *   but WITHOUT ANY WARRANTY; without even the implied warranty of        *
# *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
# *   GNU General Public License for more details.                          *
# *                                                                         *
# *   You should have received a copy of the GNU General Public License     *
# *   along with this program. If not, see <http://www.gnu.org/licenses/>.  *
# *                                                                         *
# **************************************************************************/
#
 
VERSION=1.0
 
OPENSSLVERSION=$(openssl version)
SSLSCANVERSION=$(sslscan --version | grep version | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g")
 
echo ------------------------------------------------------
echo " TLSSLed - ($VERSION) based on sslscan and openssl"
echo " by Raul Siles (www.taddong.com)"
echo " ( inspired by ssl_test.sh by Aung Khant )"
echo ------------------------------------------------------
echo + openssl version: $OPENSSLVERSION
echo + $SSLSCANVERSION
echo ------------------------------------------------------
echo
 
if [ $# -ne 2 ]; then 
   echo Usage: $0 IP PORT
   exit
fi
 
HOST=$1
PORT=$2
 
echo  [*] Analyzing SSL/TLS on $HOST:$PORT ...
echo 
 
# Run sslcan once, store the results to a log file and
# analyze that file for all the different tests:
DATE=$(date +%F_%R:%S)
TARGET=$HOST:$PORT
LOGFILE=sslscan\_$TARGET\_$DATE.log
ERRFILE=sslscan\_$TARGET\_$DATE.err
 
echo [*] Running sslscan on $HOST:$PORT...
sslscan $HOST:$PORT > $LOGFILE 2> $ERRFILE
 
echo
echo [*] Testing for SSLv2 ...
cat $LOGFILE | grep "Accepted  SSLv2"
echo
echo [*] Testing for NULL cipher ...
cat $LOGFILE | grep "NULL" | grep Accepted
echo
echo [*] Testing for weak ciphers \(based on key length\) ...
cat $LOGFILE | grep " 40 bits" | grep Accepted
echo 
cat $LOGFILE | grep " 56 bits" | grep Accepted
echo
echo [*] Testing for strong ciphers \(AES\) ...
cat $LOGFILE | grep "AES" | grep Accepted
 
echo 
echo [*] Testing for MD5 signed certificate ...
#cat $LOGFILE | grep -E 'MD5WithRSAEncryption|md5WithRSAEncryption'
cat $LOGFILE | grep -i 'MD5WithRSAEncryption'
 
echo 
echo [*] Checking preferred server ciphers ...
cat $LOGFILE | sed '/Prefered Server Cipher(s):/,/^$/!d' | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g"
 
echo
echo [*] Testing for SSLv3/TLSv1 renegotiation vuln. \(CVE-2009-3555\) ...
#echo [*] echo R \| openssl s_client -connect $HOST:$PORT \| grep "DONE"
#
# Renegotiation details go to stderr (2>)
#
# if $OPENSSLVERSION is updated (version?) it supports RFC5746 and will print:
# Secure Renegotiation IS NOT supported
# Secure Renegotiation IS supported
#
 
echo R | openssl s_client -connect $HOST:$PORT | grep -E "Secure Renegotiation IS|DONE"
 
echo
echo [*] New files created:
ls -l $LOGFILE
if [ ! -s $ERRFILE ]; then
        # Error file is empty
        rm $ERRFILE
else
        ls -l $ERRFILE
fi
 
echo
echo 
echo [*] done
echo

Download

Submitted by Aung Khant and updated by Raul Siles

discovery/ssl_tests.txt · Last modified: 2011/06/05 17:58 by Robin Wood