-
Notifications
You must be signed in to change notification settings - Fork 3
/
cipherlist.sh
executable file
·114 lines (93 loc) · 3.44 KB
/
cipherlist.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/bin/bash
# +----+----+----+----+
# | | | | |
# Author: Mark David Scott Cunningham | M | D | S | C |
# +----+----+----+----+
# Created: 2017-04-23
# Updated: 2017-05-07
#
# Purpose: Check available SSL version and ciphers (replicate nmap ssl-enum-ciphers)
#
# Notes: Based on concept and initial code by JBurnham
#
# Set starting defaults
tempfile="/tmp/cipherlist.tmp";
PORTS="443"; quiet=''
#Help output function
usage(){
echo "
Usage: $0 [-p port1,port2,...] host1 [host2] [host3] ...
-p ... Comma separated list of port numbers to test
-q ... Quiet, do not print progress
-h ... Print this help and quit
Example:
$0 -p443,465,2087 domain1.com ip.ad.dre.ss
"
}
#Argument parsing
while getopts p:qh option; do
case "${option}" in
p ) PORTS=$(echo ${OPTARG} | sed 's/,/ /g'); shift ;;
q ) quiet=1 ;;
h|* ) usage; exit ;; # print help info
esac
done
if [[ ! $@ ]]; then usage; exit; fi
#Outer loop over ports and hosts
for DOMAIN in "$@"; do
for PORT in $PORTS; do
# Initialize counter, and create tempfile
i=0; echo -n > $tempfile; echo
#Check port number for starttls requirements
case $PORT in
21) opt="-starttls ftp";;
25|26|587) opt="-starttls smtp";;
110) opt="-starttls pop3";;
143) opt="-starttls imap";;
*) opt="";;
esac
#Check OpenSSL version in use, and set protocol version list
if [[ $(openssl version) =~ 0\.9\.[0-9] ]]; then #v0.9.x -- OLD
PROTO="ssl2 ssl3 tls1";
elif [[ $(openssl version) =~ 1\.[1-9]\.[1-9] ]]; then #1.1.x -- NEW
PROTO="ssl2 ssl3 tls1 tls1_1 tls1_2 tls1_3";
else
PROTO="ssl2 ssl3 tls1 tls1_1 tls1_2"; #1.0.x -- CURRENT
fi
#Inner loop over protocols
for v in $PROTO; do
# Pretty up the version output
case $v in
ssl2) V="SSLv2.0";;
ssl3) V="SSLv3.0";;
tls1) V="TLSv1.0";;
tls1_1) V="TLSv1.1";;
tls1_2) V="TLSv1.2";;
tls1_3) V="TLSv1.3";;
esac
# Loop over cipher list
for c in $(openssl ciphers 'ALL:eNULL' | tr ':' ' '); do
if [[ ! $quiet ]]; then echo -ne " $V :: $c \r"; fi
(echo | openssl s_client $opt -connect $DOMAIN:$PORT -cipher $c -$v 2>/dev/null | awk '/Cipher.*:/ && !/0000/ {print "| "$NF}' >> ${tempfile}.$v &)
i=$(($i+1))
done;
# Combine logs into final output
if [[ -s ${tempfile}.$v ]]; then
echo -e "| $V:\n| ciphers:" >> $tempfile;
cat ${tempfile}.$v | sort -r | uniq >> $tempfile;
rm -f ${tempfile}.$v;
fi
done
#Gather host/domain/service information, and output results
if [[ $DOMAIN =~ [a-z] ]]; then I=$(dig +short $DOMAIN | grep -v [a-z] | head -1); else I=$DOMAIN; fi
rdns=$(dig +short -x $I | head -1)
srv=$(awk "/ $PORT\/tcp/ || /\t$PORT\/tcp/"'{print $2,"("$1")"}' /etc/services)
echo -e "Scan report for $DOMAIN ($I) "
if [[ -n $rdns ]]; then echo "rDNS for ($I): $rdns"; fi
echo "$srv"
cat $tempfile; echo -e "|_\n"
echo -e "Done: ($i) Ciphers Tested :: ($( grep -E '-' $tempfile | wc -l )) Ciphers Supported\nUsing: $(openssl version)"
rm -f $tempfile;
done #end port loop
done #end host loop
echo