discovery checkingfor ssl vulnerabilities on the command line

Nessus SSL Inspection Report With 2 Plugins Scrip 

  • 20007: SSL Version 2 (v2) Protocol Detection

  • 26928: SSL Weak Cipher Suites Supported

  • 31705: SSL Anonymous Cipher Suites Supported
The first is the curl version: 
#!/bin/bash
# phaas at redspin.com: Never us a 'sh when a bash is necessary
# Checks the Equivalent of Nessus Plugin 20007, 26928 and 31705 (10863+21643)

if [ $# -lt 1 ]
then
  echo "List SSL Weakness present for a given website"
  echo "Usage: `basename $0` website {port}"
  exit 1
fi
web=${1-'www.redspin.com'}
port=${2-'443'}

# Check for the insecure SSLv2 version
curl -m1 -Ik "https://$web:$port" --ciphers sslv2 &> /dev/null
if [[ "$?" -eq 0 ]]; then echo -e "$web:$port: (ssl2) Weak SSLv2 encryption enabled"; fi

# Enumerate weak SSL ciphers using curl
IFS=$'\n' # Loop across lines, rather than words
ciphers='LOW:EXP:eNULL:aNULL' # Include EXP (Export Ciphers)
for line in `openssl ciphers -v $ciphers | tr -s ' '`; do
 version=`echo "$line" | cut -d' ' -f2 | tr [:upper:] [:lower:]`
 cipher=`echo "$line" | cut -d' ' -f1`
 auth=`echo "$line" | tr -s ' ' | grep -o "Au=[^ ]*" | cut -d'=' -f2`
 strength=`echo "$line" | sed 's#Kx=[^ ]*##' | grep -o '([0-9]*)' | tr -d '()' | grep -v 'None'`
 if [[ "$auth" == 'None' ]]; then auth="no"; fi
 if [[ -z "$strength" ]]; then strength="without encryption"; else strength="at $strength bit encryption"; fi 

 #echo "curl -m1 -Ik https://$web:$port --ciphers $cipher -$version &> /dev/null"
 curl -m1 -Ik "https://$web:$port" --ciphers "$cipher" -$version &> /dev/null
 if [[ "$?" -eq 0 ]]; then
  echo -e "$web:$port: ($version) $cipher = Supported $strength with $auth authentication support"
 fi
done

Open SSL version
#!/bin/bash
# phaas at redspin.com: Never us a 'sh when a bash is necessary
# Checks the Equivalent of Nessus Plugin 20007, 26928 and 31705 (10863+21643)

if [ $# -lt 1 ]
then
  echo "List SSL Weakness present for a given website"
  echo "Usage: `basename $0` website {port}"
  exit 1
fi
web=${1-'www.redspin.com'}
port=${2-'443'}

# Check for the insecure SSLv2 version
sslv2=`echo -e '' | openssl s_client -connect $web:$port -ssl2 -no_ssl3 -no_tls1 2>/dev/null | grep -i 'SSLv2'`
if [ -n "$sslv2" ]; then echo -e "$web:$port: (ssl2) Weak SSLv2 encryption enabled"; fi

# Enumerate weak SSL ciphers using openssl
IFS=$'\n' # Loop across lines, rather than words
ciphers='LOW:EXP:eNULL:aNULL' # Include EXP (Export Ciphers)
for line in `openssl ciphers -v $ciphers | tr -s ' '`; do
 version=`echo "$line" | cut -d' ' -f2 | tr [:upper:] [:lower:] | tr -d 'v'`
 cipher=`echo "$line" | cut -d' ' -f1`
 auth=`echo "$line" | tr -s ' ' | grep -o "Au=[^ ]*" | cut -d'=' -f2`
 strength=`echo "$line" | sed 's#Kx=[^ ]*##' | grep -o '([0-9]*)' | tr -d '()' | grep -v 'None'`

 if [[ "$auth" == 'None' ]]; then auth="no"; fi
 if [[ -z "$strength" ]]; then strength="without encryption"; else strength="at $strength bit encryption"; fi 

 #echo "openssl s_client -connect $web:$port -$version -cipher $cipher"
 supported=`echo "" | openssl s_client -connect $web:$port -$version -cipher $cipher 2>&1 | grep DONE`
 if [[ -n "$supported" ]]; then
  echo -e "$web:$port: ($version) $cipher = Supported $strength with $auth authentication support"
 fi
done
pentesterscripting


2 Responses to “c0decstuff”

What's on Your Mind...

Thank f' u C0mment