Untitled

#!/bin/bash

# Usage: ./sslcheck.sh <hostname> [port]
# Default port is 443 if not specified

HOST=$1
PORT=${2:-443}

if [ -z "$HOST" ]; then
  echo "Usage: $0 <hostname> [port]"
  exit 1
fi

echo "SSL Scan Results for $HOST:$PORT"
echo "==============================="
echo

# Test SSL/TLS Protocols
function check_protocol() {
  local PROTOCOL=$1
  echo "Testing $PROTOCOL..."
  if echo | openssl s_client -connect "$HOST:$PORT" -$PROTOCOL > /dev/null 2>&1; then
    echo "$PROTOCOL supported"
  else
    echo "$PROTOCOL not supported"
  fi
}

echo "Checking SSL/TLS Protocols:"
check_protocol ssl2
check_protocol ssl3
check_protocol tls1
check_protocol tls1_1
check_protocol tls1_2
check_protocol tls1_3
echo

# Fetch Certificate Information
echo "Certificate Information:"
openssl s_client -connect "$HOST:$PORT" -servername "$HOST" < /dev/null 2>/dev/null | openssl x509 -noout -dates -subject -issuer
echo

# Function to test individual cipher suites
function check_cipher() {
  local CIPHER=$1
  echo -n "Testing cipher $CIPHER... "
  if echo | openssl s_client -cipher "$CIPHER" -connect "$HOST:$PORT" < /dev/null 2>/dev/null | grep -q "Cipher is"; then
    echo "supported"
  else
    echo "not supported"
  fi
}

# Get the list of all ciphers from openssl
CIPHERS=$(openssl ciphers 'ALL:eNULL' | tr ':' ' ')

# Test each cipher suite individually
echo "Checking Supported Cipher Suites:"
for CIPHER in $CIPHERS; do
  check_cipher "$CIPHER"
done
echo

# Check Certificate Expiration
echo "Checking Certificate Expiry Date:"
openssl s_client -connect "$HOST:$PORT" -servername "$HOST" 2>/dev/null | openssl x509 -noout -enddate
echo

# Fetch Public Key Info
echo "Public Key Information:"
openssl s_client -connect "$HOST:$PORT" -servername "$HOST" < /dev/null 2>/dev/null | openssl x509 -noout -pubkey | openssl pkey -pubin -text -noout
echo