#!/bin/bash ### ENV VAR ### export PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin ### VAR ### NMAP=/usr/bin/nmap SSLSCAN=/usr/bin/sslscan DIR=/var/tmp NETWORK=$1 NETNAME=$2 ### FUNCTIONS ### help() { cat << EOF Usage: sslreport.sh [ NETWORK / MASK ] [ NETWORK NAME ] EOF } ### ERROR CHECKING ### if [ -z "${NETWORK}" ] ; then help exit 1 elif [ "${NETWORK}" = "--help" ] ; then help exit 0 fi if [ -z "${NETNAME}" ] ; then echo Error : no network name defined exit 1 fi ### MAIN ### #################### ### BINARY CHECK ### #################### echo "Checking for Binaries ....." if ! [ -x "${NMAP}" ] ; then echo \ \*Unsuccessful execution of "${NMAP}" exit 1 else echo \ \*Successful execution of "${NMAP}" fi if ! [ -x ${SSLSCAN} ] ; then echo \ \*Unsuccessful execution of "${SSLSCAN}" exit 1 else echo \ \*Successful execution of "${SSLSCAN}" fi #################### ### RUN NMAP ### #################### echo "Running NMAP scan ......" echo \ \*"${NMAP}" "${NETWORK}" -oN /var/tmp/"${NETNAME}"-nmap.txt "${NMAP}" "${NETWORK}" -oN /var/tmp/"${NETNAME}"-nmap.txt > /dev/null 2>&1 if ! [ $? = 0 ] ; then echo " *Nmap failed" exit 1 fi echo " *Completed" ####################################### ### CONVERT NAMP OUT TO TARGET FILE ### ####################################### ### GREP FOR HTTP ### echo "Converting NMAP output to target files ......" cat /var/tmp/"${NETNAME}"-nmap.txt | grep -Ei "http|scan report for " | grep -viE "https|ssl" | sed '/Nmap scan report for / s/$/z/;/Nmap scan report for / s/^/Z/' | \ sed 's/Nmap scan report for //g;s/\/tcp.*$//g' | \ ### PRINT ALL OUTPUT TO SINGLE LINE ### while read LINE do echo -ne $LINE" " done | \ ### CUT LINE INTO MULTIPLE LINES PER IP ### sed 's/Z/\n/g' | \ sed 's/\,$//g' | sed 's/^.*z$//g;/^$/d' | sed 's/z//g' | \ sed 's/$/\n/g' | sed '/^$/d' | \ ### MANIPULATE LINES INTO MULTIPLE LINES PER IP ### while read IP PORT1 PORT2 PORT3 PORT4 PORT5 PORT6 do if ! [ -z "${PORT1}" ] ; then echo $IP\:"${PORT1}" fi if ! [ -z "${PORT2}" ] ; then echo $IP\:"${PORT2}" fi if ! [ -z "${PORT3}" ] ; then echo $IP\:"${PORT3}" fi if ! [ -z "${PORT4}" ] ; then echo $IP\:"${PORT4}" fi if ! [ -z "${PORT5}" ] ; then echo $IP\:"${PORT5}" fi if ! [ -z "${PORT6}" ] ; then echo $IP\:"${PORT6}" fi done > "${DIR}"/"${NETNAME}"\-http.txt if [ $? = 0 ] ; then echo \ \*File created : "${DIR}"/"${NETNAME}"\-http.txt fi ### GREP FOR HTTPS / SSL ### cat /var/tmp/"${NETNAME}"-nmap.txt | grep -Ei "https|ssl|scan report for " | sed '/Nmap scan report for / s/$/z/;/Nmap scan report for / s/^/Z/' | \ sed 's/Nmap scan report for //g;s/\/tcp.*$//g' | \ ### PRINT ALL OUTPUT TO SINGLE LINE ### while read LINE do echo -ne $LINE" " done | \ ### CUT LINE INTO MULTIPLE LINES PER IP ### sed 's/Z/\n/g' | \ sed 's/\,$//g' | sed 's/^.*z$//g;/^$/d' | sed 's/z//g' | \ sed 's/$/\n/g' | sed '/^$/d' | \ ### MANIPULATE LINES INTO MULTIPLE LINES PER IP ### while read IP PORT1 PORT2 PORT3 PORT4 PORT5 PORT6 do if ! [ -z $PORT1 ] ; then echo $IP\:$PORT1 fi if ! [ -z $PORT2 ] ; then echo $IP\:$PORT2 fi if ! [ -z $PORT3 ] ; then echo $IP\:$PORT3 fi if ! [ -z $PORT4 ] ; then echo $IP\:$PORT4 fi if ! [ -z $PORT5 ] ; then echo $IP\:$PORT5 fi if ! [ -z $PORT6 ] ; then echo $IP\:$PORT6 fi done > "${DIR}"/"${NETNAME}"\-https.txt if [ $? = 0 ] ; then echo \ \*File created : "${DIR}"/"${NETNAME}"\-https.txt fi echo " *NMAP to SSLScan target files completed" #################### ### RUN SSLSCAN ### #################### echo "Running SSLScan against target file ....... " echo \ \*"${SSLSCAN}" --targets="${DIR}"/"${NETNAME}"\-https.txt > "${DIR}"/"${NETNAME}"\-sslscan.txt "${SSLSCAN}" --targets="${DIR}"/"${NETNAME}"\-https.txt > "${DIR}"/"${NETNAME}"\-sslscan.txt echo " *Completed" ############################### ### CONVERT SSLSCAN TO CSV ### ############################### echo "Converting SSLScan ouput to csv ......" echo cat "${DIR}"/"${NETNAME}"\-sslscan.txt | grep -Ei "Accepted|on port" | sed '/Testing SSL server / s/^/Z/' | sed 's/Testing SSL server //g' | sed 's/.*Accepted / /g;s/ on port/,/g;s/ /\|/g' | \ ### PRINT ALL OUTPUT TO SINGLE LINE ### while read LINE do echo -ne $LINE, done | \ ### CUT LINE INTO MULTIPLE LINES PER IP ### sed 's/Z/\n/g' | \ sed 's/\,$//g' | sed 's/^.*z$//g;/^$/d' | sed 's/z//g' | \ sed 's/$/\n/g' | sed '/^$/d' | \ tee "${DIR}"/"${NETNAME}"\-sslreport.csv if [ $? = 0 ] ; then echo " *File created : "${DIR}"/"${NETNAME}"\-sslreport.csv" echo fi echo "SSL Report complete" echo exit 0