{"id":637,"date":"2012-02-01T18:02:30","date_gmt":"2012-02-01T18:02:30","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2012\/02\/01\/tool-sslreport\/"},"modified":"2021-07-31T18:13:56","modified_gmt":"2021-07-31T18:13:56","slug":"tool-sslreport","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Programming\/Shell-Scripting\/tool-sslreport.html","title":{"rendered":"Tool – SSLReport"},"content":{"rendered":"
SSLReport provides the ability to scan a network and determine which hosts are running SSL\/TLS based services and then query each of these servers\/ports to determine which ciphers are supported. The output of this is then outputted within a CSV based format.<\/p>\n
[root@william images]# bash sslreport.txt 10.1.1.0\/23 home\r\nChecking for Binaries .....\r\n\u00a0*Successful execution of \/usr\/bin\/nmap\r\n\u00a0*Unsuccessful execution of \/usr\/bin\/sslscan<\/pre>\nScript<\/strong><\/h3>\n
#!\/bin\/bash\r\n\r\n### ENV VAR ###\r\n\r\nexport PATH=\/usr\/kerberos\/sbin:\/usr\/kerberos\/bin:\/usr\/local\/sbin:\/usr\/local\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin:\/root\/bin\r\n\r\n### VAR ###\r\n\r\nNMAP=\/usr\/bin\/nmap\r\nSSLSCAN=\/usr\/bin\/sslscan\r\nDIR=\/var\/tmp\r\nNETWORK=$1\r\nNETNAME=$2\r\n\r\n\r\n### FUNCTIONS ###\r\n\r\nhelp()\r\n{\r\ncat << EOF Usage: sslreport.sh [ NETWORK \/ MASK ] [ NETWORK NAME ] EOF } ### ERROR CHECKING ### if [ -z \"${NETWORK}\" ] ; then help exit 1 elif [ \"${NETWORK}\" = \"--help\" ] ; then help exit 0 fi if [ -z \"${NETNAME}\" ] ; then echo Error : no network name defined exit 1 fi ### MAIN ### #################### ### BINARY CHECK ### #################### echo \"Checking for Binaries .....\" if ! [ -x \"${NMAP}\" ] ; then echo \\ \\*Unsuccessful execution of \"${NMAP}\" exit 1 else echo \\ \\*Successful execution of \"${NMAP}\" fi if ! [ -x ${SSLSCAN} ] ; then echo \\ \\*Unsuccessful execution of \"${SSLSCAN}\" exit 1 else echo \\ \\*Successful execution of \"${SSLSCAN}\" fi #################### ### RUN NMAP ### #################### echo \"Running NMAP scan ......\" echo \\ \\*\"${NMAP}\" \"${NETWORK}\" -oN \/var\/tmp\/\"${NETNAME}\"-nmap.txt \"${NMAP}\" \"${NETWORK}\" -oN \/var\/tmp\/\"${NETNAME}\"-nmap.txt > \/dev\/null 2>&1\r\n\r\nif ! [ $? = 0 ] ; then\r\necho \" *Nmap failed\"\r\nexit 1\r\nfi\r\n\r\necho \" *Completed\"\r\n\r\n#######################################\r\n### CONVERT NAMP OUT TO TARGET FILE ###\r\n#######################################\r\n\r\n### GREP FOR HTTP ###\r\n\r\necho \"Converting NMAP output to target files ......\"\r\ncat \/var\/tmp\/\"${NETNAME}\"-nmap.txt | grep -Ei \"http|scan report for \" | grep -viE \"https|ssl\" | sed '\/Nmap scan report for \/ s\/$\/z\/;\/Nmap scan report for \/ s\/^\/Z\/' | \\\r\nsed 's\/Nmap scan report for \/\/g;s\/\\\/tcp.*$\/\/g' | \\\r\n\r\n### PRINT ALL OUTPUT TO SINGLE LINE ###\r\n\r\nwhile read LINE\r\ndo\r\necho -ne $LINE\" \"\r\n\r\ndone | \\\r\n\r\n### CUT LINE INTO MULTIPLE LINES PER IP ###\r\n\r\nsed 's\/Z\/\\n\/g' | \\\r\nsed 's\/\\,$\/\/g' | sed 's\/^.*z$\/\/g;\/^$\/d' | sed 's\/z\/\/g' | \\\r\nsed 's\/$\/\\n\/g' | sed '\/^$\/d' | \\\r\n\r\n### MANIPULATE LINES INTO MULTIPLE LINES PER IP ###\r\n\r\nwhile read IP PORT1 PORT2 PORT3 PORT4 PORT5 PORT6\r\ndo\r\nif ! [ -z \"${PORT1}\" ] ; then\r\necho $IP\\:\"${PORT1}\"\r\nfi\r\nif ! [ -z \"${PORT2}\" ] ; then\r\necho $IP\\:\"${PORT2}\"\r\nfi\r\nif ! [ -z \"${PORT3}\" ] ; then\r\necho $IP\\:\"${PORT3}\"\r\nfi\r\nif ! [ -z \"${PORT4}\" ] ; then\r\necho $IP\\:\"${PORT4}\"\r\nfi\r\nif ! [ -z \"${PORT5}\" ] ; then\r\necho $IP\\:\"${PORT5}\"\r\nfi\r\nif ! [ -z \"${PORT6}\" ] ; then\r\necho $IP\\:\"${PORT6}\"\r\nfi\r\ndone > \"${DIR}\"\/\"${NETNAME}\"\\-http.txt\r\n\r\nif [ $? = 0 ] ; then\r\necho \\ \\*File created : \"${DIR}\"\/\"${NETNAME}\"\\-http.txt\r\nfi\r\n\r\n### GREP FOR HTTPS \/ SSL ###\r\n\r\ncat \/var\/tmp\/\"${NETNAME}\"-nmap.txt | grep -Ei \"https|ssl|scan report for \" | sed '\/Nmap scan report for \/ s\/$\/z\/;\/Nmap scan report for \/ s\/^\/Z\/' | \\\r\nsed 's\/Nmap scan report for \/\/g;s\/\\\/tcp.*$\/\/g' | \\\r\n\r\n### PRINT ALL OUTPUT TO SINGLE LINE ###\r\n\r\nwhile read LINE\r\ndo\r\necho -ne $LINE\" \"\r\n\r\ndone | \\\r\n\r\n### CUT LINE INTO MULTIPLE LINES PER IP ###\r\n\r\nsed 's\/Z\/\\n\/g' | \\\r\nsed 's\/\\,$\/\/g' | sed 's\/^.*z$\/\/g;\/^$\/d' | sed 's\/z\/\/g' | \\\r\nsed 's\/$\/\\n\/g' | sed '\/^$\/d' | \\\r\n\r\n### MANIPULATE LINES INTO MULTIPLE LINES PER IP ###\r\n\r\nwhile read IP PORT1 PORT2 PORT3 PORT4 PORT5 PORT6\r\ndo\r\nif ! [ -z $PORT1 ] ; then\r\necho $IP\\:$PORT1\r\nfi\r\nif ! [ -z $PORT2 ] ; then\r\necho $IP\\:$PORT2\r\nfi\r\nif ! [ -z $PORT3 ] ; then\r\necho $IP\\:$PORT3\r\nfi\r\nif ! [ -z $PORT4 ] ; then\r\necho $IP\\:$PORT4\r\nfi\r\nif ! [ -z $PORT5 ] ; then\r\necho $IP\\:$PORT5\r\nfi\r\nif ! [ -z $PORT6 ] ; then\r\necho $IP\\:$PORT6\r\nfi\r\ndone > \"${DIR}\"\/\"${NETNAME}\"\\-https.txt\r\n\r\nif [ $? = 0 ] ; then\r\necho \\ \\*File created : \"${DIR}\"\/\"${NETNAME}\"\\-https.txt\r\nfi\r\n\r\necho \" *NMAP to SSLScan target files completed\"\r\n\r\n####################\r\n### RUN SSLSCAN ###\r\n####################\r\n\r\necho \"Running SSLScan against target file ....... \"\r\necho \\ \\*\"${SSLSCAN}\" --targets=\"${DIR}\"\/\"${NETNAME}\"\\-https.txt > \"${DIR}\"\/\"${NETNAME}\"\\-sslscan.txt\r\n\"${SSLSCAN}\" --targets=\"${DIR}\"\/\"${NETNAME}\"\\-https.txt > \"${DIR}\"\/\"${NETNAME}\"\\-sslscan.txt\r\n\r\necho \" *Completed\"\r\n\r\n###############################\r\n### CONVERT SSLSCAN TO CSV ###\r\n###############################\r\n\r\necho \"Converting SSLScan ouput to csv ......\"\r\necho\r\n\r\ncat \"${DIR}\"\/\"${NETNAME}\"\\-sslscan.txt | grep -Ei \"Accepted|on port\" | sed '\/Testing SSL server \/ s\/^\/Z\/' | sed 's\/Testing SSL server \/\/g' | sed 's\/.*Accepted \/ \/g;s\/ on port\/,\/g;s\/ \/\\|\/g' | \\\r\n\r\n### PRINT ALL OUTPUT TO SINGLE LINE ###\r\n\r\nwhile read LINE\r\ndo\r\necho -ne $LINE,\r\n\r\ndone | \\\r\n\r\n### CUT LINE INTO MULTIPLE LINES PER IP ###\r\n\r\nsed 's\/Z\/\\n\/g' | \\\r\nsed 's\/\\,$\/\/g' | sed 's\/^.*z$\/\/g;\/^$\/d' | sed 's\/z\/\/g' | \\\r\nsed 's\/$\/\\n\/g' | sed '\/^$\/d' | \\\r\n\r\ntee \"${DIR}\"\/\"${NETNAME}\"\\-sslreport.csv\r\n\r\nif [ $? = 0 ] ; then\r\n echo \" *File created : \"${DIR}\"\/\"${NETNAME}\"\\-sslreport.csv\"\r\n echo\r\nfi\r\n\r\necho \"SSL Report complete\"\r\necho\r\n\r\nexit 0\r\n<\/pre>\n<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
SSLReport provides the ability to scan a network and determine which hosts are running SSL\/TLS based services and then query each of these servers\/ports to determine which ciphers are supported. The output of this is then outputted within a CSV based format. Usage [root@william images]# bash sslreport.txt 10.1.1.0\/23 home Checking for Binaries ….. \u00a0*Successful execution … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[40],"tags":[],"yoast_head":"\n
Tool - SSLReport - Fir3net<\/title>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n