├── LICENSE
├── README.md
├── ssl
├── ssl.list
└── ssl_check_loop.sh


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2020 Bobby Iliev
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Bash SSL checker tool
 2 | 
 3 | A simple and lightweight Bash script to check the SSL certificate status of a domain name. It's a command-line alternative to popular SSL checker tools, like [SSL Shopper](https://sslshopper.com), and provides a quick way to obtain key information about SSL certificates directly from your terminal.
 4 | 
 5 | The script has been tested on various Linux distributions, including CentOS, Ubuntu, Mint, and Debian.
 6 | 
 7 | ## Features
 8 | 
 9 | The script retrieves and displays the following SSL certificate information:
10 | 
11 | - Domain name the SSL certificate is issued for
12 | - Number of days until the SSL certificate expires
13 | - Issue and expiry dates of the SSL certificate
14 | - Certificate issuer details
15 | - Supported TLS versions
16 | - Certificate fingerprint (SHA1)
17 | 
18 | ## Prerequisites
19 | 
20 | Ensure that `openssl` is installed on your system before running the script.
21 | 
22 | ## Usage
23 | 
24 | To use the script, follow these steps:
25 | 
26 | 1. Download the script using `wget`:
27 |    ```bash
28 |    wget https://raw.githubusercontent.com/bobbyiliev/bash-ssl-checker-tool/master/ssl
29 |    ```
30 | 
31 | 2. Make the script executable:
32 |    ```bash
33 |    chmod +x ssl
34 |    ```
35 | 
36 | 3. Run the script with the desired domain name:
37 |    ```bash
38 |    ./ssl yourdomain.com
39 |    ```
40 | 
41 | ## Example Output
42 | 
43 | Here is a sample of the output you can expect:
44 | 
45 | ```
46 | The bobbyiliev.com domain name seems valid
47 | 
48 | # SSL Certificate Details:
49 | Domain: CN = bobbyiliev.com
50 | ----
51 | 
52 | # SSL Certificate Expiry:
53 | Expires in: 90 days
54 | ----
55 | 
56 | # Important Dates:
57 | Issued On: Jun  4 09:05:19 2020 GMT
58 | Expires On: Sep  2 09:05:19 2020 GMT
59 | ----
60 | 
61 | # Issuer Information:
62 | Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
63 | ----
64 | 
65 | # Supported TLS Versions:
66 | |   TLSv1.0
67 | |   TLSv1.1
68 | |   TLSv1.2
69 | ----
70 | 
71 | # Certificate Fingerprint:
72 | SHA1 Fingerprint = C1:E1:6C:46:8A:74:94:14:00:94:88:B9:4B:2B:C5:90:79:DE:72:64
73 | ----
74 | ```
75 | 
76 | ## Notes
77 | 
78 | - The script requires `openssl`, `host` and `nmap` to be installed on your system. You can install them using your package manager:
79 |    ```bash
80 |    sudo apt-get install openssl nmap host  # Ubuntu/Debian
81 |    sudo yum install openssl nmap host      # CentOS/RHEL
82 |    ```
83 | 
84 | ## Additional Resources
85 | 
86 | For more information, check out the [full blog post here](https://devdojo.com/bobbyiliev/ssl-checker-linux-command-line-tool).
87 | 


--------------------------------------------------------------------------------
/ssl:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | ##
  4 | # Script which let's you gather some basic information about your SSL certificate
  5 | ##
  6 | 
  7 | ##
  8 | # Colors
  9 | ##
 10 | green=$(printf '\e[32m')
 11 | blue=$(printf '\e[34m')
 12 | clear=$(printf '\e[0m')
 13 | orange=$(printf '\e[33m')
 14 | red=$(printf '\e[31m')
 15 | cyan=$(printf '\e[36m')
 16 | ##
 17 | # Color Functions
 18 | ##
 19 | 
 20 | ColorGreen(){
 21 |         echo -ne $green$1$clear
 22 | }
 23 | ColorBlue(){
 24 |         echo -ne $blue$1$clear
 25 | }
 26 | ColorRed(){
 27 |         echo -ne $red$1$clear
 28 | }
 29 | ColorOrange(){
 30 |         echo -ne $orange$1$clear
 31 | }
 32 | ColorCyan(){
 33 |         echo -ne $cyan$1$clear
 34 | }
 35 | # Enable Color - ON/Clear 
 36 | #
 37 | ColorGreen(){
 38 |         echo -ne $green$1$clear
 39 | }
 40 | ColorBlueON(){
 41 |         echo -ne $blue
 42 | }
 43 | ColorRedON(){
 44 |         echo -ne $red
 45 | }
 46 | ColorOrangeON(){
 47 |         echo -ne $orange
 48 | }
 49 | ColorCyanON(){
 50 |         echo -ne $cyan
 51 | }
 52 | ColorClear(){
 53 |         echo -ne $clear
 54 | }
 55 | 
 56 | echo -ne "$(ColorRed '---------------------------------------------------------')\n" 
 57 | ##
 58 | # Make sure that openssl is installed
 59 | ##
 60 | if ! [ -x "$(command -v openssl)" ] ; then
 61 |         echo "The openssl command is required! Please install it and then try again"
 62 |         exit 1
 63 | fi
 64 | 
 65 | ##
 66 | # Check if there is an input
 67 | ##
 68 | if [[ $1 ]]; then
 69 | 	host -t A $1 > /dev/null
 70 | 	if [ $? -eq 0 ]; then
 71 | 		echo -e "$(ColorRed '#') $(ColorGreen 'Checking Domain/Hostname:')\n\t$1"
 72 | 	else
 73 | 		echo -e "Error: Could Not Resolve $(ColorGreen ${1}) Domain Name..."
 74 | 		exit 1
 75 | 	fi
 76 | fi
 77 | 
 78 | case $1 in
 79 | # Usage example
 80 | help)
 81 |         echo -ne "Usage:
 82 | $(ColorGreen './ssl domain.com')
 83 | "
 84 |         exit 1
 85 | ;;
 86 | "")
 87 |         echo -ne "Usage:
 88 | $(ColorGreen './ssl domain.com')
 89 | "
 90 |         exit 1
 91 | ;;
 92 | *)
 93 | 	today=$(date +%F)
 94 | 	expires=$(echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -dates|grep 'notAfter'|sed 's/notAfter=//')
 95 | 
 96 | 	echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Issued For:')"
 97 | 	echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -subject|sed 's/subject=/Domain: /'
 98 | 	echo "$(ColorRed '----')"
 99 | 
100 |    echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Expires In:')"
101 | 
102 | # Detect the platform (similar to $OSTYPE)
103 | OS="`uname`"
104 | case $OS in
105 |   'Linux'|'FreeBSD'|'SunOS'|'AIX')
106 | 	echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
107 |     ;;
108 |   'Darwin') 
109 |     OS='Mac'
110 | 		export LC_TIME="en_US"    
111 | 		# macos - format
112 | 		#date -j -f "%b %d %T %Y %Z" "$expires" +'%s'; date -j -f "%F" "$today" +'%s'
113 | 		## echo $(( ( $(date -ud "$expires" +'%s') - $(date -ud "$today" +'%s') )/60/60/24 )) days
114 | 		echo "	$(( ( $(date -j -f "%b %d %T %Y %Z" "$expires" +'%s') - $(date -j -f "%F" "$today" +'%s') )/60/60/24 )) days"
115 |     ;;
116 |   *) 
117 | 	echo "Error: Can't Find DATE command for your OS version!"
118 | 	;;
119 | esac
120 | 	echo "$(ColorRed '----')"
121 | 	echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Dates:')"
122 | 	echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -dates|\
123 | 	 sed 's/notAfter=/Expires On: /' | sed 's/notBefore=/Issued  On: /'
124 | 	echo "$(ColorRed '----')"
125 | 
126 |    echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Issued by:')"
127 | 	echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -issuer|sed 's/issuer=/Issuer: /'
128 | 	echo "$(ColorRed '----')"
129 | 
130 |    echo -e "$(ColorRed '#') $(ColorGreen 'TLS supported:')"
131 | 	#nmap --script ssl-cert -p 443 $1 
132 | 	nmap -sV --script ssl-enum-ciphers -p 443 $1 | egrep -i 'tls.*:'
133 | 	echo "$(ColorRed '----')"
134 |    
135 | 	echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate SANs:')"
136 | 	#echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null | openssl x509 -noout -extensions subjectAltName
137 | 	echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -text |egrep "DNS:"|tr -d " \t"|tr , '\n'|sed  's/^/	/'
138 | 	echo "$(ColorRed '----')"
139 | 
140 | 	echo -e "$(ColorRed '#') $(ColorGreen 'Certificate Chains:')"
141 | 	ColorOrangeON; timeout 2 openssl s_client -quiet -showcerts -servername $1 -connect $1:443;ColorClear 
142 | 	echo "$(ColorRed '----')"
143 |    echo -e "$(ColorRed '#') $(ColorGreen 'Certificates Details:')"
144 | 	#certificates=$(openssl s_client -connect $1:443 -showcerts -tlsextdebug -tls1 2>&1 </dev/null| \
145 | 	#sed -n '/-----BEGIN/,/-----END/ {/-----BEGIN/ s/^/:/p}'); 
146 | 	OLDIFS=$IFS; IFS=':' 
147 | 	certificates=$(echo|openssl s_client -servername $1 -showcerts -connect "$1:443" 2>&1| \
148 | 	sed -n '/-----BEGIN/,/-----END/p'|sed 's/^-----BEGIN/:-----BEGIN/'); 
149 | 	for certificate in ${certificates#:}; do ColorOrangeON
150 | 		#echo $certificate | tee >(openssl x509 -noout -serial) >(openssl x509 -noout -subject) 
151 | 		for attr in subject serial fingerprint; do echo $certificate|openssl x509 -noout -$attr|tr -d ":"| tr '[:upper:]' '[:lower:]' ;done; echo ''
152 | 	done; IFS=$OLDIFS
153 | 	echo "$(ColorRed '----')"
154 | #   echo -e "$(ColorRed '#') $(ColorGreen 'Leaf Certificate Decode:')"; ColorCyanON
155 | #	echo|openssl s_client -servername $1 -connect $1:443 2>/dev/null|openssl x509 -noout -text
156 | esac
157 | #echo -ne "$(ColorRed '\n---------------------------------------------------------')\n" 
158 | 


--------------------------------------------------------------------------------
/ssl.list:
--------------------------------------------------------------------------------
1 | digitalocean.com
2 | devdojo.com
3 | google.com
4 | 


--------------------------------------------------------------------------------
/ssl_check_loop.sh:
--------------------------------------------------------------------------------
 1 | #! /bin/bash
 2 | ##
 3 | # This script loops through a list of website URLs stored in a file called 'ssl.list',
 4 | # runs the bash-ssl-checker tool on each URL, and displays the results.
 5 | ##
 6 | 
 7 | # Loop through each URL in the ssl.list file
 8 | for websiteurl in $(cat ./ssl.list) ; do
 9 |     # Print a message indicating the start of the check for the current URL
10 |     echo "Loop start for $websiteurl"
11 |     
12 |     # Run the SSL checker script on the current URL
13 |     ./ssl $websiteurl
14 |     
15 |     # Print a message indicating the end of the check for the current URL
16 |     echo "Loop end for $websiteurl"
17 | done
18 | 


--------------------------------------------------------------------------------