This uses NMAP scripts to look for well-known ssl and tls vulnerabilities.
#!/bin/bash
declare -i x=0
clear
echo ""
echo "#######################################"
echo "* NMAP TESTS FOR SSL/TLS *"
date +'%m/%d/%Y %r'
echo "#######################################"
echo ""
read -p "Provide site IP Address: " wanip1
echo ""
echo "----------------------------------------"
echo "(1) Connection setup bugs allowing for MITM attacks"
nmap_ccssslinj=$(nmap -p 443 --script ssl-ccs-injection $wanip1)
if [[ "{$nmap_ccssslinj}" = *VULNERABLE* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(2) Leaking of Internal IP Addresses"
nmap_intaddr=$(nmap -p 443 --script ssl-cert-intaddr $wanip1)
if [[ "{$nmap_intaddr}" = *ssl-cert-intaddr* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(3) Leaking of Remote Server Date"
nmap_ssldate=$(nmap $wanip1 --script=ssl-date)
if [[ "{$nmap_ssldate}" = *ssl-date* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(4) Use of weak Diffie-Hellman parameters"
nmap_dhcipher=$(nmap -Pn --script ssl-dh-params $wanip1)
if [[ "{$nmap_dhcipher}" = *VULNERABLE* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(5) Heartbleed: Vulnerable to OpenSSL"
nmap_heartbleed=$(nmap -Pn -p 443 --script ssl-heartbleed $wanip1)
if [[ "{$nmap_heartbleed}" = *VULNERABLE* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(6) Using a known Bad Certificate"
nmap_badcert=$(nmap -Pn -p 443 --script ssl-known-key $wanip1)
if [[ "{$nmap_badcert}" = *ssl-known-key* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(7) POODLE: Allows vulnerable VSSLv3 CBC Ciphers"
nmap_poodle=$(nmap -Pn -sV --version-light -p 443 --script ssl-poodle $wanip1)
if [[ "{$nmap_poodle}" = *VULNERABLE* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(8) SSLv2: Allows Obsolete SSLv2 Ciphers"
nmap_ssl2=$(nmap -Pn -sV -sC $wanip1)
if [[ "{$nmap_ssl2}" = *SSL2_* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo "(9) SSLv2: Ciphers Associated with DROWN Attacks"
nmap_ssl2drown=$(nmap -Pn -sV --script=sslv2-drown $wanip1)
if [[ "{$nmap_ssl2drown}" = *VULNERABLE* ]]
then
echo " * VULNERABLE: YES"
x=$(($x + 1))
else
echo " * VULNERABLE: NO"
fi
echo "----------------------------------------"
echo ""
echo "** NMAP SSL TEST COMPLETED"
echo "** Total Vulnerabilities Found: $x"
date +'%m/%d/%Y %r'
echo "#######################################"
echo ""
Sample Output:
Reference:
https://jumpnowtek.com/security/Using-nmap-to-check-certs-and-supported-algos.html
Project Puchufy 