| 1 | #!/bin/bash |
| 2 | # TLS/SSL configuration tests |
| 3 | SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" |
| 4 | source "$SCRIPT_DIR/../config.sh" |
| 5 | OUT="$OUT/tls" |
| 6 | mkdir -p "$OUT" |
| 7 | |
| 8 | echo '=== TLS/SSL TESTS ===' | tee "$OUT/summary.txt" |
| 9 | |
| 10 | # Old TLS versions โ 1.0/1.1 should be rejected at handshake (000 = EXPECTED/PASS) |
| 11 | echo '--- Old TLS Versions ---' | tee -a "$OUT/summary.txt" |
| 12 | for ver in '--tls-max 1.0' '--tls-max 1.1'; do |
| 13 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 $ver "$TARGET/" 2>&1) |
| 14 | echo "[${resp}] TLS: $ver (EXPECTED 000 โ server rejects TLS<1.2 at handshake)" | tee -a "$OUT/summary.txt" |
| 15 | done |
| 16 | for ver in '--tlsv1.2' '--tlsv1.3'; do |
| 17 | resp=$(curl -sk -o /dev/null -w '%{http_code}' --max-time 10 $ver "$TARGET/" 2>&1) |
| 18 | echo "[$resp] TLS: $ver" | tee -a "$OUT/summary.txt" |
| 19 | done |
| 20 | |
| 21 | # Cipher suite check |
| 22 | echo '' | tee -a "$OUT/summary.txt" |
| 23 | echo '--- Cipher Suites ---' | tee -a "$OUT/summary.txt" |
| 24 | openssl s_client -connect pqcrypta.com:443 -cipher 'NULL' </dev/null 2>&1 | grep -E 'Cipher|error|DONE' | head -5 | tee -a "$OUT/summary.txt" || echo 'openssl NULL cipher rejected' | tee -a "$OUT/summary.txt" |
| 25 | openssl s_client -connect pqcrypta.com:443 -cipher 'RC4' </dev/null 2>&1 | grep -E 'Cipher|error|DONE' | head -5 | tee -a "$OUT/summary.txt" || echo 'openssl RC4 cipher test done' | tee -a "$OUT/summary.txt" |
| 26 | |
| 27 | # Check security headers |
| 28 | echo '' | tee -a "$OUT/summary.txt" |
| 29 | echo '--- Security Headers Check ---' | tee -a "$OUT/summary.txt" |
| 30 | curl -sk -I --max-time 10 "$TARGET/" | grep -iE 'strict-transport|x-frame|x-content-type|content-security|x-xss|permissions-policy|referrer-policy' | tee -a "$OUT/summary.txt" |
| 31 | |
| 32 | cat "$OUT/summary.txt" |
| 33 |
Script Viewer
Red Team Suite › 06_tls_ssl.sh