#!/bin/bash
#
# matts-ssl.sh v1.1
# Create by Matthew Phillips
# New versions can be downloaded from www.phillips321.co.uk
VERSION="1.2"
#
# This tool requires sslscan to be installed
#
# ChangeLog....
# Version 1.2 - Changed output to ssl_all.txt
# Version 1.1 - Added recommended ports and not connect removal
# Version 1.0 - First Release
#

#################################################################
# CHECKING FOR ROOT
#################################################################
if [ `echo -n $USER` != "root" ]
then
	echo "MESSAGE: matts-ssl.sh ${VERSION}"
	echo "MESSAGE: ERROR: Please run as root!"
	echo "MESSAGE:"
	exit 1
fi

#################################################################
# CREATING DIRECTORY
#################################################################
STARTDIR=`pwd`
mkdir "${STARTDIR}/ssl"
cd ./ssl

#################################################################
# CHECKING TO SEE IF IP OR TARGETS.TXT GIVEN
#################################################################
if [ -z ${1} ]
then
	echo "MESSAGE:"
	echo "MESSAGE: Usage: `basename ${0}` [ip_address] [port]"
	echo "MESSAGE: # `basename ${0}` 127.0.0.1 443"
	echo "MESSAGE: # `basename ${0}` targets.txt 443"
	echo "MESSAGE: if port is not given i will presume 443"
	if [ -f ../../targets.txt ]
        then
		echo "MESSAGE:"
		echo "MESSAGE: You should consider scanning the following ports:"
		cat ../*.tcp.txt | grep "ssl" | sort | uniq
		echo "MESSAGE: END OF PORT LIST"
		echo "MESSAGE:"
	fi
	exit 1
fi
if [ ${1} = "targets.txt"  ] || [ ${2} = "targets" ]
then
        TARGETIP="0"
        echo "MESSAGE: performing sslscan against targets.txt"
	#################################################################
	# CHECKING IF targets.txt file is in parent directory
	#################################################################
	if [ -f ../../targets.txt ]
	then
	        echo "MESSAGE: targets.txt file located"
	        echo "MESSAGE: Identified hosts from targets.txt"
	else
	        echo "MESSAGE: please create a targets.txt file the containing the hosts in the parent directory"
	        exit 1
	fi
else
        TARGETIP="`echo "${1}" | tr -cd '[:graph:]' | tr -d '[:alpha:]'`"
        echo "MESSAGE: performing sslscan against ${TARGETIP}"
fi
	
#################################################################
# CHECKING TO SEE IF PORT GIVEN
#################################################################
if [ -z ${2} ]
then
	TARGETPORT="443"
	echo "MESSAGE: no port given so attempting 443"
else
	TARGETPORT="`echo "${2}" | tr -cd '[:digit:]' | cut -c 1-5`"
	echo "MESSAGE: targeting port ${TARGETPORT}"
fi


#################################################################
# STARING SSLSCAN
#################################################################
case ${TARGETIP} in
	0)
		for i in `cat ../../targets.txt`
		do
			echo "MESSAGE: now sslscanning ${i} on port ${TARGETPORT}"
			sslscan --no-failed ${i}:${TARGETPORT} > ${i}_${TARGETPORT}_ssl.txt
		done
		;;
	*)
		echo "MESSAGE: now sslscanning ${TARGETIP} on port ${TARGETPORT}"
		sslscan --no-failed ${TARGETIP}:${TARGETPORT} > ${TARGETIP}_${TARGETPORT}_ssl.txt
		;;
esac

#################################################################
# DISPLAYING NICE OUTPUT OF RESULTS WITH HIGHLIGHTING
#################################################################
echo "MESSAGE: Scans finished"
read -p "MESSAGE: Press enter to see the results"
cat *_ssl.txt | grep "Testing\ SSL\|Accepted\|ERROR" > ssl__all.txt
grep -E --color=always '.*(SSLv2| 40| 56).*|' ssl__all.txt | grep -v "ERROR" | less -R
grep -E --color=always '.*(SSLv2| 40| 56).*|' ssl__all.txt | grep -v "ERROR" > ../SSL_results.txt
cd "${STARTDIR}/.."
echo "MESSAGE: Output saved to `pwd`/SSL_results.txt"
exit 0