Fingerprint and list supported SSL Ciphersuites on a given host/port

ssl_info

#!/bin/bash
#
# Check a given host/port for supported SSL/TLS cipher suites.
# If nmap is available, do a service fingerprint on it as well
#
# This requires that you have "sslciphercheck", available here:
# http://www.pvv.ntnu.no/~josteitv/papers/ssl_vuln_code.tar.gz
#
# Usage: ssl_info <host> <port>
#

if [ -z "$2" ]; then
	echo "Usage: $0 <host> <port> [-n]" >&2
	echo
	echo "Options:"
	echo -e "\t-n:\tNo nmap Fingerprint."
	exit 1
fi

host=$1
port=$2

nmap=$(which nmap)
sslciphercheck=$(which sslciphercheck)
ciphercheck_modes="-t -2 -3"

# Check if nmap exists and is executable
if [ "$3" != "-n" -a -x "$nmap" ]; then
	echo "+ Fingerprinting host/port with nmap..." >&2

	echo -e "Host:\t\t$host" >&2
	echo -e "Port:\t\t$port" >&2

	nmap -P0 -sV $host -p $port -oG - 2>/dev/null | grep -v '^#' | awk -F '/' '{print "Service:\t" $5 "\n" "Software:\t" $7 "\n"}' >&2
fi

# Check if sslciphercheck exists and is executable
if [ -x "$sslciphercheck" ]; then
	for i in $ciphercheck_modes; do 
		case $i in
			"-t" )
			echo "+ Testing TLSv1 Ciphersuites..." >&2 ;;
			"-2" )
			echo "+ Testing SSLv2 Ciphersuites..." >&2 ;;
			"-3" )
			echo "+ Testing SSLv3 Ciphersuites..." >&2 ;;
			* )
			echo "! ERROR: Unknown mode encountered." >&2 ;;
		esac

		$sslciphercheck $i $host $port 2>/dev/null | grep -v 'NOT supported'
	done
fi