Skip to content

Latest commit

 

History

History
44 lines (40 loc) · 1.96 KB

README.md

File metadata and controls

44 lines (40 loc) · 1.96 KB

BadSSL.com Certificate Report 🔒

Motivation

BadSSL contains many addresses with unique certificates, to test your system / browser, and make sure some of the weak certificates will be blocked.

When performing hardening on your system (Crypto policy, for example), it can be useful to make sure it's successfully applied.

Usage

Running this command in Linux Terminal / WSL is simple, no parameters are required, and it will only used built-in executables - jq, curl.

$ ./badssl-report.sh 
type                  status-code  result
expired               000          BAD
wrong.host            000          BAD
self-signed           000          BAD
untrusted-root        000          BAD
revoked               000          BAD
pinning-test          200          GOOD
no-common-name        000          BAD
no-subject            000          BAD
badssl.com            200          GOOD
sha1-intermediate     000          BAD
mixed-content         000          BAD
superfish             000          BAD
edellroot             000          BAD
dsdtestprovider       000          BAD
cbc                   200          GOOD
rc4                   000          BAD
des3                  000          BAD
null                  000          BAD
export                000          BAD
dh480                 000          BAD
dh512                 000          BAD
dh1024                000          BAD
null                  000          BAD
invalid-sni           000          BAD
client-renegotiation  000          BAD
tls-v1-2              200          GOOD
tls-v1-1              000          BAD
tls-v1                000          BAD

Notes:

  • This repository can be cloned before usage, but the script can also run independanlty, and will download the json file.