From 04463784a89812fbf5f40945daa9abd2d0f17dc6 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 14 May 2022 12:06:09 +0200 Subject: [PATCH] Fix censys link in DROWN section See #2127. the line seems very long though. Note: this was previously commited as #2184 but as there were two mistakes and one other thing which could be improved I decided to make a hard reset. Apologize if it caused inconvenience. --- t/32_isHTML_valid.t | 2 +- t/baseline_data/default_testssl.csvfile | 2 +- testssl.sh | 16 +++++++++------- 3 files changed, 11 insertions(+), 9 deletions(-) diff --git a/t/32_isHTML_valid.t b/t/32_isHTML_valid.t index dd1e47d..becef33 100755 --- a/t/32_isHTML_valid.t +++ b/t/32_isHTML_valid.t @@ -35,7 +35,7 @@ unlink 'tmp.html'; # Remove the HTML footer $edited_html =~ s/\n\<\/pre\>\n\<\/body\>\n\<\/html\>//; # Remove any hypertext links for URLs -$edited_html =~ s///g; +$edited_html =~ s///g; $edited_html =~ s/<\/a>//g; # Replace escaped characters with their original text diff --git a/t/baseline_data/default_testssl.csvfile b/t/baseline_data/default_testssl.csvfile index fd45dd0..86c7bbe 100644 --- a/t/baseline_data/default_testssl.csvfile +++ b/t/baseline_data/default_testssl.csvfile @@ -91,7 +91,7 @@ "SWEET32","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327" "FREAK","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2015-0204","CWE-310" "DROWN","testssl.sh/81.169.166.184","443","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310" -"DROWN_hint","testssl.sh/81.169.166.184","443","INFO","Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=317383D12511E625564E8C850DD7494CAC6903ECAD7394055A5D3FB5E6EFB402","CVE-2016-0800 CVE-2016-0703","CWE-310" +"DROWN_hint","testssl.sh/81.169.166.184","443","INFO","Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&sort=RELEVANCE&virtual_hosts=INCLUDE&?q=31B44391529821C6A77F3C78B02D716A07F99B8FDB342BF5A78F263C25375968","CVE-2016-0800 CVE-2016-0703","CWE-310" "LOGJAM","testssl.sh/81.169.166.184","443","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310" "LOGJAM-common_primes","testssl.sh/81.169.166.184","443","OK","--","CVE-2015-4000","CWE-310" "BEAST_CBC_TLS1","testssl.sh/81.169.166.184","443","MEDIUM","ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA","CVE-2011-3389","CWE-20" diff --git a/testssl.sh b/testssl.sh index 38ba090..2c1900f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -17802,6 +17802,7 @@ run_drown() { local cwe="CWE-310" local hint="" local jsonID="DROWN" + local censys_host_url="https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE" if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln @@ -17827,6 +17828,7 @@ run_drown() { return 1 fi + censys_host_url="$censys_host_url&q=$cert_fingerprint_sha2" if [[ $(has_server_protocol ssl2) -ne 1 ]]; then sslv2_sockets else @@ -17849,26 +17851,26 @@ run_drown() { nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) if [[ 0 -eq "$nr_ciphers_detected" ]]; then prln_svrty_high "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)"; - fileout "$jsonID" "HIGH" "SSLv2 offered, but could not detect a cipher. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve CVE-2015-3197" "$cwe" "$hint" + fileout "$jsonID" "HIGH" "SSLv2 offered, but could not detect a cipher. Make sure you don't use this certificate elsewhere, see $censys_host_url" "$cve CVE-2015-3197" "$cwe" "$hint" else prln_svrty_critical "VULNERABLE (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"; - fileout "$jsonID" "CRITICAL" "VULNERABLE, SSLv2 offered with $nr_ciphers_detected ciphers. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve" "$cwe" "$hint" + fileout "$jsonID" "CRITICAL" "VULNERABLE, SSLv2 offered with $nr_ciphers_detected ciphers. Make sure you don't use this certificate elsewhere, see $censys_host_url" "$cve" "$cwe" "$hint" set_grade_cap "F" "Vulnerable to DROWN" fi outln "$spaces Make sure you don't use this certificate elsewhere, see:" out "$spaces " - pr_url "https://censys.io/ipv4?q=$cert_fingerprint_sha2" + pr_url "$censys_host_url" outln fi ;; *) prln_svrty_best "not vulnerable on this host and port (OK)" fileout "$jsonID" "OK" "not vulnerable on this host and port" "$cve" "$cwe" if [[ -n "$cert_fingerprint_sha2" ]]; then - outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services" + outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services, see" out "$spaces " - pr_url "https://censys.io/ipv4?q=$cert_fingerprint_sha2" - outln " could help you to find out" - fileout "${jsonID}_hint" "INFO" "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve" "$cwe" + pr_url "$censys_host_url" + outln + fileout "${jsonID}_hint" "INFO" "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see $censys_host_url" "$cve" "$cwe" else outln "$spaces no RSA certificate, thus certificate can't be used with SSLv2 elsewhere" fileout "${jsonID}_hint" "INFO" "no RSA certificate, can't be used with SSLv2 elsewhere" "$cve" "$cwe"