mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 09:10:57 +01:00
- introduced Reverse Proxy header
- FIX for OWA header - beautfied some header funcs - fixed GET_REQ1?/HEAD_REQ1?
This commit is contained in:
parent
478b8afac7
commit
06899f3cbf
123
testssl.sh
123
testssl.sh
@ -462,7 +462,13 @@ runs_HTTP() {
|
|||||||
|
|
||||||
|
|
||||||
#problems not handled: chunked
|
#problems not handled: chunked
|
||||||
OLDhttp_header() {
|
http_header() {
|
||||||
|
local header
|
||||||
|
local -i ret
|
||||||
|
local referer useragent
|
||||||
|
local url
|
||||||
|
local redir2
|
||||||
|
|
||||||
outln; pr_blue "--> Testing HTTP header response"; outln "\n"
|
outln; pr_blue "--> Testing HTTP header response"; outln "\n"
|
||||||
|
|
||||||
[ -z "$1" ] && url="/" || url="$1"
|
[ -z "$1" ] && url="/" || url="$1"
|
||||||
@ -505,19 +511,26 @@ EOF
|
|||||||
if egrep -aq "^HTTP.1.. 301|^HTTP.1.. 302|^Location" $HEADERFILE; then
|
if egrep -aq "^HTTP.1.. 301|^HTTP.1.. 302|^Location" $HEADERFILE; then
|
||||||
redir2=$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')
|
redir2=$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')
|
||||||
outln " (got 30x to $redir2 - may be better try this URL?)\n"
|
outln " (got 30x to $redir2 - may be better try this URL?)\n"
|
||||||
fi
|
elif egrep -aq "^HTTP.1.. 401|^WWW-Authenticate" $HEADERFILE; then
|
||||||
if egrep -aq "^HTTP.1.. 401|^WWW-Authenticate" $HEADERFILE; then
|
|
||||||
outln " (got 401 / WWW-Authenticate, can't look beyond it)\n"
|
outln " (got 401 / WWW-Authenticate, can't look beyond it)\n"
|
||||||
|
elif egrep -aq "^HTTP.1.. 400 Bad Request" $HEADERFILE; then
|
||||||
|
pr_litemagentaln " (got \"400 Bad Request\": GET request was somehow wrong)\n"
|
||||||
fi
|
fi
|
||||||
[[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 2>/dev/null
|
[[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 2>/dev/null
|
||||||
|
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
http_header() {
|
#problems not handled: chunked
|
||||||
|
NEW_http_header() {
|
||||||
|
local header
|
||||||
|
local -i ret
|
||||||
|
local referer useragent
|
||||||
|
local url
|
||||||
|
local redir2
|
||||||
|
|
||||||
outln; pr_blue "--> Testing HTTP header response"; outln "\n"
|
outln; pr_blue "--> Testing HTTP header response"; outln "\n"
|
||||||
|
|
||||||
#FIXME: OWA still throws a 400!
|
|
||||||
printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO -quiet -ign_eof -connect $NODEIP:$PORT $SNI &>$HEADERFILE &
|
printf "$GET_REQ11" | $OPENSSL s_client $OPTIMAL_PROTO -quiet -ign_eof -connect $NODEIP:$PORT $SNI &>$HEADERFILE &
|
||||||
pid=$!
|
pid=$!
|
||||||
if wait_kill $pid $HEADER_MAXSLEEP; then
|
if wait_kill $pid $HEADER_MAXSLEEP; then
|
||||||
@ -539,9 +552,10 @@ http_header() {
|
|||||||
if egrep -aq "^HTTP.1.. 301|^HTTP.1.. 302|^Location" $HEADERFILE; then
|
if egrep -aq "^HTTP.1.. 301|^HTTP.1.. 302|^Location" $HEADERFILE; then
|
||||||
redir2=$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')
|
redir2=$(grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n')
|
||||||
outln " (got 30x to $redir2 - may be better try this URL?)\n"
|
outln " (got 30x to $redir2 - may be better try this URL?)\n"
|
||||||
fi
|
elif egrep -aq "^HTTP.1.. 401|^WWW-Authenticate" $HEADERFILE; then
|
||||||
if egrep -aq "^HTTP.1.. 401|^WWW-Authenticate" $HEADERFILE; then
|
|
||||||
outln " (got 401 / WWW-Authenticate, can't look beyond it)\n"
|
outln " (got 401 / WWW-Authenticate, can't look beyond it)\n"
|
||||||
|
elif egrep -aq "^HTTP.1.. 400 Bad Request" $HEADERFILE; then
|
||||||
|
pr_litemagentaln " (got \"400 Bad Request\": GET request was somehow wrong)\n"
|
||||||
fi
|
fi
|
||||||
[[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 2>/dev/null
|
[[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 2>/dev/null
|
||||||
return $ret
|
return $ret
|
||||||
@ -578,7 +592,7 @@ hsts() {
|
|||||||
pr_litegreen "$hsts_age_days days" ; out "=$hsts_age_sec s"
|
pr_litegreen "$hsts_age_days days" ; out "=$hsts_age_sec s"
|
||||||
else
|
else
|
||||||
out "$hsts_age_sec s = "
|
out "$hsts_age_sec s = "
|
||||||
pr_brown "$hsts_age_days days (<$HSTS_MIN is not good enough)"
|
pr_brown "$hsts_age_days days, <$HSTS_MIN is not good enough"
|
||||||
fi
|
fi
|
||||||
includeSubDomains "$TMPFILE"
|
includeSubDomains "$TMPFILE"
|
||||||
preload "$TMPFILE"
|
preload "$TMPFILE"
|
||||||
@ -666,12 +680,18 @@ emphasize_stuff_in_headers(){
|
|||||||
-e "s/Red Hat Enterprise Linux/"$yellow"Red Hat Enterprise Linux$off/g" \
|
-e "s/Red Hat Enterprise Linux/"$yellow"Red Hat Enterprise Linux$off/g" \
|
||||||
-e "s/Red Hat/"$yellow"Red Hat$off/g" \
|
-e "s/Red Hat/"$yellow"Red Hat$off/g" \
|
||||||
-e "s/CentOS/"$yellow"CentOS$off/g" \
|
-e "s/CentOS/"$yellow"CentOS$off/g" \
|
||||||
-e "s/X-Powered-By: ASP.NET/"$yellow"X-Powered-By: ASP.NET$off/g" \
|
-e "s/Via/"$yellow"Via$off/g" \
|
||||||
|
-e "s/X-Cache-Lookup/"$yellow"X-Cache-Lookup$off/g" \
|
||||||
|
-e "s/X-Cache/"$yellow"X-Cache$off/g" \
|
||||||
|
-e "s/X-OWA-Version/"$yellow"X-OWA-Version$off/g" \
|
||||||
|
-e "s/X-Version/"$yellow"X-Version$off/g" \
|
||||||
-e "s/X-Powered-By/"$yellow"X-Powered-By$off/g" \
|
-e "s/X-Powered-By/"$yellow"X-Powered-By$off/g" \
|
||||||
-e "s/X-AspNet-Version/"$yellow"X-AspNet-Version$off/g"
|
-e "s/X-AspNet-Version/"$yellow"X-AspNet-Version$off/g"
|
||||||
}
|
}
|
||||||
|
|
||||||
serverbanner() {
|
server_banner() {
|
||||||
|
local serverbanner
|
||||||
|
|
||||||
if [ ! -s $HEADERFILE ] ; then
|
if [ ! -s $HEADERFILE ] ; then
|
||||||
http_header "$1" || return 3
|
http_header "$1" || return 3
|
||||||
fi
|
fi
|
||||||
@ -694,37 +714,41 @@ serverbanner() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $?
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
applicationbanner() {
|
rp_banner() {
|
||||||
|
if [ ! -s $HEADERFILE ] ; then
|
||||||
|
http_header "$1" || return 3
|
||||||
|
fi
|
||||||
|
pr_bold " Reverse Proxy "
|
||||||
|
egrep -ai '^Via|^X-Cache' $HEADERFILE >$TMPFILE && \
|
||||||
|
emphasize_stuff_in_headers "$(sed 's/^/ /g' $TMPFILE | tr '\n\r' ' ')" || \
|
||||||
|
outln " --"
|
||||||
|
|
||||||
|
tmpfile_handle $FUNCNAME.txt
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
application_banner() {
|
||||||
if [ ! -s $HEADERFILE ] ; then
|
if [ ! -s $HEADERFILE ] ; then
|
||||||
http_header "$1" || return 3
|
http_header "$1" || return 3
|
||||||
fi
|
fi
|
||||||
pr_bold " Application "
|
pr_bold " Application "
|
||||||
# examples: dev.testssl.sh, php.net, asp.net , www.regonline.com
|
|
||||||
egrep -ai '^X-Powered-By|^X-AspNet-Version|^X-Version|^Liferay-Portal|^X-OWA-Version' $HEADERFILE >$TMPFILE
|
egrep -ai '^X-Powered-By|^X-AspNet-Version|^X-Version|^Liferay-Portal|^X-OWA-Version' $HEADERFILE >$TMPFILE
|
||||||
if [ $? -ne 0 ]; then
|
[ $? -ne 0 ] && \
|
||||||
outln " (no banner at \"$url\")"
|
outln " (no banner at \"$url\")" || \
|
||||||
else
|
|
||||||
#cat $TMPFILE | sed 's/^.*:/:/' | sed -e :a -e '$!N;s/\n:/ \n\ +/;ta' -e 'P;D' | sed 's/://g'
|
|
||||||
#sed 's/^/ /g' $TMPFILE | tr -t '\n\r' ' ' | sed "s/\([0-9]\)/$pr_red\1$off/g"
|
|
||||||
emphasize_stuff_in_headers "$(sed 's/^/ /g' $TMPFILE | tr '\n\r' ' ')"
|
emphasize_stuff_in_headers "$(sed 's/^/ /g' $TMPFILE | tr '\n\r' ' ')"
|
||||||
#i=0
|
|
||||||
#cat $TMPFILE | sed 's/^/ /' | while read line; do
|
|
||||||
# out "$line"
|
|
||||||
# if [[ $i -eq 0 ]] ; then
|
|
||||||
# out " "
|
|
||||||
# i=1
|
|
||||||
# fi
|
|
||||||
#done
|
|
||||||
fi
|
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $?
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
cookieflags() { # ARG1: Path, ARG2: path
|
cookie_flags() { # ARG1: Path, ARG2: path
|
||||||
|
local -i nr_cookies
|
||||||
|
local nr_httponly nr_secure
|
||||||
|
local negative_word
|
||||||
|
|
||||||
if [ ! -s $HEADERFILE ] ; then
|
if [ ! -s $HEADERFILE ] ; then
|
||||||
http_header "$1" || return 3
|
http_header "$1" || return 3
|
||||||
fi
|
fi
|
||||||
@ -760,9 +784,9 @@ cookieflags() { # ARG1: Path, ARG2: path
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
moreflags() {
|
more_flags() {
|
||||||
local good_flags2test="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP"
|
local good_flags2test="X-Frame-Options X-XSS-Protection X-Content-Type-Options Content-Security-Policy X-Content-Security-Policy X-WebKit-CSP"
|
||||||
local other_flags2test="Access-Control-Allow-Origin Via Upgrade X-Served-By"
|
local other_flags2test="Access-Control-Allow-Origin Upgrade X-Served-By"
|
||||||
local egrep_pattern=""
|
local egrep_pattern=""
|
||||||
local f2t result_str
|
local f2t result_str
|
||||||
local blanks=" "
|
local blanks=" "
|
||||||
@ -772,7 +796,7 @@ moreflags() {
|
|||||||
fi
|
fi
|
||||||
pr_bold " Security headers "
|
pr_bold " Security headers "
|
||||||
egrep_pattern=$(echo "$good_flags2test $other_flags2test"| sed -e 's/ /|\^/g' -e 's/^/\^/g') # space -> |^
|
egrep_pattern=$(echo "$good_flags2test $other_flags2test"| sed -e 's/ /|\^/g' -e 's/^/\^/g') # space -> |^
|
||||||
egrep -ai $egrep_pattern $HEADERFILE >$TMPFILE
|
egrep -ai "$egrep_pattern" $HEADERFILE >$TMPFILE
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
outln "(none at \"$url\")"
|
outln "(none at \"$url\")"
|
||||||
ret=1
|
ret=1
|
||||||
@ -3353,7 +3377,7 @@ parse_hn_port() {
|
|||||||
NODE="$1"
|
NODE="$1"
|
||||||
|
|
||||||
# strip "https" and trailing urlpath supposed it was supplied additionally
|
# strip "https" and trailing urlpath supposed it was supplied additionally
|
||||||
echo $NODE | grep -q 'https://' && NODE=$(echo $NODE | sed -e 's/https\:\/\///')
|
echo $NODE | grep -q 'https://' && NODE=$(echo $NODE | sed -e 's/^https\:\/\///')
|
||||||
|
|
||||||
# strip trailing urlpath
|
# strip trailing urlpath
|
||||||
NODE=$(echo $NODE | sed -e 's/\/.*$//')
|
NODE=$(echo $NODE | sed -e 's/\/.*$//')
|
||||||
@ -3371,11 +3395,13 @@ parse_hn_port() {
|
|||||||
# determine v4 port, supposed it was supplied additionally
|
# determine v4 port, supposed it was supplied additionally
|
||||||
echo $NODE | grep -q ':' && PORT=$(echo $NODE | sed 's/^.*\://') && NODE=$(echo $NODE | sed 's/\:.*$//')
|
echo $NODE | grep -q ':' && PORT=$(echo $NODE | sed 's/^.*\://') && NODE=$(echo $NODE | sed 's/\:.*$//')
|
||||||
fi
|
fi
|
||||||
|
debugme echo $NODE:$PORT
|
||||||
SNI="-servername $NODE"
|
SNI="-servername $NODE"
|
||||||
|
|
||||||
URL_PATH=$(echo $1 | sed 's/.*'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port
|
URL_PATH=$(echo $1 | sed 's/https:\/\///' | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port
|
||||||
URL_PATH=$(echo $URL_PATH | sed 's/\/\//\//g') # we rather want // -> /
|
URL_PATH=$(echo $URL_PATH | sed 's/\/\//\//g') # we rather want // -> /
|
||||||
[ -z "$URL_PATH" ] && URL_PATH="/"
|
[ -z "$URL_PATH" ] && URL_PATH="/"
|
||||||
|
debugme echo $URL_PATH
|
||||||
|
|
||||||
return 0 # NODE, URL_PATH, PORT is set now
|
return 0 # NODE, URL_PATH, PORT is set now
|
||||||
}
|
}
|
||||||
@ -3452,6 +3478,10 @@ determine_rdns() {
|
|||||||
|
|
||||||
# arg1: ftp smtp, pop3, imap, xmpp, telnet, ldap (maybe with trailing s)
|
# arg1: ftp smtp, pop3, imap, xmpp, telnet, ldap (maybe with trailing s)
|
||||||
determine_service() {
|
determine_service() {
|
||||||
|
local all_failed
|
||||||
|
local ua
|
||||||
|
local protocol
|
||||||
|
|
||||||
if ! fd_socket; then # check if we can connect to $NODEIP:$PORT
|
if ! fd_socket; then # check if we can connect to $NODEIP:$PORT
|
||||||
ignore_no_or_lame "Ignore? "
|
ignore_no_or_lame "Ignore? "
|
||||||
[ $? -ne 0 ] && exit 3
|
[ $? -ne 0 ] && exit 3
|
||||||
@ -3474,13 +3504,13 @@ determine_service() {
|
|||||||
ignore_no_or_lame " Note that the results might look ok but they are nonsense. Proceed ? "
|
ignore_no_or_lame " Note that the results might look ok but they are nonsense. Proceed ? "
|
||||||
[ $? -ne 0 ] && exit 3
|
[ $? -ne 0 ] && exit 3
|
||||||
fi
|
fi
|
||||||
if [ $SNEAKY -eq 0 ] ; then
|
[[ $SNEAKY -eq 0 ]] && \
|
||||||
GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $UA_SNEAKY\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
|
ua="$UA_SNEAKY" || \
|
||||||
HEAD_REQ10="HEAD $URL_PATH HTTP/1.0\r\nUser-Agent: $UA_SNEAKY\r\nAccept: text/*\r\n\r\n"
|
ua="$UA_STD"
|
||||||
else
|
GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
|
||||||
GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $UA_STD\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
|
HEAD_REQ11="HEAD $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
|
||||||
HEAD_REQ10="HEAD $URL_PATH HTTP/1.0\r\nUser-Agent: $UA_STD\r\nAccept: text/*\r\n\r\n"
|
GET_REQ10="GET $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
|
||||||
fi
|
HEAD_REQ10="HEAD $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
|
||||||
runs_HTTP $OPTIMAL_PROTO
|
runs_HTTP $OPTIMAL_PROTO
|
||||||
else
|
else
|
||||||
protocol=$(echo "$1" | sed 's/s$//') # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s), ldap(s), telnet(s)
|
protocol=$(echo "$1" | sed 's/s$//') # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s), ldap(s), telnet(s)
|
||||||
@ -3911,10 +3941,11 @@ lets_roll() {
|
|||||||
if [[ $SERVICE == "HTTP" ]]; then
|
if [[ $SERVICE == "HTTP" ]]; then
|
||||||
hsts "$URL_PATH"
|
hsts "$URL_PATH"
|
||||||
hpkp "$URL_PATH"
|
hpkp "$URL_PATH"
|
||||||
serverbanner "$URL_PATH"
|
server_banner "$URL_PATH"
|
||||||
applicationbanner "$URL_PATH"
|
application_banner "$URL_PATH"
|
||||||
cookieflags "$URL_PATH"
|
cookie_flags "$URL_PATH"
|
||||||
moreflags "$URL_PATH"
|
more_flags "$URL_PATH"
|
||||||
|
rp_banner "$URL_PATH"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -3998,6 +4029,6 @@ fi
|
|||||||
exit $ret
|
exit $ret
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.277 2015/06/16 17:53:38 dirkw Exp $
|
# $Id: testssl.sh,v 1.278 2015/06/16 21:00:46 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
# ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab
|
# ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab
|
||||||
|
Loading…
Reference in New Issue
Block a user