From 0af73c2d197b5571038cf58e223273f704afcc46 Mon Sep 17 00:00:00 2001 From: Kali Date: Thu, 5 Jan 2023 14:11:44 +0100 Subject: [PATCH] fixed DNS via Proxy --- testssl.sh | 62 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 36 insertions(+), 26 deletions(-) diff --git a/testssl.sh b/testssl.sh index 28e63ca..5041fc3 100755 --- a/testssl.sh +++ b/testssl.sh @@ -196,7 +196,7 @@ TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy -DNS_VIA_PROXY=${DNS_VIA_PROXY:-true} # do DNS lookups via proxy. --ip=proxy reverses this +DNS_VIA_PROXY=${DNS_VIA_PROXY:-false} # do DNS lookups via proxy. --ip=proxy reverses this IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket connects are reached we terminate @@ -22014,12 +22014,19 @@ display_rdns_etc() { datebanner() { local scan_time_f="" - + local node_banner="" + + if [[ -n "PROXY" ]] && $DNS_VIA_PROXY;then + node_banner="$NODE:$PORT" + else + node_banner="$NODEIP:$PORT ($NODE)" + fi + if [[ "$1" =~ Done ]] ; then scan_time_f="$(printf "%04ss" "$SCAN_TIME")" # 4 digits because of windows - pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $NODEIP:$PORT ($NODE) <<--" + pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $node_banner <<--" else - pr_reverse "$1 $(date +%F) $(date +%T) -->> $NODEIP:$PORT ($NODE) <<--" + pr_reverse "$1 $(date +%F) $(date +%T) -->> $node_banner <<--" fi outln "\n" [[ "$1" =~ Start ]] && display_rdns_etc @@ -23735,7 +23742,6 @@ lets_roll() { fi stopwatch initialized - [[ -z "$NODEIP" ]] && fatal "$NODE doesn't resolve to an IP address" $ERR_DNSLOOKUP nodeip_to_proper_ip6 reset_hostdepended_vars determine_rdns # Returns always zero or has already exited if fatal error occurred @@ -23938,26 +23944,30 @@ lets_roll() { [[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDRs and IP46ADDR is set now prepare_logging - if ! determine_ip_addresses; then - fatal "No IP address could be determined" $ERR_DNSLOOKUP - fi - if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check - MULTIPLE_CHECKS=true - pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs" - for ip in $IPADDRs; do - draw_line "-" $((TERM_WIDTH * 2 / 3)) - outln - NODEIP="$ip" - lets_roll "${STARTTLS_PROTOCOL}" - RET=$((RET + $?)) # RET value per IP address - done - draw_line "-" $((TERM_WIDTH * 2 / 3)) - outln - pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" - else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied - NODEIP="$IPADDRs" - lets_roll "${STARTTLS_PROTOCOL}" - RET=$? - fi + if [[ -n "$PROXY" ]] && $DNS_VIA_PROXY; then + NODEIP="$NODE" + lets_roll "${STARTTLS_PROTOCOL}" + RET=$? + else + determine_ip_addresses + if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check + MULTIPLE_CHECKS=true + pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs" + for ip in $IPADDRs; do + draw_line "-" $((TERM_WIDTH * 2 / 3)) + outln + NODEIP="$ip" + lets_roll "${STARTTLS_PROTOCOL}" + RET=$((RET + $?)) # RET value per IP address + done + draw_line "-" $((TERM_WIDTH * 2 / 3)) + outln + pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" + else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied + NODEIP="$IPADDRs" + lets_roll "${STARTTLS_PROTOCOL}" + RET=$? + fi + fi exit $RET