mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
fixed DNS via Proxy
This commit is contained in:
parent
7670275e59
commit
0af73c2d19
62
testssl.sh
62
testssl.sh
@ -196,7 +196,7 @@ TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it
|
|||||||
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else
|
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else
|
||||||
EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code
|
EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code
|
||||||
PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy
|
PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy
|
||||||
DNS_VIA_PROXY=${DNS_VIA_PROXY:-true} # do DNS lookups via proxy. --ip=proxy reverses this
|
DNS_VIA_PROXY=${DNS_VIA_PROXY:-false} # do DNS lookups via proxy. --ip=proxy reverses this
|
||||||
IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out
|
IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out
|
||||||
HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header
|
HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header
|
||||||
MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket connects are reached we terminate
|
MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket connects are reached we terminate
|
||||||
@ -22014,12 +22014,19 @@ display_rdns_etc() {
|
|||||||
|
|
||||||
datebanner() {
|
datebanner() {
|
||||||
local scan_time_f=""
|
local scan_time_f=""
|
||||||
|
local node_banner=""
|
||||||
|
|
||||||
|
if [[ -n "PROXY" ]] && $DNS_VIA_PROXY;then
|
||||||
|
node_banner="$NODE:$PORT"
|
||||||
|
else
|
||||||
|
node_banner="$NODEIP:$PORT ($NODE)"
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ "$1" =~ Done ]] ; then
|
if [[ "$1" =~ Done ]] ; then
|
||||||
scan_time_f="$(printf "%04ss" "$SCAN_TIME")" # 4 digits because of windows
|
scan_time_f="$(printf "%04ss" "$SCAN_TIME")" # 4 digits because of windows
|
||||||
pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $NODEIP:$PORT ($NODE) <<--"
|
pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $node_banner <<--"
|
||||||
else
|
else
|
||||||
pr_reverse "$1 $(date +%F) $(date +%T) -->> $NODEIP:$PORT ($NODE) <<--"
|
pr_reverse "$1 $(date +%F) $(date +%T) -->> $node_banner <<--"
|
||||||
fi
|
fi
|
||||||
outln "\n"
|
outln "\n"
|
||||||
[[ "$1" =~ Start ]] && display_rdns_etc
|
[[ "$1" =~ Start ]] && display_rdns_etc
|
||||||
@ -23735,7 +23742,6 @@ lets_roll() {
|
|||||||
fi
|
fi
|
||||||
stopwatch initialized
|
stopwatch initialized
|
||||||
|
|
||||||
[[ -z "$NODEIP" ]] && fatal "$NODE doesn't resolve to an IP address" $ERR_DNSLOOKUP
|
|
||||||
nodeip_to_proper_ip6
|
nodeip_to_proper_ip6
|
||||||
reset_hostdepended_vars
|
reset_hostdepended_vars
|
||||||
determine_rdns # Returns always zero or has already exited if fatal error occurred
|
determine_rdns # Returns always zero or has already exited if fatal error occurred
|
||||||
@ -23938,26 +23944,30 @@ lets_roll() {
|
|||||||
[[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDRs and IP46ADDR is set now
|
[[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDRs and IP46ADDR is set now
|
||||||
prepare_logging
|
prepare_logging
|
||||||
|
|
||||||
if ! determine_ip_addresses; then
|
if [[ -n "$PROXY" ]] && $DNS_VIA_PROXY; then
|
||||||
fatal "No IP address could be determined" $ERR_DNSLOOKUP
|
NODEIP="$NODE"
|
||||||
fi
|
lets_roll "${STARTTLS_PROTOCOL}"
|
||||||
if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check
|
RET=$?
|
||||||
MULTIPLE_CHECKS=true
|
else
|
||||||
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
|
determine_ip_addresses
|
||||||
for ip in $IPADDRs; do
|
if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check
|
||||||
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
MULTIPLE_CHECKS=true
|
||||||
outln
|
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
|
||||||
NODEIP="$ip"
|
for ip in $IPADDRs; do
|
||||||
lets_roll "${STARTTLS_PROTOCOL}"
|
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
||||||
RET=$((RET + $?)) # RET value per IP address
|
outln
|
||||||
done
|
NODEIP="$ip"
|
||||||
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
lets_roll "${STARTTLS_PROTOCOL}"
|
||||||
outln
|
RET=$((RET + $?)) # RET value per IP address
|
||||||
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
|
done
|
||||||
else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied
|
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
||||||
NODEIP="$IPADDRs"
|
outln
|
||||||
lets_roll "${STARTTLS_PROTOCOL}"
|
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
|
||||||
RET=$?
|
else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied
|
||||||
fi
|
NODEIP="$IPADDRs"
|
||||||
|
lets_roll "${STARTTLS_PROTOCOL}"
|
||||||
|
RET=$?
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
exit $RET
|
exit $RET
|
||||||
|
Loading…
Reference in New Issue
Block a user