Merge branch 'master' into client_sim_sockets
Conflicts: testssl.sh
This commit is contained in:
commit
0e58e272f8
68
testssl.sh
68
testssl.sh
|
@ -125,9 +125,9 @@ tty -s && \
|
||||||
readonly INTERACTIVE=false
|
readonly INTERACTIVE=false
|
||||||
|
|
||||||
if ! tput cols &>/dev/null || ! $INTERACTIVE; then # Prevent tput errors if running non interactive
|
if ! tput cols &>/dev/null || ! $INTERACTIVE; then # Prevent tput errors if running non interactive
|
||||||
TERM_DWITH=${COLUMNS:-80}
|
TERM_WIDTH=${COLUMNS:-80}
|
||||||
else
|
else
|
||||||
TERM_DWITH=${COLUMNS:-$(tput cols)} # for custom line wrapping and dashes
|
TERM_WIDTH=${COLUMNS:-$(tput cols)} # for custom line wrapping and dashes
|
||||||
fi
|
fi
|
||||||
TERM_CURRPOS=0 # custom line wrapping needs alter the current horizontal cursor pos
|
TERM_CURRPOS=0 # custom line wrapping needs alter the current horizontal cursor pos
|
||||||
|
|
||||||
|
@ -2483,6 +2483,7 @@ run_client_simulation() {
|
||||||
else
|
else
|
||||||
#FIXME: awk
|
#FIXME: awk
|
||||||
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
||||||
|
[[ "$proto" == TLSv1 ]] && proto="TLSv1.0"
|
||||||
if [[ "$proto" == TLSv1.2 ]] && ( ! $using_sockets || [[ -z "${handshakebytes[i]}" ]] ); then
|
if [[ "$proto" == TLSv1.2 ]] && ( ! $using_sockets || [[ -z "${handshakebytes[i]}" ]] ); then
|
||||||
# OpenSSL reports TLS1.2 even if the connection is TLS1.1 or TLS1.0. Need to figure out which one it is...
|
# OpenSSL reports TLS1.2 even if the connection is TLS1.1 or TLS1.0. Need to figure out which one it is...
|
||||||
for tls in ${tlsvers[i]}; do
|
for tls in ${tlsvers[i]}; do
|
||||||
|
@ -6495,7 +6496,7 @@ MAPPING_FILE_RFC: $MAPPING_FILE_RFC
|
||||||
CAPATH: $CAPATH
|
CAPATH: $CAPATH
|
||||||
COLOR: $COLOR
|
COLOR: $COLOR
|
||||||
COLORBLIND: $COLORBLIND
|
COLORBLIND: $COLORBLIND
|
||||||
TERM_DWITH: $TERM_DWITH
|
TERM_WIDTH: $TERM_WIDTH
|
||||||
INTERACTIVE: $INTERACTIVE
|
INTERACTIVE: $INTERACTIVE
|
||||||
HAS_GNUDATE: $HAS_GNUDATE
|
HAS_GNUDATE: $HAS_GNUDATE
|
||||||
HAS_FREEBSDDATE: $HAS_FREEBSDDATE
|
HAS_FREEBSDDATE: $HAS_FREEBSDDATE
|
||||||
|
@ -6652,7 +6653,6 @@ ignore_no_or_lame() {
|
||||||
}
|
}
|
||||||
|
|
||||||
# arg1: URI
|
# arg1: URI
|
||||||
# arg2: protocol
|
|
||||||
parse_hn_port() {
|
parse_hn_port() {
|
||||||
local tmp_port
|
local tmp_port
|
||||||
|
|
||||||
|
@ -6685,13 +6685,27 @@ parse_hn_port() {
|
||||||
debugme echo $NODE:$PORT
|
debugme echo $NODE:$PORT
|
||||||
SNI="-servername $NODE"
|
SNI="-servername $NODE"
|
||||||
|
|
||||||
# now do logging if instructed
|
URL_PATH=$(echo "$1" | sed 's/https:\/\///' | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port
|
||||||
|
URL_PATH=$(echo "$URL_PATH" | sed 's/\/\//\//g') # we rather want // -> /
|
||||||
|
[[ -z "$URL_PATH" ]] && URL_PATH="/"
|
||||||
|
debugme echo $URL_PATH
|
||||||
|
return 0 # NODE, URL_PATH, PORT is set now
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# now do logging if instructed
|
||||||
|
# arg1: for testing mx records name we put a name of logfile in here, otherwise we get strange file names
|
||||||
|
prepare_logging() {
|
||||||
|
local fname_prefix="$1"
|
||||||
|
|
||||||
|
[[ -z "$fname_prefix" ]] && fname_prefix="$NODE"
|
||||||
|
|
||||||
if "$do_logging"; then
|
if "$do_logging"; then
|
||||||
if [[ -z "$LOGFILE" ]]; then
|
if [[ -z "$LOGFILE" ]]; then
|
||||||
LOGFILE=$NODE-$(date +"%Y%m%d-%H%M".log)
|
LOGFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".log)
|
||||||
elif [[ -d "$LOGFILE" ]]; then
|
elif [[ -d "$LOGFILE" ]]; then
|
||||||
# actually we were instructed to place all files in a DIR instead of the current working dir
|
# actually we were instructed to place all files in a DIR instead of the current working dir
|
||||||
LOGFILE=$LOGFILE/$NODE-$(date +"%Y%m%d-%H%M".log)
|
LOGFILE=$LOGFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".log)
|
||||||
else
|
else
|
||||||
: # just for clarity: a log file was specified, no need to do anything else
|
: # just for clarity: a log file was specified, no need to do anything else
|
||||||
fi
|
fi
|
||||||
|
@ -6705,29 +6719,23 @@ parse_hn_port() {
|
||||||
|
|
||||||
if "$do_json"; then
|
if "$do_json"; then
|
||||||
if [[ -z "$JSONFILE" ]]; then
|
if [[ -z "$JSONFILE" ]]; then
|
||||||
JSONFILE=$NODE-$(date +"%Y%m%d-%H%M".json)
|
JSONFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".json)
|
||||||
elif [[ -d "$JSONFILE" ]]; then
|
elif [[ -d "$JSONFILE" ]]; then
|
||||||
# actually we were instructed to place all files in a DIR instead of the current working dir
|
# actually we were instructed to place all files in a DIR instead of the current working dir
|
||||||
JSONFILE=$JSONFILE/$NODE-$(date +"%Y%m%d-%H%M".json)
|
JSONFILE=$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json)
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if "$do_csv"; then
|
if "$do_csv"; then
|
||||||
if [[ -z "$CSVFILE" ]]; then
|
if [[ -z "$CSVFILE" ]]; then
|
||||||
CSVFILE=$NODE-$(date +"%Y%m%d-%H%M".csv)
|
CSVFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
|
||||||
elif [[ -d "$CSVFILE" ]]; then
|
elif [[ -d "$CSVFILE" ]]; then
|
||||||
# actually we were instructed to place all files in a DIR instead of the current working dir
|
# actually we were instructed to place all files in a DIR instead of the current working dir
|
||||||
CSVFILE=$CSVFILE/$NODE-$(date +"%Y%m%d-%H%M".csv)
|
CSVFILE=$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
fileout_header # write out any CSV/JSON header line
|
fileout_header # write out any CSV/JSON header line
|
||||||
|
|
||||||
URL_PATH=$(echo "$1" | sed 's/https:\/\///' | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port
|
return 0
|
||||||
URL_PATH=$(echo "$URL_PATH" | sed 's/\/\//\//g') # we rather want // -> /
|
|
||||||
[[ -z "$URL_PATH" ]] && URL_PATH="/"
|
|
||||||
debugme echo $URL_PATH
|
|
||||||
return 0 # NODE, URL_PATH, PORT is set now
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -7166,7 +7174,7 @@ draw_line() {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
mx_all_ips() {
|
run_mx_all_ips() {
|
||||||
local mxs mx
|
local mxs mx
|
||||||
local mxport
|
local mxport
|
||||||
local -i ret=0
|
local -i ret=0
|
||||||
|
@ -7176,12 +7184,17 @@ mx_all_ips() {
|
||||||
# test first higher priority servers
|
# test first higher priority servers
|
||||||
mxs=$(get_mx_record "$1" | sort -n | sed -e 's/^.* //' -e 's/\.$//' | tr '\n' ' ')
|
mxs=$(get_mx_record "$1" | sort -n | sed -e 's/^.* //' -e 's/\.$//' | tr '\n' ' ')
|
||||||
mxport=${2:-25}
|
mxport=${2:-25}
|
||||||
|
if [[ -n "$LOGFILE" ]]; then
|
||||||
|
prepare_logging
|
||||||
|
else
|
||||||
|
prepare_logging "mx-$1"
|
||||||
|
fi
|
||||||
if [[ -n "$mxs" ]] && [[ "$mxs" != ' ' ]]; then
|
if [[ -n "$mxs" ]] && [[ "$mxs" != ' ' ]]; then
|
||||||
[[ $mxport == "465" ]] && \
|
[[ $mxport == "465" ]] && \
|
||||||
STARTTLS_PROTOCOL="" # no starttls for Port 465, on all other ports we speak starttls
|
STARTTLS_PROTOCOL="" # no starttls for Port 465, on all other ports we speak starttls
|
||||||
pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs"
|
pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs"
|
||||||
for mx in $mxs; do
|
for mx in $mxs; do
|
||||||
draw_line "-" $((TERM_DWITH * 2 / 3))
|
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
||||||
outln
|
outln
|
||||||
parse_hn_port "$mx:$mxport"
|
parse_hn_port "$mx:$mxport"
|
||||||
determine_ip_addresses || continue
|
determine_ip_addresses || continue
|
||||||
|
@ -7197,7 +7210,7 @@ mx_all_ips() {
|
||||||
fi
|
fi
|
||||||
ret=$(($? + ret))
|
ret=$(($? + ret))
|
||||||
done
|
done
|
||||||
draw_line "-" $((TERM_DWITH * 2 / 3))
|
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
||||||
outln
|
outln
|
||||||
pr_bold "Done testing now all MX records (on port $mxport): "; outln "$mxs"
|
pr_bold "Done testing now all MX records (on port $mxport): "; outln "$mxs"
|
||||||
else
|
else
|
||||||
|
@ -7223,7 +7236,7 @@ run_mass_testing_parallel() {
|
||||||
[[ -z "$cmdline" ]] && continue
|
[[ -z "$cmdline" ]] && continue
|
||||||
[[ "$cmdline" == "EOF" ]] && break
|
[[ "$cmdline" == "EOF" ]] && break
|
||||||
cmdline="$0 $global_cmdline --warnings=batch -q $cmdline"
|
cmdline="$0 $global_cmdline --warnings=batch -q $cmdline"
|
||||||
draw_line "=" $((TERM_DWITH / 2)); outln;
|
draw_line "=" $((TERM_WIDTH / 2)); outln;
|
||||||
determine_logfile
|
determine_logfile
|
||||||
outln "$cmdline"
|
outln "$cmdline"
|
||||||
$cmdline >$LOGFILE &
|
$cmdline >$LOGFILE &
|
||||||
|
@ -7248,7 +7261,7 @@ run_mass_testing() {
|
||||||
[[ -z "$cmdline" ]] && continue
|
[[ -z "$cmdline" ]] && continue
|
||||||
[[ "$cmdline" == "EOF" ]] && break
|
[[ "$cmdline" == "EOF" ]] && break
|
||||||
cmdline="$0 $global_cmdline --warnings=batch -q --append $cmdline"
|
cmdline="$0 $global_cmdline --warnings=batch -q --append $cmdline"
|
||||||
draw_line "=" $((TERM_DWITH / 2)); outln;
|
draw_line "=" $((TERM_WIDTH / 2)); outln;
|
||||||
outln "$cmdline"
|
outln "$cmdline"
|
||||||
$cmdline
|
$cmdline
|
||||||
done < "${FNAME}"
|
done < "${FNAME}"
|
||||||
|
@ -7803,10 +7816,11 @@ fi
|
||||||
if $do_mx_all_ips; then
|
if $do_mx_all_ips; then
|
||||||
query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified
|
query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified
|
||||||
[[ $? -eq 1 ]] && set_scanning_defaults
|
[[ $? -eq 1 ]] && set_scanning_defaults
|
||||||
mx_all_ips "${URI}" $PORT
|
run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have sililar code
|
||||||
ret=$?
|
ret=$?
|
||||||
else
|
else
|
||||||
parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now
|
parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now
|
||||||
|
prepare_logging
|
||||||
if ! determine_ip_addresses && [[ -z "$CMDLINE_IP" ]]; then
|
if ! determine_ip_addresses && [[ -z "$CMDLINE_IP" ]]; then
|
||||||
fatal "No IP address could be determined"
|
fatal "No IP address could be determined"
|
||||||
fi
|
fi
|
||||||
|
@ -7820,13 +7834,13 @@ else
|
||||||
if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check
|
if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check
|
||||||
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
|
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
|
||||||
for ip in $IPADDRs; do
|
for ip in $IPADDRs; do
|
||||||
draw_line "-" $((TERM_DWITH * 2 / 3))
|
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
||||||
outln
|
outln
|
||||||
NODEIP="$ip"
|
NODEIP="$ip"
|
||||||
lets_roll "${STARTTLS_PROTOCOL}"
|
lets_roll "${STARTTLS_PROTOCOL}"
|
||||||
ret=$(($? + ret))
|
ret=$(($? + ret))
|
||||||
done
|
done
|
||||||
draw_line "-" $((TERM_DWITH * 2 / 3))
|
draw_line "-" $((TERM_WIDTH * 2 / 3))
|
||||||
outln
|
outln
|
||||||
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
|
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
|
||||||
else # we need just one ip4v to check
|
else # we need just one ip4v to check
|
||||||
|
@ -7840,4 +7854,4 @@ fi
|
||||||
exit $?
|
exit $?
|
||||||
|
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.505 2016/06/23 12:33:25 dirkw Exp $
|
# $Id: testssl.sh,v 1.507 2016/06/24 17:00:58 dirkw Exp $
|
||||||
|
|
Loading…
Reference in New Issue