Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

- more or less desperate try to figure out the real installation path (and find the mapping file)

Browse Source 
- help extended (equal sign, logjam)
This commit is contained in:
Dirk 2015-06-02 22:13:19 +02:00
parent 312b02ac63
commit 0f5c4981cb
1 changed files with 41 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
testssl.sh
View File

@ -64,8 +64,9 @@ readonly PS4='${LINENO}: ${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
trap "cleanup" QUIT EXIT trap "cleanup" QUIT EXIT
readonly PROG_NAME=$(basename "$0") readonly PROG_NAME=$(basename "$0")
readonly PROG_DIR=$(cd "$(dirname "$0")" && pwd)/$(basename "$0")
readonly RUN_DIR=$(dirname $0) readonly RUN_DIR=$(dirname $0)
INSTALL_DIR=""
MAP_RFC_FNAME=""
which git &>/dev/null && readonly GIT_REL=$(git log --format='%h %ci' -1 2>/dev/null | awk '{ print $1" "$2" "$3 }') which git &>/dev/null && readonly GIT_REL=$(git log --format='%h %ci' -1 2>/dev/null | awk '{ print $1" "$2" "$3 }')
readonly CVS_REL=$(tail -5 $0 | awk '/dirkw Exp/ { print $4" "$5" "$6}') readonly CVS_REL=$(tail -5 $0 | awk '/dirkw Exp/ { print $4" "$5" "$6}')
@ -75,7 +76,6 @@ readonly CVS_REL_SHORT=$(tail -5 $0 | awk '/dirkw Exp/ { print $4 }')
# 0 means (normally) true here. Some of the variables are also accessible with a command line switch # 0 means (normally) true here. Some of the variables are also accessible with a command line switch
OPENSSL=${OPENSSL:-/usr/bin/openssl} OPENSSL=${OPENSSL:-/usr/bin/openssl}
MAP_RFC_FNAME=""
COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all
SHOW_LOC_CIPH=${SHOW_LOC_CIPH:-1} # will client side ciphers displayed before an individual test (makes no sense normally) SHOW_LOC_CIPH=${SHOW_LOC_CIPH:-1} # will client side ciphers displayed before an individual test (makes no sense normally)
SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested #FIXME: wrong value SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just the positively ones tested #FIXME: wrong value
@ -2924,7 +2924,7 @@ return 0
# https://www.usenix.org/conference/woot13/workshop-program/presentation/smyth # https://www.usenix.org/conference/woot13/workshop-program/presentation/smyth
# https://secure-resumption.com/tlsauth.pdf # https://secure-resumption.com/tlsauth.pdf
tls_truncation() { tls_truncation() {
#FIXME: difficult to test, is there any test available, pls let me know #FIXME: difficult to test, is there any test available: pls let me know
: :
} }
@ -2934,6 +2934,35 @@ old_fart() {
exit 3 exit 3
} }
# try very hard to determine th install path to get ahold of the mapping file
# it provides "keycode/ RFC style name", see RFCs, cipher(1), www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
get_install_dir() {
#INSTALL_DIR=$(cd "$(dirname "$0")" && pwd)/$(basename "$0")
INSTALL_DIR=$(dirname ${BASH_SOURCE[0]})
[ -r "$RUN_DIR/mapping-rfc.txt" ] && MAP_RFC_FNAME="$RUN_DIR/mapping-rfc.txt"
[ -r "$INSTALL_DIR/mapping-rfc.txt" ] && MAP_RFC_FNAME="$INSTALL_DIR/mapping-rfc.txt"
# we haven't found the mapping file yet...
if [ ! -r "$MAP_RFC_FNAME" ] && which readlink &>/dev/null ; then
readlink -f ls &>/dev/null && \
INSTALL_DIR=$(readlink -f $(basename ${BASH_SOURCE[0]})) || \
INSTALL_DIR=$(readlink $(basename ${BASH_SOURCE[0]}))
# not sure whether Darwin has -f
INSTALL_DIR=$(dirname $INSTALL_DIR)
[ -r "$INSTALL_DIR/mapping-rfc.txt" ] && MAP_RFC_FNAME="$INSTALL_DIR/mapping-rfc.txt"
fi
# still no mapping file:
if [ ! -r "$MAP_RFC_FNAME" ] && which realpath &>/dev/null ; then
INSTALL_DIR=$(dirname $(realpath ${BASH_SOURCE[0]}))
MAP_RFC_FNAME="$INSTALL_DIR/mapping-rfc.txt"
fi
[ ! -r "$MAP_RFC_FNAME" ] && pr_magentaln "No mapping file found"
debugme echo "$MAP_RFC_FNAME"
}
find_openssl_binary() { find_openssl_binary() {
# 0. check environment variable whether it's executable # 0. check environment variable whether it's executable
if [ ! -z "$OPENSSL" ] && [ ! -x "$OPENSSL" ]; then if [ ! -z "$OPENSSL" ] && [ ! -x "$OPENSSL" ]; then
@ -3011,7 +3040,7 @@ $PROG_NAME <options>
<-b|--banner> displays banner + version of $PROG_NAME <-b|--banner> displays banner + version of $PROG_NAME
<-v|--version> same as previous <-v|--version> same as previous
<-V|--local> pretty print all local ciphers <-V|--local> pretty print all local ciphers
<-V|--local> <pattern> what local cipher with <pattern> is a/v? <-V|--local> pattern what local cipher with <pattern> is a/v?
$PROG_NAME <options> URI ("$PROG_NAME URI" does everything except ciphers per proto/each cipher) $PROG_NAME <options> URI ("$PROG_NAME URI" does everything except ciphers per proto/each cipher)
@ -3032,6 +3061,7 @@ $PROG_NAME <options> URI ("$PROG_NAME URI" does everything except ciphers per
<-O|--poodle> tests for POODLE (SSL) vulnerability <-O|--poodle> tests for POODLE (SSL) vulnerability
<-F|--freak> tests for FREAK vulnerability <-F|--freak> tests for FREAK vulnerability
<-A|--beast> tests for BEAST vulnerability <-A|--beast> tests for BEAST vulnerability
<-J|--logjam> tests for LOGJAM vulnerability
<-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings <-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings
<-4|--rc4|--appelbaum> which RC4 ciphers are being offered? <-4|--rc4|--appelbaum> which RC4 ciphers are being offered?
<-H|--header|--headers> tests HSTS, HPKP, server/app banner, security headers, cookie <-H|--header|--headers> tests HSTS, HPKP, server/app banner, security headers, cookie
@ -3057,8 +3087,10 @@ tuning options:
--wide wide output for tests like RC4, BEAST. also with hexcode, kx, strength --wide wide output for tests like RC4, BEAST. also with hexcode, kx, strength
--show-each for each wide output (see --wide, -V, -x, e, -E): display all ciphers not only succeeded ones --show-each for each wide output (see --wide, -V, -x, e, -E): display all ciphers not only succeeded ones
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off|false" skips connection warning --warnings <batch|off|false> "batch" doesn't wait for keypress, "off|false" skips connection warning
--color 0: no escape or other codes, 1: b/w escape codes, 2: color (default) --color <0|1|2> 0: no escape or other codes, 1: b/w escape codes, 2: color (default)
--debug 1: screen output normal but debug output in itemp files. 2-6: see line ~60 --debug [0-6] 1: screen output normal but debug output in itemp files. 2-6: see line ~60
All options requiring a value can also be called with '=' (e.g. testssl.sh -t=smtp --color=0 --openssl=/usr/bin/openssl <URI>
Need HTML output? Just pipe through "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like Need HTML output? Just pipe through "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like
@ -3131,7 +3163,7 @@ OSSL_VER_PLATFORM: "$OSSL_VER_PLATFORM"
PATH: $PATH PATH: $PATH
PROG_NAME: $PROG_NAME PROG_NAME: $PROG_NAME
PROG_DIR: $PROG_DIR INSTALL_DIR: $INSTALL_DIR
RUN_DIR: $RUN_DIR RUN_DIR: $RUN_DIR
MAP_RFC_FNAME: $MAP_RFC_FNAME MAP_RFC_FNAME: $MAP_RFC_FNAME
@ -3807,13 +3839,9 @@ lets_roll() {
################# main ################# ################# main #################
# mapping file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1) and get_install_dir
# www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
[ -r "$RUN_DIR/mapping-rfc.txt" ] && MAP_RFC_FNAME="$RUN_DIR/mapping-rfc.txt"
[ -r "$PROG_DIR/mapping-rfc.txt" ] && MAP_RFC_FNAME="$PROG_DIR/mapping-rfc.txt"
initialize_globals initialize_globals
startup "$@" startup "$@"
find_openssl_binary find_openssl_binary
mybanner mybanner
@ -3835,6 +3863,6 @@ fi
exit $ret exit $ret
# $Id: testssl.sh,v 1.270 2015/06/02 13:59:16 dirkw Exp $ # $Id: testssl.sh,v 1.271 2015/06/02 20:12:53 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5
# ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab # ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab