From 29d6cbc1258b5d4538566d62f0d6fc47dc54de5b Mon Sep 17 00:00:00 2001 From: AlGreed Date: Sat, 28 Jan 2017 07:17:58 +0100 Subject: [PATCH 1/5] Added support of multiple servers to json-pretty format; added fileout for smtp --- testssl.sh | 68 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 30 deletions(-) diff --git a/testssl.sh b/testssl.sh index f70c699..719521f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -270,6 +270,8 @@ HEX_CIPHER="" HEXDUMP=(hexdump -ve '16/1 "%02x " " \n"') # This is used to analyze the reply HEXDUMPPLAIN=(hexdump -ve '1/1 "%.2x"') # Replaces both xxd -p and tr -cd '[:print:]' +SERVER_COUNTER=0 # Counter for multiple servers + #################### SEVERITY #################### INFO=0 OK=0 @@ -712,14 +714,12 @@ fileout_pretty_json_header() { \"target host\" : \"$NODE\", \"port\" : \"$PORT\", \"startTime\" : \"$START_TIME\", - \"scanResult\" : { - " + \"scanResult\" : [" } fileout_pretty_json_footer() { local scan_time=$((END_TIME - START_TIME)) - echo -e " }, - \"ip\" : \"$NODEIP\", + echo -e " ], \"scanTime\" : \"$scan_time\"\n}" } @@ -730,39 +730,36 @@ fileout_json_header() { fileout_json_footer() { "$do_json" && printf "]\n" >> "$JSONFILE" - "$do_pretty_json" && (printf "\n%s" "$(fileout_pretty_json_footer)") >> "$JSONFILE" + "$do_pretty_json" && (printf "$(fileout_pretty_json_footer)") >> "$JSONFILE" } fileout_json_section() { case $1 in 1) - echo -e " \"service\" : [" + echo -e " \"protocols\" : [" ;; 2) - echo -e ",\n \"protocols\" : [" - ;; - 3) echo -e ",\n \"ciphers\" : [" ;; - 4) + 3) echo -e ",\n \"pfs\" : [" ;; - 5) + 4) echo -e ",\n \"serverPreferences\" : [" ;; - 6) + 5) echo -e ",\n \"serverDefaults\" : [" ;; - 7) + 6) echo -e ",\n \"headerResponse\" : [" ;; - 8) + 7) echo -e ",\n \"vulnerabilities\" : [" ;; - 9) + 8) echo -e ",\n \"cipherTests\" : [" ;; - 10) + 9) echo -e ",\n \"browserSimulations\": [" ;; *) @@ -773,12 +770,13 @@ fileout_json_section() { fileout_section_header(){ local str="" - $2 && str="$(fileout_section_footer)" + $2 && str="$(fileout_section_footer false)" "$do_pretty_json" && FIRST_FINDING=true && (printf "%s%s\n" "$str" "$(fileout_json_section "$1")") >> "$JSONFILE" } -fileout_section_footer() { +fileout_section_footer() { # IS_THE_LAST_ONE "$do_pretty_json" && printf "\n ]" >> "$JSONFILE" + "$do_pretty_json" && $1 && echo -e "\n }" >> "$JSONFILE" } fileout_json_print_parameter() { @@ -816,15 +814,24 @@ fileout_json_finding() { echo -e "\n }" >> "$JSONFILE" fi if "$do_pretty_json"; then - ("$FIRST_FINDING" && echo -n " {" >> "$JSONFILE") || echo -n ",{" >> "$JSONFILE" - echo -e -n "\n" >> "$JSONFILE" - fileout_json_print_parameter "id" " " "$1" true - fileout_json_print_parameter "severity" " " "$2" true - fileout_json_print_parameter "cve" " " "$cve" true - fileout_json_print_parameter "cwe" " " "$cwe" true - "$GIVE_HINTS" && fileout_json_print_parameter "hint" " " "$hint" true - fileout_json_print_parameter "finding" " " "$finding" false - echo -e -n "\n }" >> "$JSONFILE" + if [[ "$1" == "service" ]]; then + if [[ $SERVER_COUNTER -gt 1 ]]; then + echo " ," >> "$JSONFILE" + fi + echo -e " { + \"service\" : \"$finding\", + \"ip\" : \"$NODEIP\"," >> "$JSONFILE" + else + ("$FIRST_FINDING" && echo -n " {" >> "$JSONFILE") || echo -n ",{" >> "$JSONFILE" + echo -e -n "\n" >> "$JSONFILE" + fileout_json_print_parameter "id" " " "$1" true + fileout_json_print_parameter "severity" " " "$2" true + fileout_json_print_parameter "cve" " " "$cve" true + fileout_json_print_parameter "cwe" " " "$cwe" true + "$GIVE_HINTS" && fileout_json_print_parameter "hint" " " "$hint" true + fileout_json_print_parameter "finding" " " "$finding" false + echo -e -n "\n }" >> "$JSONFILE" + fi fi } @@ -11653,6 +11660,7 @@ determine_service() { fi grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190 out " Service set:$CORRECT_SPACES STARTTLS via " + fileout "service" "INFO" "Service detected: $protocol" toupper "$protocol" [[ -n "$XMPP_HOST" ]] && echo -n " (XMPP domain=\'$XMPP_HOST\')" outln @@ -12292,7 +12300,7 @@ lets_roll() { START_TIME=$(date +%s) - fileout_section_header $section_number false && ((section_number++)) + ((SERVER_COUNTER++)) determine_service "$1" # any starttls service goes here $do_tls_sockets && [[ $TLS_LOW_BYTE -eq 22 ]] && { sslv2_sockets "" "true"; echo "$?" ; exit 0; } @@ -12300,7 +12308,7 @@ lets_roll() { $do_test_just_one && test_just_one ${single_cipher} # all top level functions now following have the prefix "run_" - fileout_section_header $section_number true && ((section_number++)) + fileout_section_header $section_number false && ((section_number++)) $do_protocols && { run_protocols; ret=$(($? + ret)); } $do_spdy && { run_spdy; ret=$(($? + ret)); } $do_http2 && { run_http2; ret=$(($? + ret)); } @@ -12362,7 +12370,7 @@ lets_roll() { fileout_section_header $section_number true && ((section_number++)) $do_client_simulation && { run_client_simulation; ret=$(($? + ret)); } - fileout_section_footer + fileout_section_footer true outln END_TIME=$(date +%s) From 04c653646ed0851a066384911a349a3421c2a444 Mon Sep 17 00:00:00 2001 From: AlGreed Date: Sat, 28 Jan 2017 07:54:58 +0100 Subject: [PATCH 2/5] ... --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 719521f..bc2084b 100755 --- a/testssl.sh +++ b/testssl.sh @@ -725,7 +725,7 @@ fileout_pretty_json_footer() { fileout_json_header() { "$do_json" && printf "[\n" > "$JSONFILE" - "$do_pretty_json" && (printf "{\n%s" "$(fileout_pretty_json_header)") > "$JSONFILE" + "$do_pretty_json" && (printf "{\n%s\n" "$(fileout_pretty_json_header)") > "$JSONFILE" } fileout_json_footer() { From fcd208b2c904410d575457bc17dadfeb6e9f69f4 Mon Sep 17 00:00:00 2001 From: AlGreed Date: Sat, 28 Jan 2017 08:09:02 +0100 Subject: [PATCH 3/5] ... --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index bc2084b..62c1df8 100755 --- a/testssl.sh +++ b/testssl.sh @@ -11660,7 +11660,7 @@ determine_service() { fi grep -q '^Server Temp Key' $TMPFILE && HAS_DH_BITS=true # FIX #190 out " Service set:$CORRECT_SPACES STARTTLS via " - fileout "service" "INFO" "Service detected: $protocol" + fileout "service" "INFO" "$protocol" toupper "$protocol" [[ -n "$XMPP_HOST" ]] && echo -n " (XMPP domain=\'$XMPP_HOST\')" outln From f07c723d59fb5cbd4cdcc7976080724e98423ed9 Mon Sep 17 00:00:00 2001 From: AlGreed Date: Sat, 28 Jan 2017 18:11:39 +0100 Subject: [PATCH 4/5] added mx hostname for json-pretty output --- testssl.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 62c1df8..a7b1268 100755 --- a/testssl.sh +++ b/testssl.sh @@ -271,6 +271,7 @@ HEXDUMP=(hexdump -ve '16/1 "%02x " " \n"') # This is used to analyze the reply HEXDUMPPLAIN=(hexdump -ve '1/1 "%.2x"') # Replaces both xxd -p and tr -cd '[:print:]' SERVER_COUNTER=0 # Counter for multiple servers +MX_HOSTNAME="" # MX hostname #################### SEVERITY #################### INFO=0 @@ -706,12 +707,14 @@ strip_quote() { #################### JSON FILE FORMATING #################### fileout_pretty_json_header() { START_TIME=$(date +%s) + target="$NODE" + $do_mx_all_ips && target="$URI" echo -e " \"Invocation\" : \"$PROG_NAME $CMDLINE\", \"at\" : \"$HNAME:$OPENSSL_LOCATION\", \"version\" : \"$VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE\", \"openssl\" : \"$OSSL_VER from $OSSL_BUILD_DATE\", - \"target host\" : \"$NODE\", + \"target host\" : \"$target\", \"port\" : \"$PORT\", \"startTime\" : \"$START_TIME\", \"scanResult\" : [" @@ -736,7 +739,7 @@ fileout_json_footer() { fileout_json_section() { case $1 in 1) - echo -e " \"protocols\" : [" + echo -e " \"protocols\" : [" ;; 2) echo -e ",\n \"ciphers\" : [" @@ -821,6 +824,7 @@ fileout_json_finding() { echo -e " { \"service\" : \"$finding\", \"ip\" : \"$NODEIP\"," >> "$JSONFILE" + $do_mx_all_ips && echo -e " \"hostname\" : \"$MX_HOSTNAME\"," >> "$JSONFILE" else ("$FIRST_FINDING" && echo -n " {" >> "$JSONFILE") || echo -n ",{" >> "$JSONFILE" echo -e -n "\n" >> "$JSONFILE" @@ -11739,6 +11743,7 @@ run_mx_all_ips() { STARTTLS_PROTOCOL="" # no starttls for Port 465, on all other ports we speak starttls pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs" for mx in $mxs; do + MX_HOSTNAME=$mx draw_line "-" $((TERM_WIDTH * 2 / 3)) outln parse_hn_port "$mx:$mxport" From a7dff8316029279474abc6e95be48bca874e71d1 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sun, 29 Jan 2017 10:46:35 +0100 Subject: [PATCH 5/5] $NODE is fine, removing $MX_HOSTNAME, #603 --- testssl.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/testssl.sh b/testssl.sh index a7b1268..936f185 100755 --- a/testssl.sh +++ b/testssl.sh @@ -271,7 +271,6 @@ HEXDUMP=(hexdump -ve '16/1 "%02x " " \n"') # This is used to analyze the reply HEXDUMPPLAIN=(hexdump -ve '1/1 "%.2x"') # Replaces both xxd -p and tr -cd '[:print:]' SERVER_COUNTER=0 # Counter for multiple servers -MX_HOSTNAME="" # MX hostname #################### SEVERITY #################### INFO=0 @@ -824,7 +823,7 @@ fileout_json_finding() { echo -e " { \"service\" : \"$finding\", \"ip\" : \"$NODEIP\"," >> "$JSONFILE" - $do_mx_all_ips && echo -e " \"hostname\" : \"$MX_HOSTNAME\"," >> "$JSONFILE" + $do_mx_all_ips && echo -e " \"hostname\" : \"$NODE\"," >> "$JSONFILE" else ("$FIRST_FINDING" && echo -n " {" >> "$JSONFILE") || echo -n ",{" >> "$JSONFILE" echo -e -n "\n" >> "$JSONFILE" @@ -11743,7 +11742,6 @@ run_mx_all_ips() { STARTTLS_PROTOCOL="" # no starttls for Port 465, on all other ports we speak starttls pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs" for mx in $mxs; do - MX_HOSTNAME=$mx draw_line "-" $((TERM_WIDTH * 2 / 3)) outln parse_hn_port "$mx:$mxport"