Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 21:35:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

first version of implicit parsing for nmap greppable files (-oG)

Browse Source 
Currently for serial scanning only.
This commit is contained in:
Dirk
2017-06-12 17:09:52 +02:00
parent 30d3233cb4
commit 1b0ac5ffd6
1 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
testssl.sh
View File

@@ -11128,8 +11128,9 @@ help() {
protocol is <ftp|smtp|pop3|imap|xmpp|telnet|ldap|postgres> (latter three require supplied openssl) protocol is <ftp|smtp|pop3|imap|xmpp|telnet|ldap|postgres> (latter three require supplied openssl)
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed --xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25) --mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
--file <fname> mass testing option: Reads command lines from <fname>, one line per instance. --file <fname|fname.gmap> mass testing option: Reads command lines from <fname>, one line per instance.
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch" Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch".
Alternatively: nmap output in greppable format (-oG) is also allowed (1x same port per line)
single check as <options> ("$PROG_NAME URI" does everything except -E): single check as <options> ("$PROG_NAME URI" does everything except -E):
-e, --each-cipher checks each local cipher remotely -e, --each-cipher checks each local cipher remotely
@@ -12319,15 +12320,52 @@ create_mass_testing_cmdline() {
return 0 return 0
} }
nmap_to_plain_file() {
local target_fname=""
local oneline=""
# test whether there's more than one "open" per line which is not supported currently
while read -r oneline; do
if [[ $(tr ',' '\n' <<< "$oneline" | grep -c '\/open\/') -gt 1 ]]; then
fatal "nmap parser for file $FNAME cannot contain > 1 port per line" -3
fi
done < "$FNAME"
target_fname=${FNAME%.*}.txt # strip extension
awk '/\/open\// { print $2":"$5 }' "$FNAME" | sed 's/\/open.*$//g' >"$target_fname"
[[ $? -ne 0 ]] && \
fatal "conversion from nmap grepable to text somehow failed around $LINENO" -3
[[ -s "$target_fname" ]] || \
fatal "Couldn't find any open port in $FNAME" -3
export FNAME=$target_fname
}
run_mass_testing() { run_mass_testing() {
local cmdline="" local cmdline=""
local first=true local first=true
local gmapadd=""
if [[ ! -r "$FNAME" ]] && "$IKNOW_FNAME"; then if [[ ! -r "$FNAME" ]] && "$IKNOW_FNAME"; then
fatal "Can't read file \"$FNAME\"" "2" fatal "Can't read file \"$FNAME\"" "2"
fi fi
# at least now we checked the command line. But it's not sure yet whether we have the right file
if [[ "$(head -1 "$FNAME")" =~ (Nmap [4-8])(.*)( scan initiated )(.*) ]]; then
# Ok, we have an nmap file. To avoid questions we make sure it's the right format too
if [[ "$(head -1 "$FNAME")" =~ ( -oG )(.*) ]]; then
if [[ $(grep -c Status "$FNAME") -ge 1 ]]; then
[[ $(grep -c '\/open\/' $FNAME) -eq 0 ]] && \
fatal "Nmap file $FNAME should contain at least one open port" -1
IS_GMAP_FILE=true
gmapadd="grep(p)able nmap "
nmap_to_plain_file
else
fatal "wierdly nmap grepable misses \"Status\"" -1
fi
else
fatal "Nmap file $FNAME is not in grep(p)able format (-oG filename.gmap)" -1
fi
fi
pr_reverse "====== Running in file batch mode with ${gmapadd}file=\"$FNAME\" ======"; outln "\n"
pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n"
while read cmdline; do while read cmdline; do
cmdline="$(filter_input "$cmdline")" cmdline="$(filter_input "$cmdline")"
[[ -z "$cmdline" ]] && continue [[ -z "$cmdline" ]] && continue