mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-07 17:20:57 +01:00
first version of implicit parsing for nmap greppable files (-oG)
Currently for serial scanning only.
This commit is contained in:
parent
30d3233cb4
commit
1b0ac5ffd6
44
testssl.sh
44
testssl.sh
@ -11128,8 +11128,9 @@ help() {
|
|||||||
protocol is <ftp|smtp|pop3|imap|xmpp|telnet|ldap|postgres> (latter three require supplied openssl)
|
protocol is <ftp|smtp|pop3|imap|xmpp|telnet|ldap|postgres> (latter three require supplied openssl)
|
||||||
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
|
||||||
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
|
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
|
||||||
--file <fname> mass testing option: Reads command lines from <fname>, one line per instance.
|
--file <fname|fname.gmap> mass testing option: Reads command lines from <fname>, one line per instance.
|
||||||
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"
|
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch".
|
||||||
|
Alternatively: nmap output in greppable format (-oG) is also allowed (1x same port per line)
|
||||||
|
|
||||||
single check as <options> ("$PROG_NAME URI" does everything except -E):
|
single check as <options> ("$PROG_NAME URI" does everything except -E):
|
||||||
-e, --each-cipher checks each local cipher remotely
|
-e, --each-cipher checks each local cipher remotely
|
||||||
@ -12319,15 +12320,52 @@ create_mass_testing_cmdline() {
|
|||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
nmap_to_plain_file() {
|
||||||
|
local target_fname=""
|
||||||
|
local oneline=""
|
||||||
|
|
||||||
|
# test whether there's more than one "open" per line which is not supported currently
|
||||||
|
while read -r oneline; do
|
||||||
|
if [[ $(tr ',' '\n' <<< "$oneline" | grep -c '\/open\/') -gt 1 ]]; then
|
||||||
|
fatal "nmap parser for file $FNAME cannot contain > 1 port per line" -3
|
||||||
|
fi
|
||||||
|
done < "$FNAME"
|
||||||
|
target_fname=${FNAME%.*}.txt # strip extension
|
||||||
|
awk '/\/open\// { print $2":"$5 }' "$FNAME" | sed 's/\/open.*$//g' >"$target_fname"
|
||||||
|
[[ $? -ne 0 ]] && \
|
||||||
|
fatal "conversion from nmap grepable to text somehow failed around $LINENO" -3
|
||||||
|
[[ -s "$target_fname" ]] || \
|
||||||
|
fatal "Couldn't find any open port in $FNAME" -3
|
||||||
|
export FNAME=$target_fname
|
||||||
|
}
|
||||||
|
|
||||||
run_mass_testing() {
|
run_mass_testing() {
|
||||||
local cmdline=""
|
local cmdline=""
|
||||||
local first=true
|
local first=true
|
||||||
|
local gmapadd=""
|
||||||
|
|
||||||
if [[ ! -r "$FNAME" ]] && "$IKNOW_FNAME"; then
|
if [[ ! -r "$FNAME" ]] && "$IKNOW_FNAME"; then
|
||||||
fatal "Can't read file \"$FNAME\"" "2"
|
fatal "Can't read file \"$FNAME\"" "2"
|
||||||
fi
|
fi
|
||||||
|
# at least now we checked the command line. But it's not sure yet whether we have the right file
|
||||||
|
if [[ "$(head -1 "$FNAME")" =~ (Nmap [4-8])(.*)( scan initiated )(.*) ]]; then
|
||||||
|
# Ok, we have an nmap file. To avoid questions we make sure it's the right format too
|
||||||
|
if [[ "$(head -1 "$FNAME")" =~ ( -oG )(.*) ]]; then
|
||||||
|
if [[ $(grep -c Status "$FNAME") -ge 1 ]]; then
|
||||||
|
[[ $(grep -c '\/open\/' $FNAME) -eq 0 ]] && \
|
||||||
|
fatal "Nmap file $FNAME should contain at least one open port" -1
|
||||||
|
IS_GMAP_FILE=true
|
||||||
|
gmapadd="grep(p)able nmap "
|
||||||
|
nmap_to_plain_file
|
||||||
|
else
|
||||||
|
fatal "wierdly nmap grepable misses \"Status\"" -1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
fatal "Nmap file $FNAME is not in grep(p)able format (-oG filename.gmap)" -1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
pr_reverse "====== Running in file batch mode with ${gmapadd}file=\"$FNAME\" ======"; outln "\n"
|
||||||
|
|
||||||
pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n"
|
|
||||||
while read cmdline; do
|
while read cmdline; do
|
||||||
cmdline="$(filter_input "$cmdline")"
|
cmdline="$(filter_input "$cmdline")"
|
||||||
[[ -z "$cmdline" ]] && continue
|
[[ -z "$cmdline" ]] && continue
|
||||||
|
Loading…
Reference in New Issue
Block a user