mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-23 08:59:31 +01:00
Add --assuming-not-http for turning off HTTP checks
This commit is contained in:
parent
80e26a75ef
commit
1d77372562
23
testssl.sh
23
testssl.sh
@ -102,6 +102,7 @@ SHOW_EACH_C=${SHOW_EACH_C:-0} # where individual ciphers are tested show just
|
|||||||
SNEAKY=${SNEAKY:-1} # if zero: the referer and useragent we leave while checking the http header is just usual
|
SNEAKY=${SNEAKY:-1} # if zero: the referer and useragent we leave while checking the http header is just usual
|
||||||
SSL_NATIVE=${SSL_NATIVE:-1} # we do per default bash sockets where possible 0: switch back to native openssl
|
SSL_NATIVE=${SSL_NATIVE:-1} # we do per default bash sockets where possible 0: switch back to native openssl
|
||||||
ASSUMING_HTTP=${ASSUMING_HTTP:-1} # in seldom cases (WAF, old servers/grumpy SSL) the service detection fails. Set to 0 for forcing HTTP
|
ASSUMING_HTTP=${ASSUMING_HTTP:-1} # in seldom cases (WAF, old servers/grumpy SSL) the service detection fails. Set to 0 for forcing HTTP
|
||||||
|
ASSUMING_NOT_HTTP=${ASSUMING_NOT_HTTP:-1} # if you don't need HTTP checks, set to 0 for turning off it
|
||||||
DEBUG=${DEBUG:-0} # if 1 the temp files won't be erased. 2: list more what's going on (formerly: eq VERBOSE=1),
|
DEBUG=${DEBUG:-0} # if 1 the temp files won't be erased. 2: list more what's going on (formerly: eq VERBOSE=1),
|
||||||
# 3: slight hexdumps + other info, 4: send bytes via sockets, 5: received, 6: whole 9 yards
|
# 3: slight hexdumps + other info, 4: send bytes via sockets, 5: received, 6: whole 9 yards
|
||||||
# FIXME: still to be filled with (more) sense or following to be included:
|
# FIXME: still to be filled with (more) sense or following to be included:
|
||||||
@ -450,8 +451,15 @@ runs_HTTP() {
|
|||||||
out " Service detected: "
|
out " Service detected: "
|
||||||
case $SERVICE in
|
case $SERVICE in
|
||||||
HTTP)
|
HTTP)
|
||||||
out " $SERVICE"
|
if [[ $ASSUMING_NOT_HTTP -eq 0 ]]; then
|
||||||
ret=0 ;;
|
out " $SERVICE, but skipping HTTP checks"
|
||||||
|
SERVICE=NOT_HTTP
|
||||||
|
ret=1
|
||||||
|
else
|
||||||
|
out " $SERCICE"
|
||||||
|
ret=0
|
||||||
|
fi
|
||||||
|
;;
|
||||||
IMAP|POP|SMTP)
|
IMAP|POP|SMTP)
|
||||||
out " $SERVICE, thus skipping HTTP specific checks"
|
out " $SERVICE, thus skipping HTTP specific checks"
|
||||||
ret=0 ;;
|
ret=0 ;;
|
||||||
@ -3394,6 +3402,7 @@ partly mandatory parameters:
|
|||||||
tuning options:
|
tuning options:
|
||||||
|
|
||||||
--assuming-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
--assuming-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
|
||||||
|
--assuming-not-http if you don't need HTTP checks, set to 0 for turning off it
|
||||||
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
--ssl-native fallback to checks with OpenSSL where sockets are normally used
|
||||||
--openssl <PATH> use this openssl binary (default: look in \$PATH, \$RUN_DIR of $PROG_NAME
|
--openssl <PATH> use this openssl binary (default: look in \$PATH, \$RUN_DIR of $PROG_NAME
|
||||||
--proxy <host>:<port> connect via the specified HTTP proxy
|
--proxy <host>:<port> connect via the specified HTTP proxy
|
||||||
@ -3493,6 +3502,7 @@ SHOW_LOC_CIPH: $SHOW_LOC_CIPH
|
|||||||
SHOW_EACH_C: $SHOW_EACH_C
|
SHOW_EACH_C: $SHOW_EACH_C
|
||||||
SSL_NATIVE: $SSL_NATIVE
|
SSL_NATIVE: $SSL_NATIVE
|
||||||
ASSUMING_HTTP $ASSUMING_HTTP
|
ASSUMING_HTTP $ASSUMING_HTTP
|
||||||
|
ASSUMING_NOT_HTTP $ASSUMING_NOT_HTTP
|
||||||
SNEAKY: $SNEAKY
|
SNEAKY: $SNEAKY
|
||||||
|
|
||||||
VERBERR: $VERBERR
|
VERBERR: $VERBERR
|
||||||
@ -4078,6 +4088,9 @@ parse_cmd_line() {
|
|||||||
--assuming[_-]http|--assume[-_]http)
|
--assuming[_-]http|--assume[-_]http)
|
||||||
ASSUMING_HTTP=0
|
ASSUMING_HTTP=0
|
||||||
;;
|
;;
|
||||||
|
--assuming[_-]not[_-]http|--assume[-_]not[_-]http)
|
||||||
|
ASSUMING_NOT_HTTP=0
|
||||||
|
;;
|
||||||
--sneaky)
|
--sneaky)
|
||||||
SNEAKY=0
|
SNEAKY=0
|
||||||
;;
|
;;
|
||||||
@ -4131,6 +4144,12 @@ parse_cmd_line() {
|
|||||||
# Show usage if no options were specified
|
# Show usage if no options were specified
|
||||||
[ -z $1 ] && help 0
|
[ -z $1 ] && help 0
|
||||||
|
|
||||||
|
# Check protocol assuming options
|
||||||
|
if [ $ASSUMING_HTTP -eq 0 ] && [ $ASSUMING_NOT_HTTP -eq 0 ] ; then
|
||||||
|
pr_magentaln "--assuming-http and --assuming-not-http can't turn on the same time!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
# left off here is the URI
|
# left off here is the URI
|
||||||
URI=$1
|
URI=$1
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user