mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-11-03 23:35:26 +01:00
- better detection for ssl poodle
- change of shorticut from zero to letter o
This commit is contained in:
Dirk
67
testssl.sh
67
testssl.sh
@@ -367,24 +367,6 @@ runs_HTTP() {
|
||||
return $ret
|
||||
}
|
||||
|
||||
# Padding Oracle On Downgraded Legacy Encryption
|
||||
poodle() {
|
||||
pr_bold " POODLE "; out "(CVE-2014-3566), experimental "
|
||||
# w/o downgrade check as of now https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00 | TLS_FALLBACK_SCSV
|
||||
$OPENSSL s_client -ssl3 $STARTTLS -connect $NODEIP:$PORT $SNI 2>$TMPFILE >/dev/null </dev/null
|
||||
ret=$?
|
||||
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
|
||||
if [ $ret -eq 0 ]; then
|
||||
pr_litered "VULNERABLE (NOT ok)"; out ", uses SSLv3 (no TLS_FALLBACK_SCSV mitigation tested)"
|
||||
else
|
||||
pr_green "not vulnerable (OK)"
|
||||
fi
|
||||
outln
|
||||
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
return $ret
|
||||
}
|
||||
|
||||
#problems not handled: chunked
|
||||
http_header() {
|
||||
[ -z "$1" ] && url="/" || url="$1"
|
||||
@@ -907,7 +889,6 @@ runprotocols() {
|
||||
7) ;; # no local support
|
||||
esac
|
||||
|
||||
|
||||
testprotohelper "-tls1" " TLSv1 "
|
||||
case $? in
|
||||
0) ok 2 0 ;; # no GCM, thus only normal print
|
||||
@@ -2176,7 +2157,40 @@ crime() {
|
||||
return $ret
|
||||
}
|
||||
|
||||
# for appliance which use padding, no fallack needed
|
||||
tls_poodle() {
|
||||
pr_bold " POODLE, SSL"; out " CVE-2014-8730), experimental "
|
||||
#FIXME
|
||||
echo "#FIXME"
|
||||
return 7
|
||||
}
|
||||
|
||||
|
||||
# Padding Oracle On Downgraded Legacy Encryption, in a nutshell: don't use CBC Ciphers in SSLv3
|
||||
ssl_poodle() {
|
||||
local ret
|
||||
local cbc_ciphers
|
||||
|
||||
pr_bold " POODLE, SSL"; out " (CVE-2014-3566), experimental "
|
||||
cbc_ciphers=`$OPENSSL ciphers -v 'ALL:eNULL' | grep CBC | awk '{ print $1 }' | tr '\n' ':'`
|
||||
debugme echo $cbc_ciphers
|
||||
$OPENSSL s_client -ssl3 $STARTTLS -cipher $cbc_ciphers -connect $NODEIP:$PORT $SNI &>$TMPFILE </dev/null
|
||||
ret=$?
|
||||
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
|
||||
if [ $ret -eq 0 ]; then
|
||||
pr_litered "VULNERABLE (NOT ok)"; out ", uses SSLv3+CBC (no TLS_FALLBACK_SCSV mitigation tested)"
|
||||
else
|
||||
pr_green "not vulnerable (OK)"
|
||||
fi
|
||||
outln
|
||||
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
return $ret
|
||||
}
|
||||
|
||||
|
||||
|
||||
#in a nutshell: don't use CBC Ciphers in SSLv3 TLSv1.0
|
||||
# Browser Exploit Against SSL/TLS
|
||||
beast(){
|
||||
shopt -s lastpipe # otherwise it's more tricky to access variables in a while loop
|
||||
@@ -2186,7 +2200,6 @@ beast(){
|
||||
local higher_proto_supported=""
|
||||
local -i ret=0
|
||||
local spaces=" "
|
||||
#in a nutshell: don't use CBC Ciphers in SSLv3 TLSv1.0
|
||||
|
||||
pr_bold " BEAST"; out " (CVE-2011-3389) "
|
||||
|
||||
@@ -2327,7 +2340,7 @@ starttls() {
|
||||
# ccs_injection ; ret=`expr $? + $ret`
|
||||
renego ; ret=`expr $? + $ret`
|
||||
crime ; ret=`expr $? + $ret`
|
||||
poodle ; ret=`expr $? + $ret`
|
||||
ssl_poodle ; ret=`expr $? + $ret`
|
||||
beast ; ret=`expr $? + $ret`
|
||||
|
||||
rc4 ; ret=`expr $? + $ret`
|
||||
@@ -2374,7 +2387,7 @@ $PRG <options> URI
|
||||
<-R|--renegotiation> tests only for renegotiation vulnerability
|
||||
<-C|--compression|--crime> tests only for CRIME vulnerability
|
||||
<-T|--breach> tests only for BREACH vulnerability
|
||||
<-0|--poodle> tests only for POODLE vulnerability
|
||||
<-O|--poodle> tests only for POODLE vulnerability
|
||||
<-A|--beast> tests only for BEAST vulnerability
|
||||
<-s|--pfs|--fs|--nsa> checks (perfect) forward secrecy settings
|
||||
<-4|--rc4|--appelbaum> which RC4 ciphers are being offered?
|
||||
@@ -2794,11 +2807,11 @@ case "$1" in
|
||||
fi
|
||||
ret=`expr $? + $ret`
|
||||
exit $ret ;;
|
||||
-0|--poodle)
|
||||
-O|--ssl_poodle|poodle)
|
||||
maketempf
|
||||
parse_hn_port "$2"
|
||||
outln; pr_blue "--> Testing for POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability"; outln "\n"
|
||||
poodle
|
||||
outln; pr_blue "--> Testing for POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability, SSLv3"; outln "\n"
|
||||
ssl_poodle
|
||||
exit $? ;;
|
||||
-4|--rc4|--appelbaum)
|
||||
maketempf
|
||||
@@ -2863,7 +2876,7 @@ case "$1" in
|
||||
renego ; ret=`expr $? + $ret`
|
||||
crime ; ret=`expr $? + $ret`
|
||||
[[ $SERVICE == "HTTP" ]] && breach "$URL_PATH" ; ret=`expr $? + $ret`
|
||||
poodle ; ret=`expr $? + $ret`
|
||||
ssl_poodle ; ret=`expr $? + $ret`
|
||||
beast ; ret=`expr $? + $ret`
|
||||
|
||||
rc4 ; ret=`expr $? + $ret`
|
||||
@@ -2871,6 +2884,6 @@ case "$1" in
|
||||
exit $ret ;;
|
||||
esac
|
||||
|
||||
# $Id: testssl.sh,v 1.195 2015/02/23 09:40:09 dirkw Exp $
|
||||
# $Id: testssl.sh,v 1.196 2015/02/27 20:21:37 dirkw Exp $
|
||||
# vim:ts=5:sw=5
|
||||
|
||||
|
||||
Reference in New Issue
Block a user