mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-03 23:39:45 +01:00
commit
2c76025ade
120
testssl.sh
120
testssl.sh
@ -547,6 +547,7 @@ pr_boldurl() { tm_bold "$1"; html_out "<a href="$1" style=\"font-weight:bold;col
|
||||
|
||||
### color switcher (see e.g. https://linuxtidbits.wordpress.com/2008/08/11/output-color-on-bash-scripts/
|
||||
### http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x405.html
|
||||
### no ouput support for HTML!
|
||||
set_color_functions() {
|
||||
local ncurses_tput=true
|
||||
|
||||
@ -612,6 +613,8 @@ set_color_functions() {
|
||||
reverse=$(tput mr)
|
||||
off=$(tput me)
|
||||
fi
|
||||
# italic doesn't work under Linux, FreeBSD (9). But both work under OpenBSD.
|
||||
# alternatively we could use escape codes
|
||||
fi
|
||||
}
|
||||
|
||||
@ -1098,6 +1101,52 @@ is_ipv6addr() {
|
||||
return 0
|
||||
}
|
||||
|
||||
# now some function for the integrated BIGIP F5 Cookie detector (see https://github.com/drwetter/F5-BIGIP-Decoder)
|
||||
|
||||
f5_hex2ip() {
|
||||
debugme echo "$1"
|
||||
echo $((16#${1:0:2})).$((16#${1:2:2})).$((16#${1:4:2})).$((16#${1:6:2}))
|
||||
}
|
||||
f5_hex2ip6() {
|
||||
debugme echo "$1"
|
||||
echo "[${1:0:4}:${1:4:4}:${1:8:4}:${1:12:4}.${1:16:4}:${1:20:4}:${1:24:4}:${1:28:4}]"
|
||||
}
|
||||
|
||||
f5_determine_routeddomain() {
|
||||
local tmp
|
||||
tmp="${1%%o*}"
|
||||
echo "${tmp/rd/}"
|
||||
}
|
||||
|
||||
f5_ip_oldstyle() {
|
||||
local tmp
|
||||
local a b c d
|
||||
|
||||
tmp="${1/%.*}" # until first dot
|
||||
tmp="$(printf "%x8" "$tmp")" # convert the whole thing to hex, now back to ip (reversed notation:
|
||||
tmp="$(f5_hex2ip $tmp)" # transform to ip with reversed notation
|
||||
IFS="." read -r a b c d <<< "$tmp" # reverse it
|
||||
echo $d.$c.$b.$a
|
||||
}
|
||||
|
||||
f5_port_decode() {
|
||||
local tmp
|
||||
|
||||
tmp="$(strip_lf "$1")" # remove lf if there is one
|
||||
tmp="${tmp/.0000/}" # to be sure remove trailing zeros with a dot
|
||||
tmp="${tmp#*.}" # get the port
|
||||
tmp="$(printf "%04x" "${tmp}")" # to hex
|
||||
if [[ ${#tmp} -eq 4 ]]; then
|
||||
:
|
||||
elif [[ ${#tmp} -eq 3 ]]; then # fill it up with leading zeros if needed
|
||||
tmp=0{$tmp}
|
||||
elif [[ ${#tmp} -eq 2 ]]; then
|
||||
tmp=00{$tmp}
|
||||
fi
|
||||
echo $((16#${tmp:2:2}${tmp:0:2})) # reverse order and convert it from hex to dec
|
||||
}
|
||||
|
||||
|
||||
|
||||
###### END helper function definitions ######
|
||||
|
||||
@ -1513,9 +1562,9 @@ detect_ipv4() {
|
||||
else
|
||||
first=false
|
||||
fi
|
||||
pr_svrty_high "$result"
|
||||
pr_svrty_medium "$result"
|
||||
outln "\n$spaces$your_ip_msg"
|
||||
fileout "ip_in_header_$count" "HIGH" "IPv4 address in header $result $your_ip_msg"
|
||||
fileout "ip_in_header_$count" "MEDIUM" "IPv4 address in header $result $your_ip_msg"
|
||||
fi
|
||||
count=$count+1
|
||||
done < $HEADERFILE
|
||||
@ -2094,11 +2143,65 @@ run_application_banner() {
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
|
||||
# arg1: multiline string w cookies
|
||||
f5_bigip_check() {
|
||||
local allcookies="$1"
|
||||
local ip port cookievalue cookiename
|
||||
local routed_domain offset
|
||||
local savedcookies=""
|
||||
local spaces="$2"
|
||||
|
||||
# taken from https://github.com/drwetter/F5-BIGIP-Decoder, more details see there
|
||||
|
||||
debugme echo -e "all cookies: >> $allcookies <<\n"
|
||||
while true; do IFS='=' read cookiename cookievalue
|
||||
[[ -z "$cookievalue" ]] && break
|
||||
cookievalue=${cookievalue/;/}
|
||||
debugme echo $cookiename : $cookievalue
|
||||
if grep -q -E '[0-9]{9,10}\.[0-9]{3,5}\.0000' <<< "$cookievalue"; then
|
||||
ip="$(f5_ip_oldstyle "$cookievalue")"
|
||||
port="$(f5_port_decode $cookievalue)"
|
||||
out "${spaces}F5 cookie (default IPv4 pool member): "; pr_italic "$cookiename "; prln_svrty_medium "${ip}:${port}"
|
||||
fileout "cookie_bigip_f5" "MEDIUM" "Information leakage: F5 cookie $cookiename $cookievalue is default IPv4 pool member ${ip}:${port}"
|
||||
elif grep -q -E '^rd[0-9]{1,2}o0{20}f{4}[a-f0-9]{8}o[0-9]{1,5}' <<< "$cookievalue"; then
|
||||
routed_domain="$(f5_determine_routeddomain "$cookievalue")"
|
||||
offset=$(( 2 + ${#routed_domain} + 1 + 24))
|
||||
port="${cookievalue##*o}"
|
||||
ip="$(f5_hex2ip "${cookievalue:$offset:8}")"
|
||||
out "${spaces}F5 cookie (IPv4 pool in routed domain "; pr_svrty_medium "$routed_domain"; out "): "; pr_italic "$cookiename "; prln_svrty_medium "${ip}:${port}"
|
||||
fileout "cookie_bigip_f5" "MEDIUM" "Information leakage: F5 cookie $cookiename $cookievalue is IPv4 pool member in routed domain $routed_domain ${ip}:${port}"
|
||||
elif grep -q -E '^vi[a-f0-9]{32}\.[0-9]{1,5}' <<< "$cookievalue"; then
|
||||
ip="$(f5_hex2ip6 ${cookievalue:2:32})"
|
||||
port="${cookievalue##*.}"
|
||||
port=$(f5_port_decode "$port")
|
||||
out "${spaces}F5 cookie (default IPv6 pool member): "; pr_italic "$cookiename "; prln_svrty_medium "${ip}:${port}"
|
||||
fileout "cookie_bigip_f5" "MEDIUM" "Information leakage: F5 cookie $cookiename $cookievalue is default IPv6 pool member ${ip}:${port}"
|
||||
elif grep -q -E '^rd[0-9]{1,2}o[a-f0-9]{32}o[0-9]{1,5}' <<< "$cookievalue"; then
|
||||
routed_domain="$(f5_determine_routeddomain "$cookievalue")"
|
||||
offset=$(( 2 + ${#routed_domain} + 1 ))
|
||||
port="${cookievalue##*o}"
|
||||
ip="$(f5_hex2ip6 ${cookievalue:$offset:32})"
|
||||
out "${spaces}F5 cookie (IPv6 pool in routed domain "; pr_svrty_medium "$routed_domain"; out "): "; pr_italic "$cookiename "; prln_svrty_medium "${ip}:${port}"
|
||||
fileout "cookie_bigip_f5" "MEDIUM" "Information leakage: F5 cookie $cookiename $cookievalue is IPv6 pool member in routed domain $routed_domain ${ip}:${port}"
|
||||
elif grep -q -E '^\!.*=$' <<< "$cookievalue"; then
|
||||
if [[ "${#cookievalue}" -eq 81 ]] ; then
|
||||
savedcookies="${savedcookies} ${cookiename}=${cookievalue:1:79}"
|
||||
out "${spaces}Encrypted F5 cookie named "; pr_italic "${cookiename}"; outln " detected"
|
||||
fileout "cookie_bigip_f5" "INFO" "encrypted F5 cookie named ${cookiename} detected"
|
||||
fi
|
||||
fi
|
||||
done <<< "$allcookies"
|
||||
}
|
||||
|
||||
|
||||
run_cookie_flags() { # ARG1: Path
|
||||
local -i nr_cookies
|
||||
local -i nr_httponly nr_secure
|
||||
local negative_word
|
||||
local msg302="" msg302_=""
|
||||
local spaces=" "
|
||||
|
||||
if [[ ! -s $HEADERFILE ]]; then
|
||||
run_http_header "$1" || return 3
|
||||
@ -2116,7 +2219,10 @@ run_cookie_flags() { # ARG1: Path
|
||||
|
||||
pr_bold " Cookie(s) "
|
||||
grep -ai '^Set-Cookie' $HEADERFILE >$TMPFILE
|
||||
if [[ $? -eq 0 ]]; then
|
||||
if [[ $? -ne 0 ]]; then
|
||||
outln "(none issued at \"$1\")$msg302"
|
||||
fileout "cookie_count" "INFO" "No cookies issued at \"$1\"$msg302_"
|
||||
else
|
||||
nr_cookies=$(count_lines "$(cat $TMPFILE)")
|
||||
out "$nr_cookies issued: "
|
||||
fileout "cookie_count" "INFO" "$nr_cookies cookie(s) issued at \"$1\"$msg302_"
|
||||
@ -2147,12 +2253,10 @@ run_cookie_flags() { # ARG1: Path
|
||||
else
|
||||
fileout "cookie_httponly" "INFO" "$nr_secure/$nr_cookies cookie(s) issued at \"$1\" marked as HttpOnly$msg302_"
|
||||
fi
|
||||
out "$msg302"
|
||||
else
|
||||
out "(none issued at \"$1\")$msg302"
|
||||
fileout "cookie_count" "INFO" "No cookies issued at \"$1\"$msg302_"
|
||||
outln "$msg302"
|
||||
allcookies="$(awk '/[Ss][Ee][Tt]-[Cc][Oo][Oo][Kk][Ii][Ee]:/ { print $2 }' "$TMPFILE")"
|
||||
f5_bigip_check "$allcookies" "$spaces"
|
||||
fi
|
||||
outln
|
||||
|
||||
tmpfile_handle $FUNCNAME.txt
|
||||
return 0
|
||||
|
Loading…
Reference in New Issue
Block a user