mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-25 18:09:30 +01:00
FiX test scenarios with -6 and --ip=<ipv6address>
This PR fixes #1100 where those cmdline options were supplied and also the IPv4 address was tested. It also lables supplied IPv6 addresses as AAAA records instead of A records. Still, determine_ip_addresses() has space for improvements. Some comparisons fixed strings popped up during debugging were polished to avoid internal quoting [[ $VAR == "teststr" ]] will be otherwise expanded to [[ $VAR == \t\e\s\t\s\t\r ]]
This commit is contained in:
parent
452f4333c0
commit
32947188dd
37
testssl.sh
37
testssl.sh
@ -12252,8 +12252,8 @@ determine_ip_addresses() {
|
|||||||
|
|
||||||
if [[ -n "$CMDLINE_IP" ]]; then
|
if [[ -n "$CMDLINE_IP" ]]; then
|
||||||
# command line has supplied an IP address or "one"
|
# command line has supplied an IP address or "one"
|
||||||
if [[ "$CMDLINE_IP" == "one" ]]; then
|
if [[ "$CMDLINE_IP" == one ]]; then
|
||||||
# use first IPv4 address
|
# use first IPv4 or IPv6 address
|
||||||
CMDLINE_IP="$(head -1 <<< "$ip4")"
|
CMDLINE_IP="$(head -1 <<< "$ip4")"
|
||||||
[[ -z "$CMDLINE_IP" ]] && CMDLINE_IP="$(head -1 <<< "$ip6")"
|
[[ -z "$CMDLINE_IP" ]] && CMDLINE_IP="$(head -1 <<< "$ip6")"
|
||||||
fi
|
fi
|
||||||
@ -12284,16 +12284,25 @@ determine_ip_addresses() {
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -z "$ip4" ]]; then # IPv6 only address
|
# IPv6 only address
|
||||||
|
if [[ -z "$ip4" ]]; then
|
||||||
if "$HAS_IPv6"; then
|
if "$HAS_IPv6"; then
|
||||||
IPADDRs=$(newline_to_spaces "$ip6")
|
IPADDRs=$(newline_to_spaces "$ip6")
|
||||||
IP46ADDRs="$IPADDRs" # IP46ADDRs are the ones to display, IPADDRs the ones to test
|
IP46ADDRs="$IPADDRs" # IP46ADDRs are the ones to display, IPADDRs the ones to test
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if "$HAS_IPv6" && [[ -n "$ip6" ]]; then
|
if "$HAS_IPv6" && [[ -n "$ip6" ]]; then
|
||||||
IPADDRs=$(newline_to_spaces "$ip4 $ip6")
|
if is_ipv6addr "$CMDLINE_IP"; then
|
||||||
|
IPADDRs=$(newline_to_spaces "$ip6")
|
||||||
|
else
|
||||||
|
IPADDRs=$(newline_to_spaces "$ip4 $ip6")
|
||||||
|
fi
|
||||||
else
|
else
|
||||||
IPADDRs=$(newline_to_spaces "$ip4")
|
if is_ipv4addr "$CMDLINE_IP"; then
|
||||||
|
IPADDRs=$(newline_to_spaces "$ip4")
|
||||||
|
else
|
||||||
|
IPADDRs=$(newline_to_spaces "$ip4 $ip6")
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [[ -z "$IPADDRs" ]]; then
|
if [[ -z "$IPADDRs" ]]; then
|
||||||
@ -12577,8 +12586,14 @@ display_rdns_etc() {
|
|||||||
fi
|
fi
|
||||||
if "$LOCAL_A"; then
|
if "$LOCAL_A"; then
|
||||||
outln " A record via $CORRECT_SPACES /etc/hosts "
|
outln " A record via $CORRECT_SPACES /etc/hosts "
|
||||||
|
elif "$LOCAL_AAAA"; then
|
||||||
|
outln " AAAA record via $CORRECT_SPACES /etc/hosts "
|
||||||
elif [[ -n "$CMDLINE_IP" ]]; then
|
elif [[ -n "$CMDLINE_IP" ]]; then
|
||||||
outln " A record via $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
|
if is_ipv6addr $"$CMDLINE_IP"; then
|
||||||
|
outln " AAAA record via $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
|
||||||
|
else
|
||||||
|
outln " A record via $CORRECT_SPACES supplied IP \"$CMDLINE_IP\""
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
if [[ -n "$rDNS" ]]; then
|
if [[ -n "$rDNS" ]]; then
|
||||||
out "$(printf " %-23s %s" "rDNS ($nodeip):")"
|
out "$(printf " %-23s %s" "rDNS ($nodeip):")"
|
||||||
@ -13149,7 +13164,7 @@ query_globals() {
|
|||||||
do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
do_freak do_logjam do_drown do_header do_heartbleed do_mx_all_ips do_pfs do_protocols do_rc4 do_renego \
|
||||||
do_std_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \
|
do_std_cipherlists do_server_defaults do_server_preference do_ssl_poodle do_tls_fallback_scsv \
|
||||||
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do
|
do_sweet32 do_client_simulation do_cipher_match do_tls_sockets do_mass_testing do_display_only; do
|
||||||
[[ "${!gbl}" == "true" ]] && let true_nr++
|
[[ "${!gbl}" == true ]] && let true_nr++
|
||||||
done
|
done
|
||||||
return $true_nr
|
return $true_nr
|
||||||
}
|
}
|
||||||
@ -13236,7 +13251,7 @@ parse_cmd_line() {
|
|||||||
--ip|--ip=*)
|
--ip|--ip=*)
|
||||||
CMDLINE_IP="$(parse_opt_equal_sign "$1" "$2")"
|
CMDLINE_IP="$(parse_opt_equal_sign "$1" "$2")"
|
||||||
[[ $? -eq 0 ]] && shift
|
[[ $? -eq 0 ]] && shift
|
||||||
if [[ $CMDLINE_IP == "proxy" ]]; then
|
if [[ "$CMDLINE_IP" == proxy ]]; then
|
||||||
DNS_VIA_PROXY=true
|
DNS_VIA_PROXY=true
|
||||||
unset CMDLINE_IP
|
unset CMDLINE_IP
|
||||||
fi
|
fi
|
||||||
@ -13586,7 +13601,7 @@ parse_cmd_line() {
|
|||||||
# parameter after URI supplied:
|
# parameter after URI supplied:
|
||||||
[[ -n "$2" ]] && fatal "URI comes last" "1"
|
[[ -n "$2" ]] && fatal "URI comes last" "1"
|
||||||
fi
|
fi
|
||||||
[[ $CMDLINE_IP == "one" ]] && "$NODNS" && fatal "\"--ip=one\" and \"--nodns\" doesn't work together"
|
[[ "$CMDLINE_IP" == one ]] && "$NODNS" && fatal "\"--ip=one\" and \"--nodns\" doesn't work together"
|
||||||
|
|
||||||
[[ "$DEBUG" -ge 5 ]] && debug_globals
|
[[ "$DEBUG" -ge 5 ]] && debug_globals
|
||||||
# if we have no "do_*" set here --> query_globals: we do a standard run -- otherwise just the one specified
|
# if we have no "do_*" set here --> query_globals: we do a standard run -- otherwise just the one specified
|
||||||
@ -13750,7 +13765,7 @@ lets_roll() {
|
|||||||
parse_cmd_line "$@"
|
parse_cmd_line "$@"
|
||||||
# html_header() needs to be called early! Otherwise if html_out() is called before html_header() and the
|
# html_header() needs to be called early! Otherwise if html_out() is called before html_header() and the
|
||||||
# command line contains --htmlfile <htmlfile> or --html, it'll make problems with html output, see #692.
|
# command line contains --htmlfile <htmlfile> or --html, it'll make problems with html output, see #692.
|
||||||
# json_header and csv_header can be called later but for context reasons we'll leave it here
|
# json_header and csv_header could be called later but for context reasons we'll leave it here
|
||||||
html_header
|
html_header
|
||||||
json_header
|
json_header
|
||||||
csv_header
|
csv_header
|
||||||
@ -13788,7 +13803,7 @@ lets_roll() {
|
|||||||
if "$do_mx_all_ips"; then
|
if "$do_mx_all_ips"; then
|
||||||
query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified
|
query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified
|
||||||
[[ $? -eq 1 ]] && set_scanning_defaults
|
[[ $? -eq 1 ]] && set_scanning_defaults
|
||||||
run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have sililar code
|
run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have similar code
|
||||||
exit $?
|
exit $?
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user