Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-10 10:40:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into openss2rfc_rfc2openssl

Browse Source 
Conflicts:
	testssl.sh
This commit is contained in:
David Cooper 2016-09-27 17:13:13 -04:00
commit 32bbf42ec3
4 changed files with 63 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
bin/Readme.md
View File

@ -1,13 +1,26 @@
**Note: Further new improved binaries (1.0.2i, compiled from a snapshot from Peter Mosman's fork: https://github.com/drwetter/openssl) will be uploaded soon.**
**Probably we discontinue the rarely used ones at github as it is not very approrpriate. Main site for binaries see https://testssl.sh/**
Binaries Binaries
======== ========
All the precompiled binaries provided here have extended support for
everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
features needed for testing. OTOH they also come with extended support
for new / advanced cipher suites and/or features which are not in the
official branch like (old version of the) CHACHA20+POLY1305 and CAMELLIA 256 bit ciphers.
They also have IPv6 support, see below.
The (stripped) binaries this directory are all compiled from my openssl
snapshot (https://github.com/drwetter/openssl) from Peter Mosman's openssl
fork (https://github.com/PeterMosmans/openssl). Thx a bunch, Peter!
Compiled Linux and FreeBSD binaries so far come from Dirk, other
contributors see ../CREDITS.md .
**I discontinued to upload the not commonly used binaries at github ** (ARM7l, Darwin.i386 and all except one kerberos compiles) **as it is not very appropriate to use github especially for those. The main site for all
binaries is https://testssl.sh/openssl-1.0.2i-chacha.pm.ipv6.contributed/, also see the tarball @
https://testssl.sh/openssl-1.0.2i-chacha.pm.ipv6.Linux+FreeBSD.tar.gz**
The binaries here have the naming scheme ``openssl.$(uname).$(uname -m)`` The binaries here have the naming scheme ``openssl.$(uname).$(uname -m)``
and will be picked up from testssl.sh if you run testssl.sh directly and will be picked up from testssl.sh if you run testssl.sh directly
off the git directory. Otherwise you need ``testssl.sh`` to point to it off the git directory. Otherwise you need ``testssl.sh`` to point to it
@ -18,19 +31,6 @@ The Linux binaries with the trailing ``-krb5`` come with Kerberos 5 support,
they won't be picked up automatically as you need to make sure first they they won't be picked up automatically as you need to make sure first they
run (see libraries below). run (see libraries below).
All the precompiled binaries provided here have extended support for
everything which is normally not in OpenSSL or LibreSSL -- 40+56 Bit,
export/ANON ciphers, weak DH ciphers, weak EC curves, SSLv2 etc. -- all the dirty
features needed for testing. OTOH they also come with extended support
for new / advanced cipher suites and/or features which are not in the
official branch like (old version of the) CHACHA20+POLY1305 and CAMELIA 256 bit ciphers.
The binaries in this directory are all compiled from an OpenSSL 1.0.2 fork
from Peter Mosmans (https://github.com/PeterMosmans/openssl). Thx a bunch,
Peter!
Compiled Linux and FreeBSD binaries so far come from Dirk, other contributors see ../CREDITS.md .
Compiling and Usage Instructions Compiling and Usage Instructions
================================ ================================
@ -62,6 +62,12 @@ If you want to compile OpenSSL yourself, here are the instructions:
git clone https://github.com/PeterMosmans/openssl git clone https://github.com/PeterMosmans/openssl
cd openssl cd openssl
or use my repo:
git clone https://github.com/drwetter/openssl
cd openssl
2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/utils/make-openssl.sh) 2.) configure the damned thing. Options I used (see https://github.com/drwetter/testssl.sh/blob/master/utils/make-openssl.sh)
**for 64Bit including Kerberos ciphers:** **for 64Bit including Kerberos ciphers:**
@ -92,7 +98,10 @@ If you want to compile OpenSSL yourself, here are the instructions:
enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \ enable-seed enable-camellia enable-idea enable-rfc3779 no-ec_nistp_64_gcc_128 \
-static experimental-jpake -DOPENSSL_USE_BUILD_DATE -static experimental-jpake -DOPENSSL_USE_BUILD_DATE
IPv6 support would need additionally the patch from ``fedora-dirk-ipv6.diff``. This doesn't give you the option of an IPv6 enabled proxy yet. It is good practice to compile those binaries with ``-DOPENSSL_USE_IPV6`` as later on you can tell them apart by``openssl version -a``. IPv6 support would need additionally the patch from ``fedora-dirk-ipv6.diff`` (included already
in my branch). This doesn't give you the option of an IPv6 enabled proxy yet.
It is good practice to compile those binaries with ``-DOPENSSL_USE_IPV6`` as
later on you can tell them apart by``openssl version -a``.
Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST Four GOST [1][2] ciphers come via engine support automagically with this setup. Two additional GOST
ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make ciphers can be compiled in (``GOST-GOST94``, ``GOST-MD5``) with ``-DTEMP_GOST_TLS`` but as of now they make
@ -110,7 +119,7 @@ If you don't have / don't want Kerberos libraries and devel rpms/debs, just omit
6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me 6.) ``./apps/openssl ciphers -V 'ALL:COMPLEMENTOFALL' | wc -l`` lists for me
* 193(+4 GOST) ciphers including kerberos * 193(+4 GOST) ciphers including kerberos
* 177(+4 GOST) ciphers without kerberos * 179(+4 GOST) ciphers without kerberos
as opposed to ~110 from Ubuntu or Opensuse. as opposed to ~110 from Ubuntu or Opensuse.

BIN
bin/openssl.Darwin.i386
View File

Binary file not shown.

BIN
bin/openssl.Linux.armv7l
View File

Binary file not shown.

71
testssl.sh
View File

@ -203,7 +203,6 @@ TLS_EXTENSIONS=""
GOST_STATUS_PROBLEM=false GOST_STATUS_PROBLEM=false
DETECTED_TLS_VERSION="" DETECTED_TLS_VERSION=""
PATTERN2SHOW="" PATTERN2SHOW=""
SOCKREPLY=""
SOCK_REPLY_FILE="" SOCK_REPLY_FILE=""
HEXC="" HEXC=""
NW_STR="" NW_STR=""
@ -260,7 +259,6 @@ TLS_LOW_BYTE=""
HEX_CIPHER="" HEX_CIPHER=""
# The various hexdump commands we need to replace xxd (BSD compatibility) # The various hexdump commands we need to replace xxd (BSD compatibility)
HEXDUMPVIEW=(hexdump -C) # This is used in verbose mode to see what's going on
HEXDUMP=(hexdump -ve '16/1 "%02x " " \n"') # This is used to analyze the reply HEXDUMP=(hexdump -ve '16/1 "%02x " " \n"') # This is used to analyze the reply
HEXDUMPPLAIN=(hexdump -ve '1/1 "%.2x"') # Replaces both xxd -p and tr -cd '[:print:]' HEXDUMPPLAIN=(hexdump -ve '1/1 "%.2x"') # Replaces both xxd -p and tr -cd '[:print:]'
@ -1511,23 +1509,6 @@ socksend() {
sleep $2 sleep $2
} }
#FIXME: This is only for HB and CCS, others use still sockread_serverhello()
sockread() {
local -i ret=0
local ddreply
[[ "x$2" == "x" ]] && maxsleep=$MAX_WAITSOCK || maxsleep=$2
ddreply=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
dd bs=$1 of=$ddreply count=1 <&5 2>/dev/null &
wait_kill $! $maxsleep
ret=$?
SOCKREPLY=$(cat $ddreply 2>/dev/null)
rm $ddreply
return $ret
}
openssl2rfc() { openssl2rfc() {
local rfcname="" local rfcname=""
local -i i local -i i
@ -6089,9 +6070,10 @@ tls_sockets() {
run_heartbleed(){ run_heartbleed(){
local tls_proto_offered tls_hexcode local tls_proto_offered tls_hexcode
local heartbleed_payload client_hello local heartbleed_payload client_hello
local -i n ret local -i n ret lines_returned
local -i hb_rounds=3 local -i hb_rounds=3
local append="" local append=""
local found_500_oops=false
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for heartbleed vulnerability " && outln [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for heartbleed vulnerability " && outln
pr_bold " Heartbleed"; out " (CVE-2014-0160) " pr_bold " Heartbleed"; out " (CVE-2014-0160) "
@ -6175,39 +6157,45 @@ run_heartbleed(){
socksend "$client_hello" 1 socksend "$client_hello" 1
debugme outln "\nreading server hello" debugme outln "\nreading server hello"
sockread 32768 sockread_serverhello 32768
if [[ $DEBUG -ge 4 ]]; then if [[ $DEBUG -ge 4 ]]; then
echo "$SOCKREPLY" | "${HEXDUMPVIEW[@]}" | head -20 hexdump -C "$SOCK_REPLY_FILE" | head -20
outln "[...]" outln "[...]"
outln "\nsending payload with TLS version $tls_hexcode:" outln "\nsending payload with TLS version $tls_hexcode:"
fi fi
rm "$SOCK_REPLY_FILE"
socksend "$heartbleed_payload" 1 socksend "$heartbleed_payload" 1
sockread 16384 $HEARTBLEED_MAX_WAITSOCK sockread_serverhello 16384 $HEARTBLEED_MAX_WAITSOCK
[[ $? -eq 3 ]] && append=", timed out" [[ $? -eq 3 ]] && append=", timed out"
lines_returned=$(hexdump -ve '16/1 "%02x " " \n"' "$SOCK_REPLY_FILE" | wc -l | sed 's/ //g')
if [[ $DEBUG -ge 3 ]]; then if [[ $DEBUG -ge 3 ]]; then
outln "\nheartbleed reply: " outln "\nheartbleed reply: "
echo "$SOCKREPLY" | "${HEXDUMPVIEW[@]}" hexdump -C "$SOCK_REPLY_FILE" | head -20
[[ $lines_returned -gt 20 ]] && outln "[...]"
outln outln
fi fi
lines_returned=$(echo "$SOCKREPLY" | "${HEXDUMP[@]}" | wc -l | sed 's/ //g')
if [[ $lines_returned -gt 1 ]]; then if [[ $lines_returned -gt 1 ]]; then
if [[ "$STARTTLS_PROTOCOL" == "ftp" ]] || [[ "$STARTTLS_PROTOCOL" == "ftps" ]]; then if [[ "$STARTTLS_PROTOCOL" == "ftp" ]] || [[ "$STARTTLS_PROTOCOL" == "ftps" ]]; then
# check possibility of weird vsftpd reply, see #426 # check possibility of weird vsftpd reply, see #426
saved_sockreply[n]=$SOCKREPLY saved_sockreply[n]="$(hexdump -ve '1/1 "%.2x"' "$SOCK_REPLY_FILE")"
debugme out "${saved_sockreply[n]}" [[ $n -eq 1 ]] && grep -q '500 OOPS' "$SOCK_REPLY_FILE" && found_500_oops=true
rm "$SOCK_REPLY_FILE"
#debugme out "${saved_sockreply[n]}"
#TMPFILE="${saved_sockreply[n]}" #TMPFILE="${saved_sockreply[n]}"
close_socket close_socket
tmpfile_handle "$FUNCNAME,$n.txt" #tmpfile_handle "$FUNCNAME,$n.txt"
else else
rm "$SOCK_REPLY_FILE"
pr_svrty_critical "VULNERABLE (NOT ok)" pr_svrty_critical "VULNERABLE (NOT ok)"
fileout "heartbleed" "NOT ok" "Heartbleed (CVE-2014-0160): VULNERABLE (NOT ok)$append" fileout "heartbleed" "NOT ok" "Heartbleed (CVE-2014-0160): VULNERABLE (NOT ok)$append"
ret=1 ret=1
break break
fi fi
else else
rm "$SOCK_REPLY_FILE"
pr_done_best "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK)$append" fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK)$append"
ret=0 ret=0
@ -6220,7 +6208,7 @@ run_heartbleed(){
# This is the robust approach. According to a few tests it could also suffice # to check for "500 OOPS" only. # This is the robust approach. According to a few tests it could also suffice # to check for "500 OOPS" only.
# Checking for the same socket reply DOES NOT suffice -- server can be idle and return the same memory # Checking for the same socket reply DOES NOT suffice -- server can be idle and return the same memory
if [[ "${saved_sockreply[1]}" == "${saved_sockreply[2]}" ]] && [[ "${saved_sockreply[2]}" == "${saved_sockreply[3]}" ]] \ if [[ "${saved_sockreply[1]}" == "${saved_sockreply[2]}" ]] && [[ "${saved_sockreply[2]}" == "${saved_sockreply[3]}" ]] \
&& echo "${saved_sockreply[1]}" | grep -q '500 OOPS'; then && "$found_500_oops"; then
pr_done_best "not vulnerable (OK)$append" pr_done_best "not vulnerable (OK)$append"
[[ $DEBUG -ge 1 ]] && out ", successful weeded out vsftpd false positive" [[ $DEBUG -ge 1 ]] && out ", successful weeded out vsftpd false positive"
fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK)$append" fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK)$append"
@ -6234,7 +6222,7 @@ run_heartbleed(){
# for the repeated tries we did that already # for the repeated tries we did that already
#TMPFILE="$SOCKREPLY" #TMPFILE="$SOCKREPLY"
close_socket 2>/dev/null close_socket 2>/dev/null
tmpfile_handle $FUNCNAME.txt #tmpfile_handle $FUNCNAME.txt
fi fi
outln "$append" outln "$append"
@ -6249,6 +6237,9 @@ ok_ids(){
#FIXME: At a certain point heartbleed and ccs needs to be changed and make use of code2network using a file, then tls_sockets #FIXME: At a certain point heartbleed and ccs needs to be changed and make use of code2network using a file, then tls_sockets
run_ccs_injection(){ run_ccs_injection(){
local tls_proto_offered tls_hexcode ccs_message client_hello byte6 sockreply
local -i retval ret lines
# see https://www.openssl.org/news/secadv_20140605.txt # see https://www.openssl.org/news/secadv_20140605.txt
# mainly adapted from Ramon de C Valle's C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607 # mainly adapted from Ramon de C Valle's C code from https://gist.github.com/rcvalle/71f4b027d61a78c42607
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CCS injection vulnerability " && outln [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CCS injection vulnerability " && outln
@ -6308,41 +6299,45 @@ run_ccs_injection(){
socksend "$client_hello" 1 socksend "$client_hello" 1
debugme outln "\nreading server hello" debugme outln "\nreading server hello"
sockread 32768 sockread_serverhello 32768
if [[ $DEBUG -ge 4 ]]; then if [[ $DEBUG -ge 4 ]]; then
echo "$SOCKREPLY" | "${HEXDUMPVIEW[@]}" | head -20 hexdump -C "$SOCK_REPLY_FILE" | head -20
outln "[...]" outln "[...]"
outln "\npayload #1 with TLS version $tls_hexcode:" outln "\npayload #1 with TLS version $tls_hexcode:"
fi fi
rm "$SOCK_REPLY_FILE"
# ... and then send the a change cipher spec message # ... and then send the a change cipher spec message
socksend "$ccs_message" 1 || ok_ids socksend "$ccs_message" 1 || ok_ids
sockread 2048 $CCS_MAX_WAITSOCK sockread_serverhello 2048 $CCS_MAX_WAITSOCK
if [[ $DEBUG -ge 3 ]]; then if [[ $DEBUG -ge 3 ]]; then
outln "\n1st reply: " outln "\n1st reply: "
out "$SOCKREPLY" | "${HEXDUMPVIEW[@]}" | head -20 hexdump -C "$SOCK_REPLY_FILE" | head -20
# ok: 15 | 0301 | 02 | 02 | 0a # ok: 15 | 0301 | 02 | 02 | 0a
# ALERT | TLS 1.0 | Length=2 | Unexpected Message (0a) # ALERT | TLS 1.0 | Length=2 | Unexpected Message (0a)
# or just timed out # or just timed out
outln outln
outln "payload #2 with TLS version $tls_hexcode:" outln "payload #2 with TLS version $tls_hexcode:"
fi fi
rm "$SOCK_REPLY_FILE"
socksend "$ccs_message" 2 || ok_ids socksend "$ccs_message" 2 || ok_ids
sockread 2048 $CCS_MAX_WAITSOCK sockread_serverhello 2048 $CCS_MAX_WAITSOCK
retval=$? retval=$?
if [[ $DEBUG -ge 3 ]]; then if [[ $DEBUG -ge 3 ]]; then
outln "\n2nd reply: " outln "\n2nd reply: "
printf -- "$SOCKREPLY" | "${HEXDUMPVIEW[@]}" printf -- "$(hexdump -C "$SOCK_REPLY_FILE")"
# not ok: 15 | 0301 | 02 | 02 | 15 # not ok: 15 | 0301 | 02 | 02 | 15
# ALERT | TLS 1.0 | Length=2 | Decryption failed (21) # ALERT | TLS 1.0 | Length=2 | Decryption failed (21)
# ok: 0a or nothing: ==> RST # ok: 0a or nothing: ==> RST
outln outln
fi fi
sockreply=$(cat "$SOCK_REPLY_FILE" 2>/dev/null)
rm "$SOCK_REPLY_FILE"
byte6=$(echo "$SOCKREPLY" | "${HEXDUMPPLAIN[@]}" | sed 's/^..........//') byte6=$(echo "$sockreply" | "${HEXDUMPPLAIN[@]}" | sed 's/^..........//')
lines=$(echo "$SOCKREPLY" | "${HEXDUMP[@]}" | count_lines ) lines=$(echo "$sockreply" | "${HEXDUMP[@]}" | count_lines )
debugme echo "lines: $lines, byte6: $byte6" debugme echo "lines: $lines, byte6: $byte6"
if [[ "$byte6" == "0a" ]] || [[ "$lines" -gt 1 ]]; then if [[ "$byte6" == "0a" ]] || [[ "$lines" -gt 1 ]]; then