* NEW: cookie flags (experimental) [URL is missing]
* FIX: 30x handling for http_header (hint for final URL if stalled) * FIX: proper display of app-banners if >1
This commit is contained in:
parent
44d8f67998
commit
3d81a7b5ec
70
testssl.sh
70
testssl.sh
|
@ -14,7 +14,7 @@ VERSION="2.3dev" # any char suffixes denotes non=stable
|
||||||
SWURL="https://testssl.sh"
|
SWURL="https://testssl.sh"
|
||||||
SWCONTACT="dirk aet testssl dot sh"
|
SWCONTACT="dirk aet testssl dot sh"
|
||||||
|
|
||||||
# Author: Dirk Wetter, copyleft: 2007-2014, contributions so far see CREDIT.md
|
# Author: Dirk Wetter, copyleft: 2007-2015, contributions so far see CREDIT.md
|
||||||
#
|
#
|
||||||
# License: GPLv2, see http://www.fsf.org/licensing/licenses/info/GPLv2.html
|
# License: GPLv2, see http://www.fsf.org/licensing/licenses/info/GPLv2.html
|
||||||
# and accompanying license "LICENSE.txt". Redistribution + modification under this
|
# and accompanying license "LICENSE.txt". Redistribution + modification under this
|
||||||
|
@ -34,7 +34,7 @@ SWCONTACT="dirk aet testssl dot sh"
|
||||||
# Q: So what's the difference between https://www.ssllabs.com/ssltest or
|
# Q: So what's the difference between https://www.ssllabs.com/ssltest or
|
||||||
# https://sslcheck.globalsign.com/?
|
# https://sslcheck.globalsign.com/?
|
||||||
# A: As of now ssllabs only check webservers on standard ports, reachable from
|
# A: As of now ssllabs only check webservers on standard ports, reachable from
|
||||||
# the internet. And those are 3rd parties. If those four restrictions are fine
|
# the internet. And the two above are 3rd parties. If those restrictions are fine
|
||||||
# with you, they might tell you more than this tool -- as of now.
|
# with you, they might tell you more than this tool -- as of now.
|
||||||
|
|
||||||
# Note that for "standard" openssl binaries a lot of features (ciphers, protocols, vulnerabilities)
|
# Note that for "standard" openssl binaries a lot of features (ciphers, protocols, vulnerabilities)
|
||||||
|
@ -44,7 +44,7 @@ SWCONTACT="dirk aet testssl dot sh"
|
||||||
|
|
||||||
|
|
||||||
# following variables make use of $ENV, e.g. OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <host>
|
# following variables make use of $ENV, e.g. OPENSSL=<myprivate_path_to_openssl> ./testssl.sh <host>
|
||||||
CAPATH="${CAPATH:-/etc/ssl/certs/}" # same as previous. Doing nothing yet. FC has only a CA bundle per default, ==> openssl version -d
|
CAPATH="${CAPATH:-/etc/ssl/certs/}" # Does nothing yet. FC has only a CA bundle per default, ==> openssl version -d
|
||||||
ECHO="/usr/bin/printf --" # works under Linux, BSD, MacOS.
|
ECHO="/usr/bin/printf --" # works under Linux, BSD, MacOS.
|
||||||
COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all
|
COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all
|
||||||
SHOW_LOC_CIPH=${SHOW_LOC_CIPH}=0 # determines whether the client side ciphers are displayed at all (makes no sense normally)
|
SHOW_LOC_CIPH=${SHOW_LOC_CIPH}=0 # determines whether the client side ciphers are displayed at all (makes no sense normally)
|
||||||
|
@ -82,7 +82,7 @@ OSSL_VER_APPENDIX="none"
|
||||||
NODEIP=""
|
NODEIP=""
|
||||||
IPS=""
|
IPS=""
|
||||||
SERVICE="" # is the server running an HTTP server, SMTP, POP or IMAP?
|
SERVICE="" # is the server running an HTTP server, SMTP, POP or IMAP?
|
||||||
HEADER_MAXSLEEP=4 # we wait this long before killing the process to retrieve a service banner / http header
|
HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-3} # we wait this long before killing the process to retrieve a service banner / http header
|
||||||
|
|
||||||
NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1"
|
NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1"
|
||||||
RUN_DIR=`dirname $0`
|
RUN_DIR=`dirname $0`
|
||||||
|
@ -349,11 +349,11 @@ poodle() {
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
|
||||||
#problems not handled: chunked, 302
|
#problems not handled: chunked
|
||||||
http_header() {
|
http_header() {
|
||||||
[ -z "$1" ] && url="/"
|
[ -z "$1" ] && url="/" || url="$1"
|
||||||
if [ $SNEAKY -eq 0 ] ; then
|
if [ $SNEAKY -eq 0 ] ; then
|
||||||
referer="Referer: "
|
referer="Referer: http://google.com/"
|
||||||
useragent="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
|
useragent="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
|
||||||
else
|
else
|
||||||
referer="Referer: TLS/SSL-Tester from $SWURL"
|
referer="Referer: TLS/SSL-Tester from $SWURL"
|
||||||
|
@ -363,8 +363,9 @@ http_header() {
|
||||||
$OPENSSL s_client -quiet -connect $NODEIP:$PORT $SNI << EOF
|
$OPENSSL s_client -quiet -connect $NODEIP:$PORT $SNI << EOF
|
||||||
GET $url HTTP/1.1
|
GET $url HTTP/1.1
|
||||||
Host: $NODE
|
Host: $NODE
|
||||||
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
|
||||||
|
Accept-Language: en-us,en;q=0.7,de-de;q=0.3
|
||||||
$useragent
|
$useragent
|
||||||
Accept-Language: en-US,en
|
|
||||||
$referer
|
$referer
|
||||||
Connection: close
|
Connection: close
|
||||||
|
|
||||||
|
@ -378,8 +379,13 @@ EOF
|
||||||
mv $HEADERFILE.2 $HEADERFILE # sed'ing in place doesn't work with BSD and Linux simultaneously
|
mv $HEADERFILE.2 $HEADERFILE # sed'ing in place doesn't work with BSD and Linux simultaneously
|
||||||
ret=0
|
ret=0
|
||||||
else
|
else
|
||||||
|
magenta " header request stalled"
|
||||||
|
egrep -wq "301|302|^Location" $HEADERFILE
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
redir2=`grep '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n'`
|
||||||
|
outln " (30x to $redir2, tried this URL?)"
|
||||||
|
fi
|
||||||
[[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 $HEADERFILE 2>/dev/null
|
[[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 $HEADERFILE 2>/dev/null
|
||||||
magentaln " Test failed (requsting header stalled)"
|
|
||||||
ret=3
|
ret=3
|
||||||
fi
|
fi
|
||||||
return $ret
|
return $ret
|
||||||
|
@ -465,36 +471,54 @@ serverbanner() {
|
||||||
outln "(None, interesting!)"
|
outln "(None, interesting!)"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
bold " Application"
|
bold " Application "
|
||||||
# examples: php.net, asp.net , www.regonline.com
|
# examples: php.net, asp.net , www.regonline.com
|
||||||
egrep -i '^X-Powered-By|^X-AspNet-Version|^X-Runtime|^X-Version' $HEADERFILE >$TMPFILE
|
egrep -i '^X-Powered-By|^X-AspNet-Version|^X-Runtime|^X-Version' $HEADERFILE >$TMPFILE
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
#cat $TMPFILE | sed 's/^.*:/:/' | sed -e :a -e '$!N;s/\n:/ \n\ +/;ta' -e 'P;D' | sed 's/://g'
|
#cat $TMPFILE | sed 's/^.*:/:/' | sed -e :a -e '$!N;s/\n:/ \n\ +/;ta' -e 'P;D' | sed 's/://g'
|
||||||
cat $TMPFILE | sed 's/^/ /'
|
sed 's/^/ /g' $TMPFILE | tr -t '\n\r' ' '
|
||||||
else
|
|
||||||
litegrey " (None, checked \"/\")"
|
|
||||||
fi
|
|
||||||
outln
|
outln
|
||||||
|
#i=0
|
||||||
|
#cat $TMPFILE | sed 's/^/ /' | while read line; do
|
||||||
|
# out "$line"
|
||||||
|
# if [[ $i -eq 0 ]] ; then
|
||||||
|
# out " "
|
||||||
|
# i=1
|
||||||
|
# fi
|
||||||
|
#done
|
||||||
|
else
|
||||||
|
litegreyln " (None, checked \"/\")"
|
||||||
|
fi
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return $?
|
return $?
|
||||||
}
|
}
|
||||||
|
|
||||||
#dead function as of now
|
#dead function as of now
|
||||||
secure_cookie() { # ARG1: Path
|
cookieflags() { # ARG1: Path, ARG2: path
|
||||||
if [ -s $HEADERFILE ] ; then
|
bold " Cookie(s) "
|
||||||
http_header || return 3
|
if [ ! -s $HEADERFILE ] ; then
|
||||||
|
http_header "$1" || return 3
|
||||||
fi
|
fi
|
||||||
grep -i '^Set-Cookie' $HEADERFILE >$TMPFILE
|
grep -i '^Set-Cookie' $HEADERFILE >$TMPFILE
|
||||||
|
# lines!
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
outln "Cookie issued, status: "
|
out $(wc -l $TMPFILE)
|
||||||
|
out ": "
|
||||||
if grep -q -i secure $TMPFILE; then
|
if grep -q -i secure $TMPFILE; then
|
||||||
litegreenln "Secure Flag"
|
litegreen "Secure, "
|
||||||
echo $TMPFILE
|
|
||||||
else
|
else
|
||||||
outln "no secure flag"
|
out "NOT secure, "
|
||||||
fi
|
fi
|
||||||
|
if grep -q -i httponly $TMPFILE; then
|
||||||
|
litegreen "HttpOnly "
|
||||||
|
else
|
||||||
|
out "NOT HttpOnly"
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
out "none issued"
|
||||||
|
fi
|
||||||
|
outln
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
return 0
|
return 0
|
||||||
|
@ -2213,6 +2237,8 @@ case "$1" in
|
||||||
ret=$?
|
ret=$?
|
||||||
serverbanner
|
serverbanner
|
||||||
ret=`expr $? + $ret`
|
ret=`expr $? + $ret`
|
||||||
|
cookieflags
|
||||||
|
ret=`expr $? + $ret`
|
||||||
else
|
else
|
||||||
litemagentaln " Wrong usage: You're not targetting a HTTP service"
|
litemagentaln " Wrong usage: You're not targetting a HTTP service"
|
||||||
ret=2
|
ret=2
|
||||||
|
@ -2253,6 +2279,6 @@ case "$1" in
|
||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.164 2015/01/08 13:16:21 dirkw Exp $
|
# $Id: testssl.sh,v 1.165 2015/01/14 08:48:02 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue