mirror of
https://github.com/drwetter/testssl.sh.git
synced 2024-12-31 22:09:44 +01:00
Improve output formatting with colorless more.
- Get COLOR value from environment - Use printf to format cipher table output instead of ANSI sequences - Properly handle COLOR=1 for all printing functions
This commit is contained in:
Maciej Grela
parent
b2cd4bfd4c
commit
3e48086e4c
53
testssl.sh
53
testssl.sh
@ -51,7 +51,7 @@ CAPATH="${CAPATH:-/etc/ssl/certs/}" # same as previous. Doing nothing yet. FC ha
|
||||
OSSL_VER="" # openssl version, will be autodetermined
|
||||
NC="" # netcat will be autodetermined
|
||||
ECHO="/usr/bin/printf" # works under Linux, BSD, MacOS. watch out under Solaris, not tested yet under cygwin
|
||||
COLOR=0 # with screen, tee and friends put 1 here (i.e. no color)
|
||||
COLOR=${COLOR:-0} # with screen, tee and friends put 1 here (i.e. no color)
|
||||
SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally)
|
||||
VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better
|
||||
# whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1
|
||||
@ -85,11 +85,7 @@ IPS=""
|
||||
|
||||
|
||||
|
||||
go2_column() { $ECHO "\033[${1}G"; }
|
||||
|
||||
out() {
|
||||
# if 2 args: second is column position
|
||||
[ ! -z "$2" ] && go2_column "$2"
|
||||
$ECHO "$1"
|
||||
}
|
||||
|
||||
@ -101,7 +97,7 @@ outln() {
|
||||
# some functions for text (i know we could do this with tput, but what about systems having no terminfo?
|
||||
# http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
|
||||
off() {
|
||||
out "\033[m\c"
|
||||
[ $COLOR = 0 ] && out "\033[m\c"
|
||||
}
|
||||
|
||||
liteblue() {
|
||||
@ -123,7 +119,7 @@ litered() {
|
||||
literedln() { litered "$1"; outln; }
|
||||
|
||||
red() {
|
||||
[ $COLOR = 0 ] && out "\033[1;31m$1 " || "**$1** "
|
||||
[ $COLOR = 0 ] && out "\033[1;31m$1 " || out "**$1** "
|
||||
off
|
||||
}
|
||||
redln() { red "$1"; outln; }
|
||||
@ -189,14 +185,14 @@ yellow() {
|
||||
}
|
||||
yellowlnln() { yellowln "$1"; outln; }
|
||||
|
||||
bold() { out "\033[1m$1"; off; }
|
||||
bold() { [ $COLOR = 0 ] && out "\033[1m$1" || out "$1"; off; }
|
||||
boldln() { bold "$1" ; outln; }
|
||||
|
||||
underline() { out "\033[4m$1" ; off; }
|
||||
underline() { [ $COLOR = 0 ] && out "\033[4m$1" || out "$1" ; off; }
|
||||
|
||||
boldandunder() { out "\033[1m\033[4m$1" ; off; }
|
||||
boldandunder() { [ $COLOR = 0 ] && out "\033[1m\033[4m$1" || out "$1" ; off; }
|
||||
|
||||
reverse() { out "\033[7m$1" ; off; }
|
||||
reverse() { [ $COLOR = 0 ] && out "\033[7m$1" || out "$1"; off; }
|
||||
|
||||
|
||||
# whether it is ok for offer/not offer enc/cipher/version
|
||||
@ -555,20 +551,13 @@ sockread() {
|
||||
|
||||
|
||||
show_rfc_style(){
|
||||
RFCname=`grep -iw $1 $MAP_RFC_FNAME | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/'`
|
||||
if [ -n "$RFCname" ] ; then
|
||||
out "$RFCname" "$2";
|
||||
fi
|
||||
[ -r "$MAP_RFC_FNAME" ] && grep -iw $1 $MAP_RFC_FNAME | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/' | tr -d "\r\n"
|
||||
}
|
||||
|
||||
# header and list for all_ciphers+cipher_per_proto, and PFS+RC4
|
||||
neat_header(){
|
||||
out " Hexcode"; out "Cipher Suite Name (OpenSSL)" 13; out "KeyExch." 43; out "Encryption" 52; out "Bits" 63
|
||||
[ -r $MAP_RFC_FNAME ] && out "Cipher Suite Name (RFC)" 73
|
||||
outln
|
||||
printf "%s-----------------------------------------------------------------------"
|
||||
[ -r $MAP_RFC_FNAME ] && printf "%s---------------------------------------------"
|
||||
outln
|
||||
outln " Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${MAP_RFC_FNAME:+ Cipher Suite Name (RFC)}"
|
||||
outln "-------------------------------------------------------------------------${MAP_RFC_FNAME:+------------------------------------------------}"
|
||||
}
|
||||
|
||||
neat_list(){
|
||||
@ -578,8 +567,7 @@ neat_list(){
|
||||
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305//g'` # workaround for empty strength=ChaCha20-Poly1305
|
||||
enc=`echo $enc | sed -e 's/(.*)//g'`
|
||||
echo "$export" | grep -iq export && strength="$strength,export"
|
||||
out " [$1]"; out "$2" 13; out "$kx" 43; out "$enc" 54; out "$strength" 63
|
||||
[ -r $MAP_RFC_FNAME ] && show_rfc_style $HEXC 73
|
||||
$ECHO " [%-8s] %-29s %-10s %-10s %-9s${MAP_RFC_FNAME:+ %-40s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
|
||||
}
|
||||
|
||||
test_just_one(){
|
||||
@ -626,7 +614,6 @@ allciphers(){
|
||||
normalize_ciphercode $hexcode
|
||||
neat_list $HEXC $ciph $kx $enc
|
||||
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
||||
if [ $ret -eq 0 ]; then
|
||||
cyan " available"
|
||||
else
|
||||
@ -655,7 +642,6 @@ cipher_per_proto(){
|
||||
normalize_ciphercode $hexcode
|
||||
neat_list $HEXC $ciph $kx $enc
|
||||
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
||||
if [ $ret -eq 0 ]; then
|
||||
cyan " available"
|
||||
else
|
||||
@ -895,7 +881,6 @@ pfs() {
|
||||
normalize_ciphercode $hexcode
|
||||
neat_list $HEXC $ciph $kx $enc $strength
|
||||
if [ "$SHOW_EACH_C" -ne 0 ] ; then
|
||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
||||
if [ $ret -eq 0 ]; then
|
||||
green "works"
|
||||
else
|
||||
@ -929,7 +914,7 @@ rc4() {
|
||||
$OPENSSL s_client -cipher `$OPENSSL ciphers RC4` $STARTTLS -connect $NODEIP:$PORT $SNI &>/dev/null </dev/null
|
||||
RC4=$?
|
||||
if [ $RC4 -eq 0 ]; then
|
||||
litered "\nRC4 seems generally available. Now testing specific ciphers..."; outln "\n"
|
||||
litered "RC4 seems generally available. Now testing specific ciphers..."; outln "\n"
|
||||
bad=1
|
||||
neat_header
|
||||
cat $TMPFILE | while read hexcode n ciph sslvers kx auth enc mac; do
|
||||
@ -941,11 +926,10 @@ rc4() {
|
||||
normalize_ciphercode $hexcode
|
||||
neat_list $HEXC $ciph $kx $enc $strength
|
||||
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
||||
if [ $ret -eq 0 ]; then
|
||||
litered "available "
|
||||
litered "available"
|
||||
else
|
||||
out "not a/v "
|
||||
out "not a/v"
|
||||
fi
|
||||
else
|
||||
bad=1
|
||||
@ -1528,12 +1512,12 @@ mybanner() {
|
||||
hn=`hostname`
|
||||
#poor man's ident (nowadays not neccessarily installed)
|
||||
idtag=`grep '\$Id' $0 | grep -w Exp | grep -v grep | sed -e 's/^# //' -e 's/\$ $/\$/'`
|
||||
idtagshy="\033[1;30m$idtag\033[m\033[1m"
|
||||
[ $COLOR = 0 ] && idtag="\033[1;30m$idtag\033[m\033[1m"
|
||||
bb=`cat <<EOF
|
||||
|
||||
#########################################################
|
||||
$me v$VERSION ($SWURL)
|
||||
($idtagshy)
|
||||
($idtag)
|
||||
|
||||
This program is free software. Redistribution +
|
||||
modification under GPLv2 is permitted.
|
||||
@ -1773,8 +1757,9 @@ mybanner
|
||||
#PATH_TO_TESTSSL="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"
|
||||
PATH_TO_TESTSSL=`readlink "$BASH_SOURCE"` 2>/dev/null
|
||||
[ -z $PATH_TO_TESTSSL ] && PATH_TO_TESTSSL="."
|
||||
MAP_RFC_FNAME=`dirname $PATH_TO_TESTSSL`"/mapping-rfc.txt" # this file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1)
|
||||
# and https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
||||
# this file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1)
|
||||
# and https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
||||
[ -r "$(dirname $PATH_TO_TESTSSL)/mapping-rfc.txt" ] && MAP_RFC_FNAME=`dirname $PATH_TO_TESTSSL`"/mapping-rfc.txt"
|
||||
|
||||
#FIXME: I know this sucks and getoptS is better
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user