Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-03 23:39:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve output formatting with colorless more.

Browse Source 
- Get COLOR value from environment
- Use printf to format cipher table output instead of ANSI sequences
- Properly handle COLOR=1 for all printing functions
This commit is contained in:
Maciej Grela 2014-11-17 15:12:38 +01:00
parent b2cd4bfd4c
commit 3e48086e4c
1 changed files with 19 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
testssl.sh
View File

@ -51,7 +51,7 @@ CAPATH="${CAPATH:-/etc/ssl/certs/}" # same as previous. Doing nothing yet. FC ha
OSSL_VER="" # openssl version, will be autodetermined OSSL_VER="" # openssl version, will be autodetermined
NC="" # netcat will be autodetermined NC="" # netcat will be autodetermined
ECHO="/usr/bin/printf" # works under Linux, BSD, MacOS. watch out under Solaris, not tested yet under cygwin ECHO="/usr/bin/printf" # works under Linux, BSD, MacOS. watch out under Solaris, not tested yet under cygwin
COLOR=0 # with screen, tee and friends put 1 here (i.e. no color) COLOR=${COLOR:-0} # with screen, tee and friends put 1 here (i.e. no color)
SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally) SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally)
VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better
# whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1 # whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1
@ -85,11 +85,7 @@ IPS=""
go2_column() { $ECHO "\033[${1}G"; }
out() { out() {
# if 2 args: second is column position
[ ! -z "$2" ] && go2_column "$2"
$ECHO "$1" $ECHO "$1"
} }
@ -101,7 +97,7 @@ outln() {
# some functions for text (i know we could do this with tput, but what about systems having no terminfo? # some functions for text (i know we could do this with tput, but what about systems having no terminfo?
# http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html # http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
off() { off() {
out "\033[m\c" [ $COLOR = 0 ] && out "\033[m\c"
} }
liteblue() { liteblue() {
@ -123,7 +119,7 @@ litered() {
literedln() { litered "$1"; outln; } literedln() { litered "$1"; outln; }
red() { red() {
[ $COLOR = 0 ] && out "\033[1;31m$1 " || "**$1** " [ $COLOR = 0 ] && out "\033[1;31m$1 " || out "**$1** "
off off
} }
redln() { red "$1"; outln; } redln() { red "$1"; outln; }
@ -189,14 +185,14 @@ yellow() {
} }
yellowlnln() { yellowln "$1"; outln; } yellowlnln() { yellowln "$1"; outln; }
bold() { out "\033[1m$1"; off; } bold() { [ $COLOR = 0 ] && out "\033[1m$1" || out "$1"; off; }
boldln() { bold "$1" ; outln; } boldln() { bold "$1" ; outln; }
underline() { out "\033[4m$1" ; off; } underline() { [ $COLOR = 0 ] && out "\033[4m$1" || out "$1" ; off; }
boldandunder() { out "\033[1m\033[4m$1" ; off; } boldandunder() { [ $COLOR = 0 ] && out "\033[1m\033[4m$1" || out "$1" ; off; }
reverse() { out "\033[7m$1" ; off; } reverse() { [ $COLOR = 0 ] && out "\033[7m$1" || out "$1"; off; }
# whether it is ok for offer/not offer enc/cipher/version # whether it is ok for offer/not offer enc/cipher/version
@ -555,20 +551,13 @@ sockread() {
show_rfc_style(){ show_rfc_style(){
RFCname=`grep -iw $1 $MAP_RFC_FNAME | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/'` [ -r "$MAP_RFC_FNAME" ] && grep -iw $1 $MAP_RFC_FNAME | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/' | tr -d "\r\n"
if [ -n "$RFCname" ] ; then
out "$RFCname" "$2";
fi
} }
# header and list for all_ciphers+cipher_per_proto, and PFS+RC4 # header and list for all_ciphers+cipher_per_proto, and PFS+RC4
neat_header(){ neat_header(){
out " Hexcode"; out "Cipher Suite Name (OpenSSL)" 13; out "KeyExch." 43; out "Encryption" 52; out "Bits" 63 outln " Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${MAP_RFC_FNAME:+ Cipher Suite Name (RFC)}"
[ -r $MAP_RFC_FNAME ] && out "Cipher Suite Name (RFC)" 73 outln "-------------------------------------------------------------------------${MAP_RFC_FNAME:+------------------------------------------------}"
outln
printf "%s-----------------------------------------------------------------------"
[ -r $MAP_RFC_FNAME ] && printf "%s---------------------------------------------"
outln
} }
neat_list(){ neat_list(){
@ -578,8 +567,7 @@ neat_list(){
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305//g'` # workaround for empty strength=ChaCha20-Poly1305 strength=`echo $strength | sed -e 's/ChaCha20-Poly1305//g'` # workaround for empty strength=ChaCha20-Poly1305
enc=`echo $enc | sed -e 's/(.*)//g'` enc=`echo $enc | sed -e 's/(.*)//g'`
echo "$export" | grep -iq export && strength="$strength,export" echo "$export" | grep -iq export && strength="$strength,export"
out " [$1]"; out "$2" 13; out "$kx" 43; out "$enc" 54; out "$strength" 63 $ECHO " [%-8s] %-29s %-10s %-10s %-9s${MAP_RFC_FNAME:+ %-40s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
[ -r $MAP_RFC_FNAME ] && show_rfc_style $HEXC 73
} }
test_just_one(){ test_just_one(){
@ -626,7 +614,6 @@ allciphers(){
normalize_ciphercode $hexcode normalize_ciphercode $hexcode
neat_list $HEXC $ciph $kx $enc neat_list $HEXC $ciph $kx $enc
if [ "$SHOW_EACH_C" -ne 0 ]; then if [ "$SHOW_EACH_C" -ne 0 ]; then
[ -r $MAP_RFC_FNAME ] && go2_column 114
if [ $ret -eq 0 ]; then if [ $ret -eq 0 ]; then
cyan " available" cyan " available"
else else
@ -655,7 +642,6 @@ cipher_per_proto(){
normalize_ciphercode $hexcode normalize_ciphercode $hexcode
neat_list $HEXC $ciph $kx $enc neat_list $HEXC $ciph $kx $enc
if [ "$SHOW_EACH_C" -ne 0 ]; then if [ "$SHOW_EACH_C" -ne 0 ]; then
[ -r $MAP_RFC_FNAME ] && go2_column 114
if [ $ret -eq 0 ]; then if [ $ret -eq 0 ]; then
cyan " available" cyan " available"
else else
@ -895,7 +881,6 @@ pfs() {
normalize_ciphercode $hexcode normalize_ciphercode $hexcode
neat_list $HEXC $ciph $kx $enc $strength neat_list $HEXC $ciph $kx $enc $strength
if [ "$SHOW_EACH_C" -ne 0 ] ; then if [ "$SHOW_EACH_C" -ne 0 ] ; then
[ -r $MAP_RFC_FNAME ] && go2_column 114
if [ $ret -eq 0 ]; then if [ $ret -eq 0 ]; then
green "works" green "works"
else else
@ -929,7 +914,7 @@ rc4() {
$OPENSSL s_client -cipher `$OPENSSL ciphers RC4` $STARTTLS -connect $NODEIP:$PORT $SNI &>/dev/null </dev/null $OPENSSL s_client -cipher `$OPENSSL ciphers RC4` $STARTTLS -connect $NODEIP:$PORT $SNI &>/dev/null </dev/null
RC4=$? RC4=$?
if [ $RC4 -eq 0 ]; then if [ $RC4 -eq 0 ]; then
litered "\nRC4 seems generally available. Now testing specific ciphers..."; outln "\n" litered "RC4 seems generally available. Now testing specific ciphers..."; outln "\n"
bad=1 bad=1
neat_header neat_header
cat $TMPFILE | while read hexcode n ciph sslvers kx auth enc mac; do cat $TMPFILE | while read hexcode n ciph sslvers kx auth enc mac; do
@ -941,11 +926,10 @@ rc4() {
normalize_ciphercode $hexcode normalize_ciphercode $hexcode
neat_list $HEXC $ciph $kx $enc $strength neat_list $HEXC $ciph $kx $enc $strength
if [ "$SHOW_EACH_C" -ne 0 ]; then if [ "$SHOW_EACH_C" -ne 0 ]; then
[ -r $MAP_RFC_FNAME ] && go2_column 114
if [ $ret -eq 0 ]; then if [ $ret -eq 0 ]; then
litered "available " litered "available"
else else
out "not a/v " out "not a/v"
fi fi
else else
bad=1 bad=1
@ -1528,12 +1512,12 @@ mybanner() {
hn=`hostname` hn=`hostname`
#poor man's ident (nowadays not neccessarily installed) #poor man's ident (nowadays not neccessarily installed)
idtag=`grep '\$Id' $0 | grep -w Exp | grep -v grep | sed -e 's/^# //' -e 's/\$ $/\$/'` idtag=`grep '\$Id' $0 | grep -w Exp | grep -v grep | sed -e 's/^# //' -e 's/\$ $/\$/'`
idtagshy="\033[1;30m$idtag\033[m\033[1m" [ $COLOR = 0 ] && idtag="\033[1;30m$idtag\033[m\033[1m"
bb=`cat <<EOF bb=`cat <<EOF
######################################################### #########################################################
$me v$VERSION ($SWURL) $me v$VERSION ($SWURL)
($idtagshy) ($idtag)
This program is free software. Redistribution + This program is free software. Redistribution +
modification under GPLv2 is permitted. modification under GPLv2 is permitted.
@ -1773,8 +1757,9 @@ mybanner
#PATH_TO_TESTSSL="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")" #PATH_TO_TESTSSL="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"
PATH_TO_TESTSSL=`readlink "$BASH_SOURCE"` 2>/dev/null PATH_TO_TESTSSL=`readlink "$BASH_SOURCE"` 2>/dev/null
[ -z $PATH_TO_TESTSSL ] && PATH_TO_TESTSSL="." [ -z $PATH_TO_TESTSSL ] && PATH_TO_TESTSSL="."
MAP_RFC_FNAME=`dirname $PATH_TO_TESTSSL`"/mapping-rfc.txt" # this file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1) # this file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1)
# and https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm # and https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
[ -r "$(dirname $PATH_TO_TESTSSL)/mapping-rfc.txt" ] && MAP_RFC_FNAME=`dirname $PATH_TO_TESTSSL`"/mapping-rfc.txt"
#FIXME: I know this sucks and getoptS is better #FIXME: I know this sucks and getoptS is better