mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-21 07:59:31 +01:00
further improvements through shellcheck
This commit is contained in:
parent
68695bbad3
commit
4556108a72
111
testssl.sh
111
testssl.sh
@ -272,7 +272,7 @@ wait_kill(){
|
|||||||
return 0 # didn't reach maxsleep yet
|
return 0 # didn't reach maxsleep yet
|
||||||
fi
|
fi
|
||||||
sleep 1
|
sleep 1
|
||||||
maxsleep=$(($maxsleep - 1))
|
maxsleep=$((maxsleep - 1))
|
||||||
test $maxsleep -eq 0 && break
|
test $maxsleep -eq 0 && break
|
||||||
done # needs to be killed:
|
done # needs to be killed:
|
||||||
kill $pid >&2 2>/dev/null
|
kill $pid >&2 2>/dev/null
|
||||||
@ -713,7 +713,6 @@ sockread() {
|
|||||||
|
|
||||||
wait_kill $pid $maxsleep
|
wait_kill $pid $maxsleep
|
||||||
ret=$?
|
ret=$?
|
||||||
|
|
||||||
SOCKREPLY=$(cat $ddreply)
|
SOCKREPLY=$(cat $ddreply)
|
||||||
rm $ddreply
|
rm $ddreply
|
||||||
|
|
||||||
@ -1421,7 +1420,7 @@ spdy() {
|
|||||||
fd_socket() {
|
fd_socket() {
|
||||||
# arg doesn't work here
|
# arg doesn't work here
|
||||||
if ! exec 5<> /dev/tcp/$NODEIP/$PORT; then
|
if ! exec 5<> /dev/tcp/$NODEIP/$PORT; then
|
||||||
pr_magenta "$(basename $0): unable to open a socket to $NODEIP:$PORT"
|
pr_magenta "$(basename "$0"): unable to open a socket to $NODEIP:$PORT"
|
||||||
return 6
|
return 6
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
@ -1455,12 +1454,12 @@ sockread_serverhello() {
|
|||||||
pid=$!
|
pid=$!
|
||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
if ! ps ax | grep -v grep | grep -q $pid; then
|
if ! ps $pid >/dev/null; then
|
||||||
break # didn't reach maxsleep yet
|
break # didn't reach maxsleep yet
|
||||||
kill $pid >&2 2>/dev/null
|
kill $pid >&2 2>/dev/null
|
||||||
fi
|
fi
|
||||||
sleep $USLEEP_REC
|
sleep $USLEEP_REC
|
||||||
maxsleep=$(($maxsleep - 1))
|
maxsleep=$((maxsleep - 1))
|
||||||
[[ $maxsleep -le 0 ]] && break
|
[[ $maxsleep -le 0 ]] && break
|
||||||
done
|
done
|
||||||
|
|
||||||
@ -2398,27 +2397,27 @@ starttls() {
|
|||||||
# of the cmdline e.g. with getopts.
|
# of the cmdline e.g. with getopts.
|
||||||
STARTTLS="-starttls $protocol"
|
STARTTLS="-starttls $protocol"
|
||||||
export STARTTLS
|
export STARTTLS
|
||||||
runprotocols ; ret=$(($? + $ret))
|
runprotocols ; ret=$(($? + ret))
|
||||||
run_std_cipherlists ; ret=$(($? + $ret))
|
run_std_cipherlists ; ret=$(($? + ret))
|
||||||
server_preference ; ret=$(($? + $ret))
|
server_preference ; ret=$(($? + ret))
|
||||||
server_defaults ; ret=$(($? + $ret))
|
server_defaults ; ret=$(($? + ret))
|
||||||
|
|
||||||
outln; pr_blue "--> Testing specific vulnerabilities" ; outln "\n"
|
outln; pr_blue "--> Testing specific vulnerabilities" ; outln "\n"
|
||||||
#FIXME: heartbleed + CCS won't work this way yet
|
#FIXME: heartbleed + CCS won't work this way yet
|
||||||
# heartbleed ; ret=$(($? + $ret))
|
# heartbleed ; ret=$(($? + ret))
|
||||||
# ccs_injection ; ret=$(($? + $ret))
|
# ccs_injection ; ret=$(($? + ret))
|
||||||
renego ; ret=$(($? + $ret))
|
renego ; ret=$(($? + ret))
|
||||||
crime ; ret=$(($? + $ret))
|
crime ; ret=$(($? + ret))
|
||||||
ssl_poodle ; ret=$(($? + $ret))
|
ssl_poodle ; ret=$(($? + ret))
|
||||||
freak ; ret=$(($? + $ret))
|
freak ; ret=$(($? + ret))
|
||||||
beast ; ret=$(($? + $ret))
|
beast ; ret=$(($? + ret))
|
||||||
|
|
||||||
rc4 ; ret=$(($? + $ret))
|
rc4 ; ret=$(($? + ret))
|
||||||
pfs ; ret=$(($? + $ret))
|
pfs ; ret=$(($? + ret))
|
||||||
|
|
||||||
outln
|
outln
|
||||||
#cipher_per_proto ; ret=$(($? + $ret))
|
#cipher_per_proto ; ret=$(($? + ret))
|
||||||
allciphers ; ret=$(($? + $ret))
|
allciphers ; ret=$(($? + ret))
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
*) pr_litemagentaln "momentarily only ftp, smtp, pop3, imap, xmpp and telnet, ldap allowed" >&2
|
*) pr_litemagentaln "momentarily only ftp, smtp, pop3, imap, xmpp and telnet, ldap allowed" >&2
|
||||||
@ -2431,7 +2430,7 @@ starttls() {
|
|||||||
|
|
||||||
|
|
||||||
help() {
|
help() {
|
||||||
PRG=$(basename $0)
|
PRG=$(basename "$0")
|
||||||
cat << EOF
|
cat << EOF
|
||||||
|
|
||||||
$PRG <options>
|
$PRG <options>
|
||||||
@ -2481,13 +2480,13 @@ EOF
|
|||||||
|
|
||||||
|
|
||||||
mybanner() {
|
mybanner() {
|
||||||
me=$(basename $0)
|
me=$(basename "$0")
|
||||||
osslver=$($OPENSSL version)
|
osslver=$($OPENSSL version)
|
||||||
osslpath=$(which $OPENSSL)
|
osslpath=$(which $OPENSSL)
|
||||||
nr_ciphers=$($OPENSSL ciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' | sed 's/:/ /g' | wc -w)
|
nr_ciphers=$($OPENSSL ciphers 'ALL:COMPLEMENTOFALL:@STRENGTH' | sed 's/:/ /g' | wc -w)
|
||||||
hn=$(hostname)
|
hn=$(hostname)
|
||||||
#poor man's ident (nowadays ident not neccessarily installed)
|
#poor man's ident (nowadays ident not neccessarily installed)
|
||||||
idtag=$(grep '\$Id' $0 | grep -w [E]xp | sed -e 's/^# //' -e 's/\$ $/\$/')
|
idtag=$(grep '\$Id' $0 | grep -w "[E]xp" | sed -e 's/^# //' -e 's/\$ $/\$/')
|
||||||
[ "$COLOR" -ne 0 ] && idtag="\033[1;30m$idtag\033[m\033[1m"
|
[ "$COLOR" -ne 0 ] && idtag="\033[1;30m$idtag\033[m\033[1m"
|
||||||
bb=$(cat <<EOF
|
bb=$(cat <<EOF
|
||||||
|
|
||||||
@ -2512,7 +2511,7 @@ outln " Using \"$osslver\" [~$nr_ciphers ciphers] on
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
maketempf () {
|
maketempf() {
|
||||||
TEMPDIR=$(mktemp -d /tmp/ssltester.XXXXXX) || exit 6
|
TEMPDIR=$(mktemp -d /tmp/ssltester.XXXXXX) || exit 6
|
||||||
TMPFILE=$TEMPDIR/tempfile.txt || exit 6
|
TMPFILE=$TEMPDIR/tempfile.txt || exit 6
|
||||||
HOSTCERT=$TEMPDIR/host_cerificate.txt
|
HOSTCERT=$TEMPDIR/host_cerificate.txt
|
||||||
@ -2727,8 +2726,8 @@ get_dns_entries() {
|
|||||||
|
|
||||||
fi # test4iponly
|
fi # test4iponly
|
||||||
|
|
||||||
IPADDRs=$(echo $IP4)
|
IPADDRs="$IP4"
|
||||||
[ ! -z "$IP6" ] && IPADDRs=$(echo $IP4)" "$(echo $IP6)
|
[ ! -z "$IP6" ] && IPADDRs="$IP4 $IP6"
|
||||||
|
|
||||||
# FIXME: we could/should test more than one IPv4 addresses if available, same IPv6. For now we test the first IPv4:
|
# FIXME: we could/should test more than one IPv4 addresses if available, same IPv6. For now we test the first IPv4:
|
||||||
NODEIP=$(echo "$IP4" | head -1)
|
NODEIP=$(echo "$IP4" | head -1)
|
||||||
@ -2767,11 +2766,11 @@ datebanner() {
|
|||||||
|
|
||||||
mx_allentries() {
|
mx_allentries() {
|
||||||
if which dig &> /dev/null; then
|
if which dig &> /dev/null; then
|
||||||
MXs=$(dig +short -t MX $1)
|
MXs=$(dig +short -t MX "$1")
|
||||||
elif which host &> /dev/null; then
|
elif which host &> /dev/null; then
|
||||||
MXs=$(host -t MX $1 | grep 'handled by' | sed -e 's/^.*by //' -e 's/\.$//')
|
MXs=$(host -t MX "$1" | grep 'handled by' | sed -e 's/^.*by //' -e 's/\.$//')
|
||||||
elif which nslookup &> /dev/null; then
|
elif which nslookup &> /dev/null; then
|
||||||
MXs=$(nslookup -type=MX $1 2> /dev/null | grep 'mail exchanger = ' | sed 's/^.*mail exchanger = //g')
|
MXs=$(nslookup -type=MX "$1" 2> /dev/null | grep 'mail exchanger = ' | sed 's/^.*mail exchanger = //g')
|
||||||
else
|
else
|
||||||
pr_magentaln 'No dig, host or nslookup'
|
pr_magentaln 'No dig, host or nslookup'
|
||||||
exit 3
|
exit 3
|
||||||
@ -2806,7 +2805,7 @@ mybanner
|
|||||||
|
|
||||||
#PATH_TO_TESTSSL="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"
|
#PATH_TO_TESTSSL="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"
|
||||||
PATH_TO_TESTSSL=$(readlink "$BASH_SOURCE") 2>/dev/null
|
PATH_TO_TESTSSL=$(readlink "$BASH_SOURCE") 2>/dev/null
|
||||||
[ -z $PATH_TO_TESTSSL ] && PATH_TO_TESTSSL="."
|
[ -z "$PATH_TO_TESTSSL" ] && PATH_TO_TESTSSL="."
|
||||||
#
|
#
|
||||||
# next file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1) and
|
# next file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1) and
|
||||||
# https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
# https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
||||||
@ -2820,7 +2819,7 @@ case "$1" in
|
|||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
--mx)
|
--mx)
|
||||||
mx_allentries $2
|
mx_allentries "$2"
|
||||||
exit $?
|
exit $?
|
||||||
;;
|
;;
|
||||||
-V|--local)
|
-V|--local)
|
||||||
@ -2851,7 +2850,7 @@ case "$1" in
|
|||||||
maketempf
|
maketempf
|
||||||
parse_hn_port "$2"
|
parse_hn_port "$2"
|
||||||
runprotocols ; ret=$?
|
runprotocols ; ret=$?
|
||||||
spdy ; ret=$(($? + $ret))
|
spdy ; ret=$(($? + ret))
|
||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
-f|--ciphers)
|
-f|--ciphers)
|
||||||
maketempf
|
maketempf
|
||||||
@ -2908,7 +2907,7 @@ case "$1" in
|
|||||||
breach "$URL_PATH"
|
breach "$URL_PATH"
|
||||||
ret=$?
|
ret=$?
|
||||||
fi
|
fi
|
||||||
ret=$(($? + $ret))
|
ret=$(($? + ret))
|
||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
-O|--ssl_poodle|poodle)
|
-O|--ssl_poodle|poodle)
|
||||||
maketempf
|
maketempf
|
||||||
@ -2947,11 +2946,11 @@ case "$1" in
|
|||||||
hpkp "$URL_PATH"
|
hpkp "$URL_PATH"
|
||||||
ret=$?
|
ret=$?
|
||||||
serverbanner "$URL_PATH"
|
serverbanner "$URL_PATH"
|
||||||
ret=$(($? + $ret))
|
ret=$(($? + ret))
|
||||||
applicationbanner "$URL_PATH"
|
applicationbanner "$URL_PATH"
|
||||||
ret=$(($? + $ret))
|
ret=$(($? + ret))
|
||||||
cookieflags "$URL_PATH"
|
cookieflags "$URL_PATH"
|
||||||
ret=$(($? + $ret))
|
ret=$(($? + ret))
|
||||||
else
|
else
|
||||||
pr_litemagentaln " Wrong usage: You're not targetting a HTTP service"
|
pr_litemagentaln " Wrong usage: You're not targetting a HTTP service"
|
||||||
ret=2
|
ret=2
|
||||||
@ -2964,37 +2963,37 @@ case "$1" in
|
|||||||
|
|
||||||
outln
|
outln
|
||||||
runprotocols ; ret=$?
|
runprotocols ; ret=$?
|
||||||
spdy ; ret=$(($? + $ret))
|
spdy ; ret=$(($? + ret))
|
||||||
run_std_cipherlists ; ret=$(($? + $ret))
|
run_std_cipherlists ; ret=$(($? + ret))
|
||||||
server_preference ; ret=$(($? + $ret))
|
server_preference ; ret=$(($? + ret))
|
||||||
server_defaults ; ret=$(($? + $ret))
|
server_defaults ; ret=$(($? + ret))
|
||||||
|
|
||||||
if [[ $SERVICE == "HTTP" ]]; then
|
if [[ $SERVICE == "HTTP" ]]; then
|
||||||
outln; pr_blue "--> Testing HTTP Header response"
|
outln; pr_blue "--> Testing HTTP Header response"
|
||||||
outln "\n"
|
outln "\n"
|
||||||
hsts "$URL_PATH" ; ret=$(($? + $ret))
|
hsts "$URL_PATH" ; ret=$(($? + ret))
|
||||||
hpkp "$URL_PATH" ; ret=$(($? + $ret))
|
hpkp "$URL_PATH" ; ret=$(($? + ret))
|
||||||
serverbanner "$URL_PATH" ; ret=$(($? + $ret))
|
serverbanner "$URL_PATH" ; ret=$(($? + ret))
|
||||||
applicationbanner "$URL_PATH" ; ret=$(($? + $ret))
|
applicationbanner "$URL_PATH" ; ret=$(($? + ret))
|
||||||
cookieflags "$URL_PATH" ; ret=$(($? + $ret))
|
cookieflags "$URL_PATH" ; ret=$(($? + ret))
|
||||||
fi
|
fi
|
||||||
|
|
||||||
outln; pr_blue "--> Testing specific vulnerabilities"
|
outln; pr_blue "--> Testing specific vulnerabilities"
|
||||||
outln "\n"
|
outln "\n"
|
||||||
heartbleed ; ret=$(($? + $ret))
|
heartbleed ; ret=$(($? + ret))
|
||||||
ccs_injection ; ret=$(($? + $ret))
|
ccs_injection ; ret=$(($? + ret))
|
||||||
renego ; ret=$(($? + $ret))
|
renego ; ret=$(($? + ret))
|
||||||
crime ; ret=$(($? + $ret))
|
crime ; ret=$(($? + ret))
|
||||||
[[ $SERVICE == "HTTP" ]] && breach "$URL_PATH" ; ret=$(($? + $ret))
|
[[ $SERVICE == "HTTP" ]] && breach "$URL_PATH" ; ret=$(($? + ret))
|
||||||
ssl_poodle ; ret=$(($? + $ret))
|
ssl_poodle ; ret=$(($? + ret))
|
||||||
freak ; ret=$(($? + $ret))
|
freak ; ret=$(($? + ret))
|
||||||
beast ; ret=$(($? + $ret))
|
beast ; ret=$(($? + ret))
|
||||||
|
|
||||||
rc4 ; ret=$(($? + $ret))
|
rc4 ; ret=$(($? + ret))
|
||||||
pfs ; ret=$(($? + $ret))
|
pfs ; ret=$(($? + ret))
|
||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.207 2015/03/15 15:10:13 dirkw Exp $
|
# $Id: testssl.sh,v 1.208 2015/03/15 15:59:28 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user