From 4c6f0d9a50fb5029f26712c2980b1db4dcedccdf Mon Sep 17 00:00:00 2001 From: Dirk Date: Wed, 14 Jan 2015 12:23:53 +0100 Subject: [PATCH] - FIX: grep -a if we hit binary content with http_header (also if otherwise specified) - NEW: can specify URL (used for header matters and breach) - FIX: better handling of >1 cookies --- testssl.sh | 88 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 46 insertions(+), 42 deletions(-) diff --git a/testssl.sh b/testssl.sh index 8367310..4b3a12f 100755 --- a/testssl.sh +++ b/testssl.sh @@ -265,7 +265,8 @@ wait_kill(){ # foreign referers are the important thing here! breach() { bold " BREACH"; out " =HTTP Compression, experimental " - [ -z "$1" ] && url="/" + url="$1" + [ -z "$url" ] && url="/" if [ $SNEAKY -eq 0 ] ; then referer="Referer: http://google.com/" # see https://community.qualys.com/message/20360 useragent="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" @@ -380,9 +381,9 @@ EOF ret=0 else magenta " header request stalled" - egrep -wq "301|302|^Location" $HEADERFILE + egrep -awq "301|302|^Location" $HEADERFILE if [ $? -eq 0 ]; then - redir2=`grep '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n'` + redir2=`grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n'` outln " (30x to $redir2, tried this URL?)" fi [[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 $HEADERFILE 2>/dev/null @@ -392,22 +393,21 @@ EOF } includeSubDomains() { - if grep -q includeSubDomains "$1"; then + if grep -aiq includeSubDomains "$1"; then litegreen ", includeSubDomains" else litecyan ", just this domain" fi } -#FIXME: it doesn't follow a 30x. At least a path should be possible to provide hsts() { bold " HSTS " if [ ! -s $HEADERFILE ] ; then - http_header || return 3 + http_header "$1" || return 3 fi - grep -iw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE + grep -iaw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE if [ $? -eq 0 ]; then - grep -ciw '^Strict-Transport-Security' $HEADERFILE | egrep -wq "1" || out "(two HSTS header, using 1st one) " + grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -wq "1" || out "(two HSTS header, using 1st one) " AGE_SEC=`sed -e 's/[^0-9]*//g' $TMPFILE | head -1` AGE_DAYS=`expr $AGE_SEC \/ 86400` if [ $AGE_DAYS -gt $HSTS_MIN ]; then @@ -428,11 +428,11 @@ hsts() { hpkp() { bold " HPKP " if [ ! -s $HEADERFILE ] ; then - http_header || return 3 + http_header "$1" || return 3 fi - egrep -iw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE >$TMPFILE + egrep -aiw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE >$TMPFILE if [ $? -eq 0 ]; then - egrep -ciw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE | egrep -wq "1" || out "(two HPKP header, using 1st one) " + egrep -aciw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE | egrep -wq "1" || out "(two HPKP header, using 1st one) " AGE_SEC=`sed -e 's/\r//g' -e 's/^.*max-age=//' -e 's/;.*//' $TMPFILE` AGE_DAYS=`expr $AGE_SEC \/ 86400` if [ $AGE_DAYS -ge $HPKP_MIN ]; then @@ -450,15 +450,14 @@ hpkp() { tmpfile_handle $FUNCNAME.txt return $? } -#FIXME: report-uri #FIXME: once checkcert.sh is here: fingerprints! serverbanner() { bold " Server " if [ ! -s $HEADERFILE ] ; then - http_header || return 3 + http_header "$1" || return 3 fi - grep -i '^Server' $HEADERFILE >$TMPFILE + grep -ai '^Server' $HEADERFILE >$TMPFILE if [ $? -eq 0 ]; then #out=`cat $TMPFILE | sed -e 's/^Server: //' -e 's/^server: //' -e 's/^[[:space:]]//'` serverbanner=`cat $TMPFILE | sed -e 's/^Server: //' -e 's/^server: //'` @@ -472,8 +471,8 @@ serverbanner() { fi bold " Application " -# examples: php.net, asp.net , www.regonline.com - egrep -i '^X-Powered-By|^X-AspNet-Version|^X-Runtime|^X-Version' $HEADERFILE >$TMPFILE +# examples: dev.testssl.sh, php.net, asp.net , www.regonline.com + egrep -ai '^X-Powered-By|^X-AspNet-Version|^X-Runtime|^X-Version' $HEADERFILE >$TMPFILE if [ $? -eq 0 ]; then #cat $TMPFILE | sed 's/^.*:/:/' | sed -e :a -e '$!N;s/\n:/ \n\ +/;ta' -e 'P;D' | sed 's/://g' sed 's/^/ /g' $TMPFILE | tr -t '\n\r' ' ' @@ -494,29 +493,33 @@ serverbanner() { return $? } -#dead function as of now cookieflags() { # ARG1: Path, ARG2: path bold " Cookie(s) " if [ ! -s $HEADERFILE ] ; then http_header "$1" || return 3 fi - grep -i '^Set-Cookie' $HEADERFILE >$TMPFILE -# lines! + grep -ai '^Set-Cookie' $HEADERFILE >$TMPFILE if [ $? -eq 0 ]; then - out $(wc -l $TMPFILE) - out ": " - if grep -q -i secure $TMPFILE; then - litegreen "Secure, " + nr_cookies=`cat $TMPFILE | wc -l` + if [ $nr_cookies -gt 1 ] ; then + out $(wc -l $TMPFILE) + out " issued: " + negative_word="NOONE" else - out "NOT secure, " - fi - if grep -q -i httponly $TMPFILE; then - litegreen "HttpOnly " - else - out "NOT HttpOnly" + negative_word="NOT" fi + nr_secure=`grep -iac secure $TMPFILE` + case $nr_secure in + 0) out "$negative_word secure, " ;; + [123456789]) litegreen "$nr_secure/$nr_cookies secure" ; out ", ";; + esac + nr_httponly=`grep -cai httponly $TMPFILE` + case $nr_httponly in + 0) out "$negative_word HttpOnly" ;; + [123456789]) litegreen "$nr_secure/$nr_cookies HttpOnly" ;; + esac else - out "none issued" + out "none issued at \"$url\"" fi outln @@ -1973,8 +1976,8 @@ parse_hn_port() { fi SNI="-servername $NODE" - #URLP=`echo $1 | sed 's/'"${PROTO}"':\/\/'"${NODE}"'//'` - #URLP=`echo $URLP | sed 's/\/\//\//g'` # // -> / + URL_PATH=`echo $1 | sed 's/.*'"${NODE}"'//'` # remove protocol and node part + URL_PATH=`echo $URL_PATH | sed 's/\/\//\//g'` # we rather want // -> / # now get NODEIP get_dns_entries @@ -2202,7 +2205,7 @@ case "$1" in litemagentaln " Wrong usage: You're not targetting a HTTP service" ret=2 else - breach + breach "$URL_PATH" ret=$? fi ret=`expr $? + $ret` @@ -2232,12 +2235,12 @@ case "$1" in parse_hn_port "$2" outln; blue "--> Testing HTTP Header response"; outln "\n" if [[ $SERVICE == "HTTP" ]]; then - hsts - hpkp + hsts "$URL_PATH" + hpkp "$URL_PATH" ret=$? - serverbanner + serverbanner "$URL_PATH" ret=`expr $? + $ret` - cookieflags + cookieflags "$URL_PATH" ret=`expr $? + $ret` else litemagentaln " Wrong usage: You're not targetting a HTTP service" @@ -2262,16 +2265,17 @@ case "$1" in ccs_injection ; ret=`expr $? + $ret` renego ; ret=`expr $? + $ret` crime ; ret=`expr $? + $ret` - [[ $SERVICE == "HTTP" ]] && breach ; ret=`expr $? + $ret` + [[ $SERVICE == "HTTP" ]] && breach "$URL_PATH" ; ret=`expr $? + $ret` beast ; ret=`expr $? + $ret` poodle ; ret=`expr $? + $ret` if [[ $SERVICE == "HTTP" ]]; then outln; blue "--> Testing HTTP Header response" outln "\n" - hsts ; ret=`expr $? + $ret` - hpkp ; ret=`expr $? + $ret` - serverbanner ; ret=`expr $? + $ret` + hsts $URL_PATH" ; ret=`expr $? + $ret` + hpkp $URL_PATH" ; ret=`expr $? + $ret` + serverbanner $URL_PATH" ; ret=`expr $? + $ret` + cookieflags $URL_PATH" ; ret=`expr $? + $ret` fi rc4 ; ret=`expr $? + $ret` @@ -2279,6 +2283,6 @@ case "$1" in exit $ret ;; esac -# $Id: testssl.sh,v 1.165 2015/01/14 08:48:02 dirkw Exp $ +# $Id: testssl.sh,v 1.166 2015/01/14 11:23:52 dirkw Exp $ # vim:ts=5:sw=5