- FIX: grep -a if we hit binary content with http_header (also if otherwise specified)

- NEW: can specify URL (used for header matters and breach)
- FIX: better handling of >1 cookies
This commit is contained in:
Dirk 2015-01-14 12:23:53 +01:00
parent 3d81a7b5ec
commit 4c6f0d9a50

View File

@ -265,7 +265,8 @@ wait_kill(){
# foreign referers are the important thing here! # foreign referers are the important thing here!
breach() { breach() {
bold " BREACH"; out " =HTTP Compression, experimental " bold " BREACH"; out " =HTTP Compression, experimental "
[ -z "$1" ] && url="/" url="$1"
[ -z "$url" ] && url="/"
if [ $SNEAKY -eq 0 ] ; then if [ $SNEAKY -eq 0 ] ; then
referer="Referer: http://google.com/" # see https://community.qualys.com/message/20360 referer="Referer: http://google.com/" # see https://community.qualys.com/message/20360
useragent="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" useragent="User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"
@ -380,9 +381,9 @@ EOF
ret=0 ret=0
else else
magenta " header request stalled" magenta " header request stalled"
egrep -wq "301|302|^Location" $HEADERFILE egrep -awq "301|302|^Location" $HEADERFILE
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
redir2=`grep '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n'` redir2=`grep -a '^Location' $HEADERFILE | sed 's/Location: //' | tr -d '\r\n'`
outln " (30x to $redir2, tried this URL?)" outln " (30x to $redir2, tried this URL?)"
fi fi
[[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 $HEADERFILE 2>/dev/null [[ $DEBUG -eq 0 ]] && rm $HEADERFILE.2 $HEADERFILE 2>/dev/null
@ -392,22 +393,21 @@ EOF
} }
includeSubDomains() { includeSubDomains() {
if grep -q includeSubDomains "$1"; then if grep -aiq includeSubDomains "$1"; then
litegreen ", includeSubDomains" litegreen ", includeSubDomains"
else else
litecyan ", just this domain" litecyan ", just this domain"
fi fi
} }
#FIXME: it doesn't follow a 30x. At least a path should be possible to provide
hsts() { hsts() {
bold " HSTS " bold " HSTS "
if [ ! -s $HEADERFILE ] ; then if [ ! -s $HEADERFILE ] ; then
http_header || return 3 http_header "$1" || return 3
fi fi
grep -iw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE grep -iaw '^Strict-Transport-Security' $HEADERFILE >$TMPFILE
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
grep -ciw '^Strict-Transport-Security' $HEADERFILE | egrep -wq "1" || out "(two HSTS header, using 1st one) " grep -aciw '^Strict-Transport-Security' $HEADERFILE | egrep -wq "1" || out "(two HSTS header, using 1st one) "
AGE_SEC=`sed -e 's/[^0-9]*//g' $TMPFILE | head -1` AGE_SEC=`sed -e 's/[^0-9]*//g' $TMPFILE | head -1`
AGE_DAYS=`expr $AGE_SEC \/ 86400` AGE_DAYS=`expr $AGE_SEC \/ 86400`
if [ $AGE_DAYS -gt $HSTS_MIN ]; then if [ $AGE_DAYS -gt $HSTS_MIN ]; then
@ -428,11 +428,11 @@ hsts() {
hpkp() { hpkp() {
bold " HPKP " bold " HPKP "
if [ ! -s $HEADERFILE ] ; then if [ ! -s $HEADERFILE ] ; then
http_header || return 3 http_header "$1" || return 3
fi fi
egrep -iw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE >$TMPFILE egrep -aiw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE >$TMPFILE
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
egrep -ciw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE | egrep -wq "1" || out "(two HPKP header, using 1st one) " egrep -aciw '^Public-Key-Pins|Public-Key-Pins-Report-Only' $HEADERFILE | egrep -wq "1" || out "(two HPKP header, using 1st one) "
AGE_SEC=`sed -e 's/\r//g' -e 's/^.*max-age=//' -e 's/;.*//' $TMPFILE` AGE_SEC=`sed -e 's/\r//g' -e 's/^.*max-age=//' -e 's/;.*//' $TMPFILE`
AGE_DAYS=`expr $AGE_SEC \/ 86400` AGE_DAYS=`expr $AGE_SEC \/ 86400`
if [ $AGE_DAYS -ge $HPKP_MIN ]; then if [ $AGE_DAYS -ge $HPKP_MIN ]; then
@ -450,15 +450,14 @@ hpkp() {
tmpfile_handle $FUNCNAME.txt tmpfile_handle $FUNCNAME.txt
return $? return $?
} }
#FIXME: report-uri
#FIXME: once checkcert.sh is here: fingerprints! #FIXME: once checkcert.sh is here: fingerprints!
serverbanner() { serverbanner() {
bold " Server " bold " Server "
if [ ! -s $HEADERFILE ] ; then if [ ! -s $HEADERFILE ] ; then
http_header || return 3 http_header "$1" || return 3
fi fi
grep -i '^Server' $HEADERFILE >$TMPFILE grep -ai '^Server' $HEADERFILE >$TMPFILE
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
#out=`cat $TMPFILE | sed -e 's/^Server: //' -e 's/^server: //' -e 's/^[[:space:]]//'` #out=`cat $TMPFILE | sed -e 's/^Server: //' -e 's/^server: //' -e 's/^[[:space:]]//'`
serverbanner=`cat $TMPFILE | sed -e 's/^Server: //' -e 's/^server: //'` serverbanner=`cat $TMPFILE | sed -e 's/^Server: //' -e 's/^server: //'`
@ -472,8 +471,8 @@ serverbanner() {
fi fi
bold " Application " bold " Application "
# examples: php.net, asp.net , www.regonline.com # examples: dev.testssl.sh, php.net, asp.net , www.regonline.com
egrep -i '^X-Powered-By|^X-AspNet-Version|^X-Runtime|^X-Version' $HEADERFILE >$TMPFILE egrep -ai '^X-Powered-By|^X-AspNet-Version|^X-Runtime|^X-Version' $HEADERFILE >$TMPFILE
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
#cat $TMPFILE | sed 's/^.*:/:/' | sed -e :a -e '$!N;s/\n:/ \n\ +/;ta' -e 'P;D' | sed 's/://g' #cat $TMPFILE | sed 's/^.*:/:/' | sed -e :a -e '$!N;s/\n:/ \n\ +/;ta' -e 'P;D' | sed 's/://g'
sed 's/^/ /g' $TMPFILE | tr -t '\n\r' ' ' sed 's/^/ /g' $TMPFILE | tr -t '\n\r' ' '
@ -494,29 +493,33 @@ serverbanner() {
return $? return $?
} }
#dead function as of now
cookieflags() { # ARG1: Path, ARG2: path cookieflags() { # ARG1: Path, ARG2: path
bold " Cookie(s) " bold " Cookie(s) "
if [ ! -s $HEADERFILE ] ; then if [ ! -s $HEADERFILE ] ; then
http_header "$1" || return 3 http_header "$1" || return 3
fi fi
grep -i '^Set-Cookie' $HEADERFILE >$TMPFILE grep -ai '^Set-Cookie' $HEADERFILE >$TMPFILE
# lines!
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
out $(wc -l $TMPFILE) nr_cookies=`cat $TMPFILE | wc -l`
out ": " if [ $nr_cookies -gt 1 ] ; then
if grep -q -i secure $TMPFILE; then out $(wc -l $TMPFILE)
litegreen "Secure, " out " issued: "
negative_word="NOONE"
else else
out "NOT secure, " negative_word="NOT"
fi
if grep -q -i httponly $TMPFILE; then
litegreen "HttpOnly "
else
out "NOT HttpOnly"
fi fi
nr_secure=`grep -iac secure $TMPFILE`
case $nr_secure in
0) out "$negative_word secure, " ;;
[123456789]) litegreen "$nr_secure/$nr_cookies secure" ; out ", ";;
esac
nr_httponly=`grep -cai httponly $TMPFILE`
case $nr_httponly in
0) out "$negative_word HttpOnly" ;;
[123456789]) litegreen "$nr_secure/$nr_cookies HttpOnly" ;;
esac
else else
out "none issued" out "none issued at \"$url\""
fi fi
outln outln
@ -1973,8 +1976,8 @@ parse_hn_port() {
fi fi
SNI="-servername $NODE" SNI="-servername $NODE"
#URLP=`echo $1 | sed 's/'"${PROTO}"':\/\/'"${NODE}"'//'` URL_PATH=`echo $1 | sed 's/.*'"${NODE}"'//'` # remove protocol and node part
#URLP=`echo $URLP | sed 's/\/\//\//g'` # // -> / URL_PATH=`echo $URL_PATH | sed 's/\/\//\//g'` # we rather want // -> /
# now get NODEIP # now get NODEIP
get_dns_entries get_dns_entries
@ -2202,7 +2205,7 @@ case "$1" in
litemagentaln " Wrong usage: You're not targetting a HTTP service" litemagentaln " Wrong usage: You're not targetting a HTTP service"
ret=2 ret=2
else else
breach breach "$URL_PATH"
ret=$? ret=$?
fi fi
ret=`expr $? + $ret` ret=`expr $? + $ret`
@ -2232,12 +2235,12 @@ case "$1" in
parse_hn_port "$2" parse_hn_port "$2"
outln; blue "--> Testing HTTP Header response"; outln "\n" outln; blue "--> Testing HTTP Header response"; outln "\n"
if [[ $SERVICE == "HTTP" ]]; then if [[ $SERVICE == "HTTP" ]]; then
hsts hsts "$URL_PATH"
hpkp hpkp "$URL_PATH"
ret=$? ret=$?
serverbanner serverbanner "$URL_PATH"
ret=`expr $? + $ret` ret=`expr $? + $ret`
cookieflags cookieflags "$URL_PATH"
ret=`expr $? + $ret` ret=`expr $? + $ret`
else else
litemagentaln " Wrong usage: You're not targetting a HTTP service" litemagentaln " Wrong usage: You're not targetting a HTTP service"
@ -2262,16 +2265,17 @@ case "$1" in
ccs_injection ; ret=`expr $? + $ret` ccs_injection ; ret=`expr $? + $ret`
renego ; ret=`expr $? + $ret` renego ; ret=`expr $? + $ret`
crime ; ret=`expr $? + $ret` crime ; ret=`expr $? + $ret`
[[ $SERVICE == "HTTP" ]] && breach ; ret=`expr $? + $ret` [[ $SERVICE == "HTTP" ]] && breach "$URL_PATH" ; ret=`expr $? + $ret`
beast ; ret=`expr $? + $ret` beast ; ret=`expr $? + $ret`
poodle ; ret=`expr $? + $ret` poodle ; ret=`expr $? + $ret`
if [[ $SERVICE == "HTTP" ]]; then if [[ $SERVICE == "HTTP" ]]; then
outln; blue "--> Testing HTTP Header response" outln; blue "--> Testing HTTP Header response"
outln "\n" outln "\n"
hsts ; ret=`expr $? + $ret` hsts $URL_PATH" ; ret=`expr $? + $ret`
hpkp ; ret=`expr $? + $ret` hpkp $URL_PATH" ; ret=`expr $? + $ret`
serverbanner ; ret=`expr $? + $ret` serverbanner $URL_PATH" ; ret=`expr $? + $ret`
cookieflags $URL_PATH" ; ret=`expr $? + $ret`
fi fi
rc4 ; ret=`expr $? + $ret` rc4 ; ret=`expr $? + $ret`
@ -2279,6 +2283,6 @@ case "$1" in
exit $ret ;; exit $ret ;;
esac esac
# $Id: testssl.sh,v 1.165 2015/01/14 08:48:02 dirkw Exp $ # $Id: testssl.sh,v 1.166 2015/01/14 11:23:52 dirkw Exp $
# vim:ts=5:sw=5 # vim:ts=5:sw=5