mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-10 02:30:58 +01:00
- NEW: tells how many certificates provides (and grabs them with DEBUG=1)
- COLOR for no cipher order is red now - "VULNERABLE" comes now always with "NOT ok"
This commit is contained in:
parent
d16939ea8f
commit
4e863e4fa5
32
testssl.sh
32
testssl.sh
@ -314,10 +314,10 @@ EOF
|
|||||||
result=`cat $HEADERFILE_BREACH | grep -a '^Content-Encoding' | sed -e 's/^Content-Encoding//' -e 's/://' -e 's/ //g'`
|
result=`cat $HEADERFILE_BREACH | grep -a '^Content-Encoding' | sed -e 's/^Content-Encoding//' -e 's/://' -e 's/ //g'`
|
||||||
result=`echo $result | tr -cd '\40-\176'`
|
result=`echo $result | tr -cd '\40-\176'`
|
||||||
if [ -z $result ]; then
|
if [ -z $result ]; then
|
||||||
pr_green "no HTTP compression "
|
pr_green "no HTTP compression (OK) "
|
||||||
ret=0
|
ret=0
|
||||||
else
|
else
|
||||||
pr_litered "uses $result compression "
|
pr_litered "NOT ok, uses $result compression "
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
# Catch: any URL can be vulnerable. I am testing now only the root. URL!
|
# Catch: any URL can be vulnerable. I am testing now only the root. URL!
|
||||||
@ -375,7 +375,7 @@ poodle() {
|
|||||||
ret=$?
|
ret=$?
|
||||||
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
|
[ "$VERBERR" -eq 0 ] && cat $TMPFILE | egrep "error|failure" | egrep -v "unable to get local|verify error"
|
||||||
if [ $ret -eq 0 ]; then
|
if [ $ret -eq 0 ]; then
|
||||||
pr_litered "VULNERABLE"; out ", uses SSLv3 (no TLS_FALLBACK_SCSV mitigation tested)"
|
pr_litered "VULNERABLE (NOT ok)"; out ", uses SSLv3 (no TLS_FALLBACK_SCSV mitigation tested)"
|
||||||
else
|
else
|
||||||
pr_green "not vulnerable (OK)"
|
pr_green "not vulnerable (OK)"
|
||||||
fi
|
fi
|
||||||
@ -410,8 +410,8 @@ EOF
|
|||||||
pid=$!
|
pid=$!
|
||||||
if wait_kill $pid $HEADER_MAXSLEEP; then
|
if wait_kill $pid $HEADER_MAXSLEEP; then
|
||||||
if ! egrep -iq "XML|HTML|DOCTYPE|HTTP|Connection" $HEADERFILE; then
|
if ! egrep -iq "XML|HTML|DOCTYPE|HTTP|Connection" $HEADERFILE; then
|
||||||
pr_litemagenta "likely HTTP header request failed (#lines: $(cat $HEADERFILE | wc -l))."
|
pr_litemagenta "likely HTTP header requests failed (#lines: $(cat $HEADERFILE | wc -l))."
|
||||||
outln "Rerun with DEBUG=1 and inspect \"http_header.txt\""
|
outln "Rerun with DEBUG=1 and inspect \"http_header.txt\"\n"
|
||||||
debugme cat $HEADERFILE
|
debugme cat $HEADERFILE
|
||||||
ret=7
|
ret=7
|
||||||
fi
|
fi
|
||||||
@ -980,7 +980,7 @@ server_preference() {
|
|||||||
|
|
||||||
out " Has server cipher order? "
|
out " Has server cipher order? "
|
||||||
if [[ "$cipher1" != "$cipher2" ]]; then
|
if [[ "$cipher1" != "$cipher2" ]]; then
|
||||||
pr_brown "nope (NOT ok)"
|
pr_litered "nope (NOT ok)"
|
||||||
remark4default_cipher=" (limited sense as client will pick)"
|
remark4default_cipher=" (limited sense as client will pick)"
|
||||||
else
|
else
|
||||||
pr_green "yes (OK)"
|
pr_green "yes (OK)"
|
||||||
@ -1185,6 +1185,12 @@ server_defaults() {
|
|||||||
startdate=`date --date="$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M"`
|
startdate=`date --date="$($OPENSSL x509 -in $HOSTCERT -noout -startdate | cut -d= -f 2)" +"%F %H:%M"`
|
||||||
outln " ($startdate --> $enddate)"
|
outln " ($startdate --> $enddate)"
|
||||||
|
|
||||||
|
savedir=`pwd`; cd $TEMPDIR
|
||||||
|
$OPENSSL s_client -showcerts $STARTTLS -connect $NODEIP:$PORT $SNI 2>/dev/null </dev/null | \
|
||||||
|
awk -v c=-1 '/-----BEGIN CERTIFICATE-----/{inc=1;c++} inc {print > ("level" c ".crt")} /---END CERTIFICATE-----/{inc=0}'
|
||||||
|
nrsaved=`ls $TEMPDIR/level?.crt | wc -w`
|
||||||
|
outln " # of certificates provided $nrsaved"
|
||||||
|
cd $savedir
|
||||||
|
|
||||||
out " Certificate Revocation List "
|
out " Certificate Revocation List "
|
||||||
crl=`$OPENSSL x509 -in $HOSTCERT -noout -text | grep -A 4 "CRL Distribution" | grep URI | sed 's/^.*URI://'`
|
crl=`$OPENSSL x509 -in $HOSTCERT -noout -text | grep -A 4 "CRL Distribution" | grep URI | sed 's/^.*URI://'`
|
||||||
@ -1928,7 +1934,7 @@ ccs_injection(){
|
|||||||
pr_green "not vulnerable (OK)"
|
pr_green "not vulnerable (OK)"
|
||||||
ret=0
|
ret=0
|
||||||
else
|
else
|
||||||
pr_red "VULNERABLE"
|
pr_red "VULNERABLE (not OK)"
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
[ $retval -eq 3 ] && out "(timed out)"
|
[ $retval -eq 3 ] && out "(timed out)"
|
||||||
@ -2063,7 +2069,7 @@ renego() {
|
|||||||
echo R | $OPENSSL s_client $ADDCMD $STARTTLS -connect $NODEIP:$PORT $SNI &>$TMPFILE
|
echo R | $OPENSSL s_client $ADDCMD $STARTTLS -connect $NODEIP:$PORT $SNI &>$TMPFILE
|
||||||
reneg_ok=$? # 0=client is renegotiating and does not get an error: vuln to DoS via client initiated renegotiation
|
reneg_ok=$? # 0=client is renegotiating and does not get an error: vuln to DoS via client initiated renegotiation
|
||||||
case $reneg_ok in
|
case $reneg_ok in
|
||||||
0) pr_litered "IS vulnerable (NOT ok)"; outln ", DoS threat" ;;
|
0) pr_litered "VULNERABLE (NOT ok)"; outln ", DoS threat" ;;
|
||||||
1) pr_litegreenln "not vulnerable (OK)" ;;
|
1) pr_litegreenln "not vulnerable (OK)" ;;
|
||||||
*) outln "FIXME: $reneg_ok" ;;
|
*) outln "FIXME: $reneg_ok" ;;
|
||||||
esac
|
esac
|
||||||
@ -2073,7 +2079,7 @@ renego() {
|
|||||||
echo "R" | $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT $SNI 2>&1 | grep -iq "$NEG_STR"
|
echo "R" | $OPENSSL s_client $STARTTLS -connect $NODEIP:$PORT $SNI 2>&1 | grep -iq "$NEG_STR"
|
||||||
secreg=$? # 0= Secure Renegotiation IS NOT supported
|
secreg=$? # 0= Secure Renegotiation IS NOT supported
|
||||||
case $secreg in
|
case $secreg in
|
||||||
0) pr_redln "IS vulnerable (NOT ok)" ;;
|
0) pr_redln "VULNERABLE (NOT ok)" ;;
|
||||||
1) pr_greenln "not vulnerable (OK)" ;;
|
1) pr_greenln "not vulnerable (OK)" ;;
|
||||||
*) outln "FIXME: $secreg" ;;
|
*) outln "FIXME: $secreg" ;;
|
||||||
esac
|
esac
|
||||||
@ -2118,9 +2124,9 @@ crime() {
|
|||||||
ret=0
|
ret=0
|
||||||
else
|
else
|
||||||
if [[ $SERVICE == "HTTP" ]]; then
|
if [[ $SERVICE == "HTTP" ]]; then
|
||||||
pr_red "IS vulnerable (NOT ok)"
|
pr_red "VULNERABLE (NOT ok)"
|
||||||
else
|
else
|
||||||
pr_brown "IS vulnerable" ; out ", but not using HTTP: probably no exploit known"
|
pr_brown "VULNERABLE (NOT ok), but not using HTTP: probably no exploit known"
|
||||||
fi
|
fi
|
||||||
ret=1
|
ret=1
|
||||||
fi
|
fi
|
||||||
@ -2155,7 +2161,7 @@ crime() {
|
|||||||
# pr_green "not vulnerable (OK)"
|
# pr_green "not vulnerable (OK)"
|
||||||
# ret=`expr $ret + 0`
|
# ret=`expr $ret + 0`
|
||||||
# else
|
# else
|
||||||
# pr_red "IS vulnerable (NOT ok)"
|
# pr_red "VULNERABLE (NOT ok)"
|
||||||
# ret=`expr $ret + 1`
|
# ret=`expr $ret + 1`
|
||||||
# fi
|
# fi
|
||||||
# fi
|
# fi
|
||||||
@ -2858,6 +2864,6 @@ case "$1" in
|
|||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.192 2015/02/21 09:38:03 dirkw Exp $
|
# $Id: testssl.sh,v 1.193 2015/02/21 10:47:11 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user