mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-09 18:20:59 +01:00
- removed netcat dependency, availability check with bash sockets only. Should work on RH'ish distros better now
This commit is contained in:
parent
21c7abd10d
commit
52ee5415d1
42
testssl.sh
42
testssl.sh
@ -970,12 +970,18 @@ spdy(){
|
|||||||
fd_socket() {
|
fd_socket() {
|
||||||
# arg doesn't work here
|
# arg doesn't work here
|
||||||
if ! exec 5<> /dev/tcp/$NODEIP/$PORT; then
|
if ! exec 5<> /dev/tcp/$NODEIP/$PORT; then
|
||||||
echo "`basename $0`: unable to make bash socket connection to $NODEIP:$PORT"
|
magenta "`basename $0`: unable to open a socket to $NODEIP:$PORT"
|
||||||
return 6
|
return 6
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
close_socket(){
|
||||||
|
exec 5<&-
|
||||||
|
exec 5>&-
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
ok_ids(){
|
ok_ids(){
|
||||||
echo
|
echo
|
||||||
tput bold; tput setaf 2; echo "ok -- something resetted our ccs packets"; tput sgr0
|
tput bold; tput setaf 2; echo "ok -- something resetted our ccs packets"; tput sgr0
|
||||||
@ -1067,6 +1073,8 @@ ccs_injection(){
|
|||||||
fi
|
fi
|
||||||
[ $retval -eq 3 ] && out ", timed out"
|
[ $retval -eq 3 ] && out ", timed out"
|
||||||
outln
|
outln
|
||||||
|
|
||||||
|
close_socket
|
||||||
rm $TMPFILE
|
rm $TMPFILE
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
@ -1180,6 +1188,8 @@ heartbleed(){
|
|||||||
[ $retval -eq 3 ] && green ", timed out"
|
[ $retval -eq 3 ] && green ", timed out"
|
||||||
outln
|
outln
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
close_socket
|
||||||
rm $TMPFILE
|
rm $TMPFILE
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
@ -1369,19 +1379,6 @@ find_openssl_binary() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
find_nc_binary() {
|
|
||||||
## FIXME: only the openbsd netcat understands IPv6 addresses! ==> bash sockets?
|
|
||||||
NC=`which netcat 2>/dev/null`
|
|
||||||
if [ "$?" -ne 0 ]; then
|
|
||||||
NC=`which nc 2>/dev/null`
|
|
||||||
if [ "$?" -ne 0 ]; then
|
|
||||||
outln "sorry. No netcat found, bye."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
starttls() {
|
starttls() {
|
||||||
protocol=`echo "$1" | sed 's/s$//'` # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s)
|
protocol=`echo "$1" | sed 's/s$//'` # strip trailing s in ftp(s), smtp(s), pop3(s), imap(s)
|
||||||
case "$1" in
|
case "$1" in
|
||||||
@ -1558,7 +1555,7 @@ ignore_no_or_lame() {
|
|||||||
if [ "$WARNINGS" = "off" -o "$WARNINGS" = "false" ]; then
|
if [ "$WARNINGS" = "off" -o "$WARNINGS" = "false" ]; then
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
outln
|
#outln
|
||||||
out "$1 "
|
out "$1 "
|
||||||
read a
|
read a
|
||||||
case $a in
|
case $a in
|
||||||
@ -1603,19 +1600,18 @@ parse_hn_port() {
|
|||||||
# now get NODEIP
|
# now get NODEIP
|
||||||
get_dns_entries
|
get_dns_entries
|
||||||
|
|
||||||
# check if netcat can connect to port
|
# check if we can connect to port
|
||||||
if find_nc_binary; then
|
if ! fd_socket; then
|
||||||
if ! $NC -z -v -w 2 $NODEIP $PORT &>/dev/null; then
|
ignore_no_or_lame "Ignore? "
|
||||||
ignore_no_or_lame "Supply a correct host/port pair. On $NODEIP:$PORT doesn't seem to be any service. Ignore? "
|
[ $? -ne 0 ] && exit 3
|
||||||
[ $? -ne 0 ] && exit 3
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
close_socket
|
||||||
|
|
||||||
if [ -z "$2" ]; then # for starttls we don't want this check
|
if [ -z "$2" ]; then # for starttls we don't want this check
|
||||||
# is ssl service listening on port? FIXME: better with bash on IP!
|
# is ssl service listening on port? FIXME: better with bash on IP!
|
||||||
$OPENSSL s_client -connect "$NODE:$PORT" $SNI </dev/null >/dev/null 2>&1
|
$OPENSSL s_client -connect "$NODE:$PORT" $SNI </dev/null >/dev/null 2>&1
|
||||||
if [ $? -ne 0 ]; then
|
if [ $? -ne 0 ]; then
|
||||||
ignore_no_or_lame "On port $PORT @ $NODE seems a server but not TLS/SSL enabled. Ignore? "
|
ignore_no_or_lame "On port $PORT @ $NODE doesn't seem a TLS/SSL enabled server. Really really ignore? \n (Pls note that he results might look ok but they are not) "
|
||||||
[ $? -ne 0 ] && exit 3
|
[ $? -ne 0 ] && exit 3
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
@ -1884,7 +1880,7 @@ case "$1" in
|
|||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.118 2014/10/07 09:12:53 dirkw Exp $
|
# $Id: testssl.sh,v 1.119 2014/10/07 10:03:47 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user