Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3.1dev' of https://github.com/w4ntun/testssl.sh into w4ntun-3.1dev

Browse Source
This commit is contained in:
Dirk
2023-03-03 12:31:26 +01:00
parent 88763f47a8 0af73c2d19
commit 581788ff39
1 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
testssl.sh
View File

@@ -196,7 +196,7 @@ TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your CA stores some place else
EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code EXPERIMENTAL=${EXPERIMENTAL:-false} # a development hook which allows us to disable code
PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy PROXY_WAIT=${PROXY_WAIT:-20} # waiting at max 20 seconds for socket reply through proxy
DNS_VIA_PROXY=${DNS_VIA_PROXY:-true} # do DNS lookups via proxy. --ip=proxy reverses this DNS_VIA_PROXY=${DNS_VIA_PROXY:-false} # do DNS lookups via proxy. --ip=proxy reverses this
IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out IGN_OCSP_PROXY=${IGN_OCSP_PROXY:-false} # Also when --proxy is supplied it is ignored when testing for revocation via OCSP via --phone-out
HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header HEADER_MAXSLEEP=${HEADER_MAXSLEEP:-5} # we wait this long before killing the process to retrieve a service banner / http header
MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket connects are reached we terminate MAX_SOCKET_FAIL=${MAX_SOCKET_FAIL:-2} # If this many failures for TCP socket connects are reached we terminate
@@ -22040,12 +22040,19 @@ display_rdns_etc() {
datebanner() { datebanner() {
local scan_time_f="" local scan_time_f=""
local node_banner=""
if [[ -n "PROXY" ]] && $DNS_VIA_PROXY;then
node_banner="$NODE:$PORT"
else
node_banner="$NODEIP:$PORT ($NODE)"
fi
if [[ "$1" =~ Done ]] ; then if [[ "$1" =~ Done ]] ; then
scan_time_f="$(printf "%04ss" "$SCAN_TIME")" # 4 digits because of windows scan_time_f="$(printf "%04ss" "$SCAN_TIME")" # 4 digits because of windows
pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $NODEIP:$PORT ($NODE) <<--" pr_reverse "$1 $(date +%F) $(date +%T) [$scan_time_f] -->> $node_banner <<--"
else else
pr_reverse "$1 $(date +%F) $(date +%T) -->> $NODEIP:$PORT ($NODE) <<--" pr_reverse "$1 $(date +%F) $(date +%T) -->> $node_banner <<--"
fi fi
outln "\n" outln "\n"
[[ "$1" =~ Start ]] && display_rdns_etc [[ "$1" =~ Start ]] && display_rdns_etc
@@ -23761,7 +23768,6 @@ lets_roll() {
fi fi
stopwatch initialized stopwatch initialized
[[ -z "$NODEIP" ]] && fatal "$NODE doesn't resolve to an IP address" $ERR_DNSLOOKUP
nodeip_to_proper_ip6 nodeip_to_proper_ip6
reset_hostdepended_vars reset_hostdepended_vars
determine_rdns # Returns always zero or has already exited if fatal error occurred determine_rdns # Returns always zero or has already exited if fatal error occurred
@@ -23964,26 +23970,30 @@ lets_roll() {
[[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDRs and IP46ADDR is set now [[ -z "$NODE" ]] && parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDRs and IP46ADDR is set now
prepare_logging prepare_logging
if ! determine_ip_addresses; then if [[ -n "$PROXY" ]] && $DNS_VIA_PROXY; then
fatal "No IP address could be determined" $ERR_DNSLOOKUP NODEIP="$NODE"
fi lets_roll "${STARTTLS_PROTOCOL}"
if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check RET=$?
MULTIPLE_CHECKS=true else
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs" determine_ip_addresses
for ip in $IPADDRs; do if [[ $(count_words "$IPADDRs") -gt 1 ]]; then # we have more than one ipv4 address to check
draw_line "-" $((TERM_WIDTH * 2 / 3)) MULTIPLE_CHECKS=true
outln pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
NODEIP="$ip" for ip in $IPADDRs; do
lets_roll "${STARTTLS_PROTOCOL}" draw_line "-" $((TERM_WIDTH * 2 / 3))
RET=$((RET + $?)) # RET value per IP address outln
done NODEIP="$ip"
draw_line "-" $((TERM_WIDTH * 2 / 3)) lets_roll "${STARTTLS_PROTOCOL}"
outln RET=$((RET + $?)) # RET value per IP address
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" done
else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied draw_line "-" $((TERM_WIDTH * 2 / 3))
NODEIP="$IPADDRs" outln
lets_roll "${STARTTLS_PROTOCOL}" pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
RET=$? else # Just 1x ip4v to check, applies also if CMDLINE_IP was supplied
fi NODEIP="$IPADDRs"
lets_roll "${STARTTLS_PROTOCOL}"
RET=$?
fi
fi
exit $RET exit $RET