From 6110843fd0cc1186e8deaeea5db5dd5ac55a1299 Mon Sep 17 00:00:00 2001 From: Dirk Wetter Date: Wed, 9 Oct 2024 15:47:50 +0200 Subject: [PATCH] The F5 cookie decoder doesn't detect IPs in the 10.x.x.x space for non-encrypted cookies. This fixes the regex pattern, see also https://github.com/drwetter/F5-BIGIP-Decoder/pull/4/files --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 4068440..61282a9 100755 --- a/testssl.sh +++ b/testssl.sh @@ -3284,7 +3284,7 @@ sub_f5_bigip_check() { [[ -z "$cookievalue" ]] && break cookievalue=${cookievalue/;/} debugme echo $cookiename : $cookievalue - if grep -Eq '[0-9]{9,10}\.[0-9]{3,5}\.0000' <<< "$cookievalue"; then + if grep -Eq '[0-9]{8,10}\.[0-9]{3,5}\.0000' <<< "$cookievalue"; then ip="$(f5_ip_oldstyle "$cookievalue")" port="$(f5_port_decode $cookievalue)" out "${spaces}F5 cookie (default IPv4 pool member): "; pr_italic "$cookiename "; prln_svrty_medium "${ip}:${port}"