Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-07 17:20:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '2.9dev' into run_allciphers_sockets

Browse Source
This commit is contained in:
David Cooper 2016-11-07 13:50:58 -05:00
commit 66c855f54b
2 changed files with 201 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
Readme.md
View File

@ -28,9 +28,8 @@ cryptographic flaws.
#### Status #### Status
_ _Here in the master branch you find the stable version 2.8rc2 of the software, it Here in the _2.9dev branch you find the development version_ of the software
superseds 2.6. Version 2.8 is currently being finalized_ . The 2.9dev branch is the developement -- with new features and maybe some bugs. For the stable version and **a
-- with new features and maybe some bugs. For the stable version and **a
more thorough description of the command line options** please see more thorough description of the command line options** please see
[testssl.sh](https://testssl.sh/ "Go to the site with the stable version [testssl.sh](https://testssl.sh/ "Go to the site with the stable version
and more documentation") or https://github.com/drwetter/testssl.sh/wiki/Usage-Documentation. and more documentation") or https://github.com/drwetter/testssl.sh/wiki/Usage-Documentation.
@ -48,13 +47,15 @@ exchanges.
Update notification here or @ [twitter](https://twitter.com/drwetter). Update notification here or @ [twitter](https://twitter.com/drwetter).
#### [Features in 2.9dev](Readme.md#devel) #### Features implemented in [2.9dev](Readme.md#devel)
* Support of supplying timeout value for ``openssl connect`` * Support of supplying timeout value for ``openssl connect`` -- useful for batch/mass scanning
* TLS 1.2 protocol check via socket * TLS 1.2 protocol check via socket
* Further TLS socket improvements (Handshake) * Further TLS socket improvements (Handshake parsing, robustness)
* non-flat JSON support
* in file output (CSV, JSON flat, JSON non-flat) support of a minimum severity level (only above supplied level there will be output)
#### Planned in 2.9dev #### Features planned in 2.9dev
https://github.com/drwetter/testssl.sh/issues?q=is%3Aopen+is%3Aissue+milestone%3A2.9dev https://github.com/drwetter/testssl.sh/issues?q=is%3Aopen+is%3Aissue+milestone%3A2.9dev

272
testssl.sh
View File

@ -505,10 +505,13 @@ strip_quote() {
fileout_pretty_json_header() { fileout_pretty_json_header() {
START_TIME=$(date +%s) START_TIME=$(date +%s)
echo -e " \"host\" : \"$NODE\", echo -e " \"Invocation\" : \"$PROG_NAME $CMDLINE\",
\"at\" : \"$HNAME:$OPENSSL_LOCATION\",
\"version\" : \"$VERSION ${GIT_REL_SHORT:-$CVS_REL_SHORT} from $REL_DATE\"
\"openssl\" : \"$OSSL_VER\" from \"$OSSL_BUILD_DATE\"
\"target host\" : \"$NODE\",
\"port\" : \"$PORT\", \"port\" : \"$PORT\",
\"startTime\" : \"$START_TIME\", \"startTime\" : \"$START_TIME\",
\"version\" : \"$VERSION\",
\"scanResult\" : { \"scanResult\" : {
" "
} }
@ -701,9 +704,13 @@ trim_trailing_space() {
echo "${1%%*( )}" echo "${1%%*( )}"
} }
toupper() { if [[ $(uname) == "Linux" ]] ; then
echo -n "$1" | tr 'a-z' 'A-Z' toupper() { echo -n "${1^^}" ; }
} tolower() { echo -n "${1,,}" ; }
else
toupper() { echo -n "$1" | tr 'a-z' 'A-Z'; }
tolower() { echo -n "$1" | tr 'A-Z' 'a-z' ; }
fi
is_number() { is_number() {
[[ "$1" =~ ^[1-9][0-9]*$ ]] && \ [[ "$1" =~ ^[1-9][0-9]*$ ]] && \
@ -1691,7 +1698,7 @@ normalize_ciphercode() {
HEXC="$part1$part2$part3" HEXC="$part1$part2$part3"
fi fi
#TODO: we should just echo this and avoid the global var HEXC #TODO: we should just echo this and avoid the global var HEXC
HEXC=$(echo $HEXC | tr 'A-Z' 'a-z' | sed 's/0x/x/') #tolower + strip leading 0 HEXC=$(tolower "$HEXC"| sed 's/0x/x/') # strip leading 0
return 0 return 0
} }
@ -2416,7 +2423,8 @@ client_simulation_sockets() {
local -i save=0 local -i save=0
local lines clienthello data="" local lines clienthello data=""
local cipher_list_2send local cipher_list_2send
local tls_hello_ascii local sock_reply_file2 sock_reply_file3
local tls_hello_ascii next_packet hello_done=0
if [[ "${1:0:4}" == "1603" ]]; then if [[ "${1:0:4}" == "1603" ]]; then
clienthello="$(create_client_simulation_tls_clienthello "$1")" clienthello="$(create_client_simulation_tls_clienthello "$1")"
@ -2425,7 +2433,7 @@ client_simulation_sockets() {
fi fi
len=${#clienthello} len=${#clienthello}
for (( i=0; i < len; i=i+2 )); do for (( i=0; i < len; i=i+2 )); do
data+=", ${clienthello:i:2}" data+=", ${clienthello:i:2}"
done done
debugme echo "sending client hello..." debugme echo "sending client hello..."
code2network "${data}" code2network "${data}"
@ -2441,15 +2449,58 @@ client_simulation_sockets() {
tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE") tls_hello_ascii=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}" tls_hello_ascii="${tls_hello_ascii%%[!0-9A-F]*}"
check_tls_serverhellodone "$tls_hello_ascii"
hello_done=$?
for(( 1 ; hello_done==1; 1 )); do
sock_reply_file2=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
mv "$SOCK_REPLY_FILE" "$sock_reply_file2"
debugme echo "requesting more server hello data..."
socksend "" $USLEEP_SND
sockread_serverhello 32768
next_packet=$(hexdump -v -e '16/1 "%02X"' "$SOCK_REPLY_FILE")
next_packet="${next_packet%%[!0-9A-F]*}"
if [[ ${#next_packet} -eq 0 ]]; then
# This shouldn't be necessary. However, it protects against
# getting into an infinite loop if the server has nothing
# left to send and check_tls_serverhellodone doesn't
# correctly catch it.
mv "$sock_reply_file2" "$SOCK_REPLY_FILE"
hello_done=0
else
tls_hello_ascii+="$next_packet"
sock_reply_file3=$(mktemp $TEMPDIR/ddreply.XXXXXX) || return 7
mv "$SOCK_REPLY_FILE" "$sock_reply_file3"
mv "$sock_reply_file2" "$SOCK_REPLY_FILE"
cat "$sock_reply_file3" >> "$SOCK_REPLY_FILE"
rm "$sock_reply_file3"
check_tls_serverhellodone "$tls_hello_ascii"
hello_done=$?
fi
done
debugme outln "reading server hello..." debugme outln "reading server hello..."
if [[ "$DEBUG" -ge 4 ]]; then if [[ "$DEBUG" -ge 4 ]]; then
hexdump -C $SOCK_REPLY_FILE | head -6 hexdump -C $SOCK_REPLY_FILE | head -6
echo echo
fi fi
parse_tls_serverhello "$tls_hello_ascii" parse_tls_serverhello "$tls_hello_ascii" "ephemeralkey"
save=$? save=$?
if [[ $save -eq 0 ]]; then
debugme echo "sending close_notify..."
if [[ "$DETECTED_TLS_VERSION" == "0300" ]]; then
socksend ",x15, x03, x00, x00, x02, x02, x00" 0
else
socksend ",x15, x03, x01, x00, x02, x02, x00" 0
fi
fi
# see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL # see https://secure.wand.net.nz/trac/libprotoident/wiki/SSL
lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>$ERRFILE)") lines=$(count_lines "$(hexdump -C "$SOCK_REPLY_FILE" 2>$ERRFILE)")
debugme out " (returned $lines lines) " debugme out " (returned $lines lines) "
@ -2489,7 +2540,7 @@ run_client_simulation() {
local minEcdsaBits=() local minEcdsaBits=()
local requiresSha2=() local requiresSha2=()
local i=0 local i=0
local name tls proto cipher local name tls proto cipher temp what_dh bits has_dh_bits
local using_sockets=true local using_sockets=true
if "$SSL_NATIVE" || [[ -n "$STARTTLS" ]]; then if "$SSL_NATIVE" || [[ -n "$STARTTLS" ]]; then
@ -3251,6 +3302,18 @@ run_client_simulation() {
sclient_connect_successful $? $TMPFILE sclient_connect_successful $? $TMPFILE
sclient_success=$? sclient_success=$?
fi fi
if [[ $sclient_success -eq 0 ]]; then
# If an ephemeral DH key was used, check that the number of bits is within range.
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE") # extract line
what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
bits=$(awk -F',' '{ print $3 }' <<< $temp)
grep -q bits <<< $bits || bits=$(awk -F',' '{ print $2 }' <<< $temp)
bits=$(tr -d ' bits' <<< $bits)
if [[ "$what_dh" == "DH" ]]; then
[[ ${minDhBits[i]} -ne -1 ]] && [[ $bits -lt ${minDhBits[i]} ]] && sclient_success=1
[[ ${maxDhBits[i]} -ne -1 ]] && [[ $bits -gt ${maxDhBits[i]} ]] && sclient_success=1
fi
fi
if [[ $sclient_success -ne 0 ]]; then if [[ $sclient_success -ne 0 ]]; then
outln "No connection" outln "No connection"
fileout "client_${short[i]}" "INFO" "$(strip_spaces "${names[i]}") client simulation: No connection" fileout "client_${short[i]}" "INFO" "$(strip_spaces "${names[i]}") client simulation: No connection"
@ -3285,7 +3348,12 @@ run_client_simulation() {
#FiXME: awk #FiXME: awk
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://') cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && cipher="$(rfc2openssl "$cipher")" "$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && cipher="$(rfc2openssl "$cipher")"
outln "$proto $cipher" out "$proto $cipher"
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && has_dh_bits=$HAS_DH_BITS && HAS_DH_BITS=true
"$HAS_DH_BITS" && read_dhbits_from_file $TMPFILE
"$using_sockets" && [[ -n "${handshakebytes[i]}" ]] && HAS_DH_BITS=$has_dh_bits
[[ ":${ROBUST_PFS_CIPHERS}:" =~ ":${cipher}:" ]] && out ", " && pr_done_good "FS"
outln
if [[ -n "${warning[i]}" ]]; then if [[ -n "${warning[i]}" ]]; then
out " " out " "
outln "${warning[i]}" outln "${warning[i]}"
@ -6646,6 +6714,7 @@ sslv2_sockets() {
# ARG1: TLS version low byte (00: SSLv3, 01: TLS 1.0, 02: TLS 1.1, 03: TLS 1.2) # ARG1: TLS version low byte (00: SSLv3, 01: TLS 1.0, 02: TLS 1.1, 03: TLS 1.2)
# ARG2: CIPHER_SUITES string # ARG2: CIPHER_SUITES string
# ARG3: (optional) additional request extensions
socksend_tls_clienthello() { socksend_tls_clienthello() {
local tls_low_byte="$1" local tls_low_byte="$1"
local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3 local tls_word_reclayer="03, 01" # the first TLS version number is the record layer and always 0301 -- except: SSLv3
@ -6658,10 +6727,12 @@ socksend_tls_clienthello() {
local len_client_hello_word len_all_word local len_client_hello_word len_all_word
local ecc_cipher_suite_found=false local ecc_cipher_suite_found=false
local extension_signature_algorithms extension_heartbeat local extension_signature_algorithms extension_heartbeat
local extension_session_ticket extension_next_protocol extensions_ecc extension_padding local extension_session_ticket extension_next_protocol extension_padding
local extension_supported_groups="" extension_supported_point_formats=""
local extra_extensions extra_extensions_list=""
code2network "$2" # convert CIPHER_SUITES code2network "$(tolower "$2")" # convert CIPHER_SUITES
cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next cipher_suites="$NW_STR" # we don't have the leading \x here so string length is two byte less, see next
len_ciph_suites_byte=$(echo ${#cipher_suites}) len_ciph_suites_byte=$(echo ${#cipher_suites})
let "len_ciph_suites_byte += 2" let "len_ciph_suites_byte += 2"
@ -6690,7 +6761,7 @@ socksend_tls_clienthello() {
elif [[ "$part2" -ge "0x5c" ]] && [[ "$part2" -le "0x63" ]]; then elif [[ "$part2" -ge "0x5c" ]] && [[ "$part2" -le "0x63" ]]; then
ecc_cipher_suite_found=true && break ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x70" ]] && [[ "$part2" -le "0x79" ]]; then elif [[ "$part2" -ge "0x70" ]] && [[ "$part2" -le "0x79" ]]; then
ecc_cipher_suite_found=true && break ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x86" ]] && [[ "$part2" -le "0x8d" ]]; then elif [[ "$part2" -ge "0x86" ]] && [[ "$part2" -le "0x8d" ]]; then
ecc_cipher_suite_found=true && break ecc_cipher_suite_found=true && break
elif [[ "$part2" -ge "0x9a" ]] && [[ "$part2" -le "0x9b" ]]; then elif [[ "$part2" -ge "0x9a" ]] && [[ "$part2" -le "0x9b" ]]; then
@ -6737,43 +6808,79 @@ socksend_tls_clienthello() {
extension_next_protocol=" extension_next_protocol="
33, 74, 00, 00" 33, 74, 00, 00"
# Supported Elliptic Curves Extension and Supported Point Formats Extension. if "$ecc_cipher_suite_found"; then
extensions_ecc=" # Supported Groups Extension
00, 0a, # Type: Supported Elliptic Curves , see RFC 4492 extension_supported_groups="
00, 3e, 00, 3c, # lengths 00, 0a, # Type: Supported Elliptic Curves , see RFC 4492
00, 0e, 00, 0d, 00, 19, 00, 1c, 00, 1e, 00, 0b, 00, 0c, 00, 1b, 00, 3e, 00, 3c, # lengths
00, 18, 00, 09, 00, 0a, 00, 1a, 00, 16, 00, 17, 00, 1d, 00, 08, 00, 0e, 00, 0d, 00, 19, 00, 1c, 00, 1e, 00, 0b, 00, 0c, 00, 1b,
00, 06, 00, 07, 00, 14, 00, 15, 00, 04, 00, 05, 00, 12, 00, 13, 00, 18, 00, 09, 00, 0a, 00, 1a, 00, 16, 00, 17, 00, 1d, 00, 08,
00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11, 00, 06, 00, 07, 00, 14, 00, 15, 00, 04, 00, 05, 00, 12, 00, 13,
00, 0b, # Type: Supported Point Formats , see RFC 4492 00, 01, 00, 02, 00, 03, 00, 0f, 00, 10, 00, 11"
00, 02, # len # Supported Point Formats Extension
01, 00" extension_supported_point_formats="
00, 0b, # Type: Supported Point Formats , see RFC 4492
00, 02, # len
01, 00"
fi
all_extensions=" # Each extension should appear in the ClientHello at most once. So,
$extension_heartbeat # find out what extensions were provided as an argument and only use
,$extension_session_ticket # the provided values for those extensions.
,$extension_next_protocol" extra_extensions="$(echo "$3" | tr 'A-Z' 'a-z')"
code2network "$extra_extensions"
len_all=${#extra_extensions}
for (( i=0; i < len_all; i=i+16+4*0x$len_extension_hex )); do
part2=$i+4
extra_extensions_list+=" ${NW_STR:i:2}${NW_STR:part2:2} "
j=$i+8
part2=$j+4
len_extension_hex="${NW_STR:j:2}${NW_STR:part2:2}"
done
if [[ -n "$SNI" ]]; then if [[ -n "$SNI" ]] && [[ ! "$extra_extensions_list" =~ " 0000 " ]]; then
all_extensions="$all_extensions all_extensions="
,00, 00 # extension server_name 00, 00 # extension server_name
,00, $len_sni_ext # length SNI EXT ,00, $len_sni_ext # length SNI EXT
,00, $len_sni_listlen # server_name list_length ,00, $len_sni_listlen # server_name list_length
,00 # server_name type (hostname) ,00 # server_name type (hostname)
,00, $len_servername_hex # server_name length. We assume len(hostname) < FF - 9 ,00, $len_servername_hex # server_name length. We assume len(hostname) < FF - 9
,$servername_hexstr" # server_name target ,$servername_hexstr" # server_name target
fi fi
if [[ ! "$extra_extensions_list" =~ " 000f " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extension_heartbeat"
fi
if [[ ! "$extra_extensions_list" =~ " 0023 " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extension_session_ticket"
fi
# If the ClientHello will include the ALPN extension, then don't include the NPN extension.
if [[ ! "$extra_extensions_list" =~ " 3374 " ]] && [[ ! "$extra_extensions_list" =~ " 0010 " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extension_next_protocol"
fi
# RFC 5246 says that clients MUST NOT offer the signature algorithms # RFC 5246 says that clients MUST NOT offer the signature algorithms
# extension if they are offering TLS versions prior to 1.2. # extension if they are offering TLS versions prior to 1.2.
if [[ "0x$tls_low_byte" -ge "0x03" ]]; then if [[ "0x$tls_low_byte" -ge "0x03" ]] && [[ ! "$extra_extensions_list" =~ " 000d " ]]; then
all_extensions="$all_extensions [[ -n "$all_extensions" ]] && all_extensions+=","
,$extension_signature_algorithms" all_extensions+="$extension_signature_algorithms"
fi fi
if $ecc_cipher_suite_found; then if [[ -n "$extension_supported_groups" ]] && [[ ! "$extra_extensions_list" =~ " 000a " ]]; then
all_extensions="$all_extensions [[ -n "$all_extensions" ]] && all_extensions+=","
,$extensions_ecc" all_extensions+="$extension_supported_groups"
fi
if [[ -n "$extension_supported_point_formats" ]] && [[ ! "$extra_extensions_list" =~ " 000b " ]]; then
[[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extension_supported_point_formats"
fi
if [[ -n "$extra_extensions" ]]; then
[[ -n "$all_extensions" ]] && all_extensions+=","
all_extensions+="$extra_extensions"
fi fi
code2network "$all_extensions" # convert extensions code2network "$all_extensions" # convert extensions
@ -6786,11 +6893,11 @@ socksend_tls_clienthello() {
# If the length of the Client Hello would be between 256 and 511 bytes, # If the length of the Client Hello would be between 256 and 511 bytes,
# then add a padding extension (see RFC 7685) # then add a padding extension (see RFC 7685)
len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2)) len_all=$((0x$len_ciph_suites + 0x2b + 0x$len_extension_hex + 0x2))
if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]]; then if [[ $len_all -ge 256 ]] && [[ $len_all -le 511 ]] && [[ ! "$extra_extensions_list" =~ " 0015 " ]]; then
if [[ $len_all -gt 508 ]]; then if [[ $len_all -gt 508 ]]; then
len_padding_extension=0 len_padding_extension=0
else else
len_padding_extension=$((508 - 0x$len_ciph_suites - 0x2b - 0x$len_extension_hex - 0x2)) len_padding_extension=$((508 - 0x$len_ciph_suites - 0x2b - 0x$len_extension_hex - 0x2))
fi fi
len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension) len_padding_extension_hex=$(printf "%02x\n" $len_padding_extension)
len2twobytes "$len_padding_extension_hex" len2twobytes "$len_padding_extension_hex"
@ -6863,6 +6970,7 @@ socksend_tls_clienthello() {
# arg2: (optional) list of cipher suites # arg2: (optional) list of cipher suites
# arg3: (optional): "all" - process full response (including Certificate and certificate_status handshake messages) # arg3: (optional): "all" - process full response (including Certificate and certificate_status handshake messages)
# "ephemeralkey" - extract the server's ephemeral key (if any) # "ephemeralkey" - extract the server's ephemeral key (if any)
# arg4: (optional) additional request extensions
tls_sockets() { tls_sockets() {
local -i ret=0 local -i ret=0
local -i save=0 local -i save=0
@ -6885,7 +6993,7 @@ tls_sockets() {
fi fi
debugme echo "sending client hello..." debugme echo "sending client hello..."
socksend_tls_clienthello "$tls_low_byte" "$cipher_list_2send" socksend_tls_clienthello "$tls_low_byte" "$cipher_list_2send" "$4"
ret=$? # 6 means opening socket didn't succeed, e.g. timeout ret=$? # 6 means opening socket didn't succeed, e.g. timeout
# if sending didn't succeed we don't bother # if sending didn't succeed we don't bother
@ -8276,17 +8384,34 @@ check_bsd_mount() {
help() { help() {
cat << EOF cat << EOF
$PROG_NAME <options> "$PROG_NAME URI" or "$PROG_NAME <options>" or "$PROG_NAME <options> URI"
"$PROG_NAME URI", where URI is:
URI host|host:port|URL|URL:port port 443 is default, URL can only contain HTTPS protocol)
"$PROG_NAME <options>", where <options> is:
-h, --help what you're looking at -h, --help what you're looking at
-b, --banner displays banner + version of $PROG_NAME -b, --banner displays banner + version of $PROG_NAME
-v, --version same as previous -v, --version same as previous
-V, --local pretty print all local ciphers -V, --local pretty print all local ciphers
-V, --local <pattern> which local ciphers with <pattern> are available? -V, --local <pattern> which local ciphers with <pattern> are available? If pattern is not a number: word match
(if pattern not a number: word match)
$PROG_NAME <options> URI ("$PROG_NAME URI" does everything except -E) pattern is always an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
"$PROG_NAME <options> URI", where <options> is:
-t, --starttls <protocol> does a default run against a STARTTLS enabled <protocol,
protocol is <ftp|smtp|pop3|imap|xmpp|telnet|ldap> (latter two require supplied openssl)
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
--file <fname> mass testing option: Reads command lines from <fname>, one line per instance.
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"
single check as <options> ("$PROG_NAME URI" does everything except -E):
-e, --each-cipher checks each local cipher remotely -e, --each-cipher checks each local cipher remotely
-E, --cipher-per-proto checks those per protocol -E, --cipher-per-proto checks those per protocol
-f, --ciphers checks common cipher suites -f, --ciphers checks common cipher suites
@ -8300,7 +8425,7 @@ $PROG_NAME <options> URI ("$PROG_NAME URI" does everything except -E)
-c, --client-simulation test client simulations, see which client negotiates with cipher and protocol -c, --client-simulation test client simulations, see which client negotiates with cipher and protocol
-H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address -H, --header, --headers tests HSTS, HPKP, server/app banner, security headers, cookie, reverse proxy, IPv4 address
-U, --vulnerable tests all vulnerabilities -U, --vulnerable tests all (of the following) vulnerabilities (if applicable)
-B, --heartbleed tests for heartbleed vulnerability -B, --heartbleed tests for heartbleed vulnerability
-I, --ccs, --ccs-injection tests for CCS injection vulnerability -I, --ccs, --ccs-injection tests for CCS injection vulnerability
-R, --renegotiation tests for renegotiation vulnerabilities -R, --renegotiation tests for renegotiation vulnerabilities
@ -8315,29 +8440,16 @@ $PROG_NAME <options> URI ("$PROG_NAME URI" does everything except -E)
-s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings -s, --pfs, --fs, --nsa checks (perfect) forward secrecy settings
-4, --rc4, --appelbaum which RC4 ciphers are being offered? -4, --rc4, --appelbaum which RC4 ciphers are being offered?
special invocations: tuning / connect options (most also can be preset via environment variables):
-t, --starttls <protocol> does a default run against a STARTTLS enabled <protocol>
--xmpphost <to_domain> for STARTTLS enabled XMPP it supplies the XML stream to-'' domain -- sometimes needed
--mx <domain/host> tests MX records from high to low priority (STARTTLS, port 25)
--ip <ip> a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI
b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
-n, --nodns do not try any DNS lookup
--file <fname> mass testing option: Reads command lines from <fname>, one line per instance.
Comments via # allowed, EOF signals end of <fname>. Implicitly turns on "--warnings batch"
partly mandatory parameters:
URI host|host:port|URL|URL:port (port 443 is assumed unless otherwise specified)
pattern an ignore case word pattern of cipher hexcode or any other string in the name, kx or bits
protocol is one of the STARTTLS protocols ftp,smtp,pop3,imap,xmpp,telnet,ldap
(for the latter two you need e.g. the supplied openssl)
tuning options (can also be preset via environment variables):
--bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s --bugs enables the "-bugs" option of s_client, needed e.g. for some buggy F5s
--assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks --assume-http if protocol check fails it assumes HTTP protocol and enforces HTTP checks
--ssl-native fallback to checks with OpenSSL where sockets are normally used --ssl-native fallback to checks with OpenSSL where sockets are normally used
--openssl <PATH> use this openssl binary (default: look in \$PATH, \$RUN_DIR of $PROG_NAME) --openssl <PATH> use this openssl binary (default: look in \$PATH, \$RUN_DIR of $PROG_NAME)
--proxy <host>:<port> connect via the specified HTTP proxy --proxy <host>:<port> connect via the specified HTTP proxy
-6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity -6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
--ip <ip> a) tests the supplied <ip> v4 or v6 address instead of resolving host(s) in URI
b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
-n, --nodns do not try any DNS lookup
--sneaky leave less traces in target logs: user agent, referer --sneaky leave less traces in target logs: user agent, referer
output options (can also be preset via environment variables): output options (can also be preset via environment variables):
@ -8354,22 +8466,23 @@ output options (can also be preset via environment variables):
file output options (can also be preset via environment variables): file output options (can also be preset via environment variables):
--log, --logging logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory --log, --logging logs stdout to <NODE-YYYYMMDD-HHMM.log> in current working directory
--logfile <logfile> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file --logfile <logfile> logs stdout to <file/NODE-YYYYMMDD-HHMM.log> if file is a dir or to specified log file
--json additional output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd --json additional output of findings to flat JSON file <NODE-YYYYMMDD-HHMM.json> in cwd
--jsonfile <jsonfile> additional output to JSON and output JSON to the specified file --jsonfile <jsonfile> additional output to the specified flat JSON file
--json-pretty additional pretty structed output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd --json-pretty additional pretty structured output of findings to JSON file <NODE-YYYYMMDD-HHMM.json> in cwd
--jsonfile-pretty <jsonfile> additional pretty structed output to JSON and output JSON to the specified file --jsonfile-pretty <jsonfile> additional pretty structured output as JSON to the specified file
--csv additional output of findings to CSV file <NODE-YYYYMMDD-HHMM.csv> in cwd --csv additional output of findings to CSV file <NODE-YYYYMMDD-HHMM.csv> in cwd
--csvfile <csvfile> set output to CSV and output CSV to the specified file --csvfile <csvfile> additional output as CSV to the specified file
--severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL>
--append if <csvfile> or <jsonfile> exists rather append then overwrite --append if <csvfile> or <jsonfile> exists rather append then overwrite
--severity <severity> severities with lower level will be filtered
All options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
<URI> is always the last parameter. Options requiring a value can also be called with '=' e.g. testssl.sh -t=smtp --wide --openssl=/usr/bin/openssl <URI>.
URI always needs to be the last parameter.
Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/aha) like Need HTML output? Just pipe through "aha" (ANSI HTML Adapter: github.com/theZiz/aha) like
"$PROG_NAME <options> <URI> | aha >output.html" "$PROG_NAME <options> <URI> | aha >output.html" or use -log* and convert later
EOF EOF
#' Fix syntax highlight on sublime #' Fix syntax highlight on sublime
exit $1 exit $1
@ -8463,12 +8576,13 @@ EOF
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL' &>$TEMPDIR/all_local_ciphers.txt $OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL' &>$TEMPDIR/all_local_ciphers.txt
fi fi
# see also $TEMPDIR/s_client_has.txt from find_openssl_binary # see also $TEMPDIR/s_client_has.txt from find_openssl_binary
CIPHERS_BY_STRENGTH_FILE=$(mktemp $TEMPDIR/ciphers_by_strength.XXXXXX) CIPHERS_BY_STRENGTH_FILE=$(mktemp $TEMPDIR/ciphers_by_strength.XXXXXX)
#FIXME: better externally: separation of code and data
cat >$CIPHERS_BY_STRENGTH_FILE << EOF cat >$CIPHERS_BY_STRENGTH_FILE << EOF
0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD 0xCC,0x14 - ECDHE-ECDSA-CHACHA20-POLY1305-OLD TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=ECDSA Enc=ChaCha20(256) Mac=AEAD
0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD 0xCC,0x13 - ECDHE-RSA-CHACHA20-POLY1305-OLD TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=ECDH Au=RSA Enc=ChaCha20(256) Mac=AEAD
0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD 0xCC,0x15 - DHE-RSA-CHACHA20-POLY1305-OLD TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD TLSv1.2 Kx=DH Au=RSA Enc=ChaCha20(256) Mac=AEAD
0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD 0xC0,0x2C - ECDHE-ECDSA-AES256-GCM-SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 0xC0,0x28 - ECDHE-RSA-AES256-SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384