From 7094c4436f74355b54dac65bcffbb2a9833b87ce Mon Sep 17 00:00:00 2001 From: Dirk Date: Tue, 13 Jun 2017 18:42:07 +0200 Subject: [PATCH] also now honor different ports per host from nmap file. testssl.sh is taking an educated guess which port makes sense to scan, which one not and for which one to use which starttls handshake upfront. This minimizes needless sscans and error messages. --- testssl.sh | 77 +++++++++++++++++++++++++++++------------------------- 1 file changed, 41 insertions(+), 36 deletions(-) diff --git a/testssl.sh b/testssl.sh index 9207c55..f4fbb63 100755 --- a/testssl.sh +++ b/testssl.sh @@ -12332,33 +12332,38 @@ create_mass_testing_cmdline() { ports2starttls() { local tcp_port=$1 + local ret=0 +# https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers case $tcp_port in - 21) echo "-t ftp" ;; - 23) echo "-t telnet" ;; - 119) echo "-t nntp" ;; # to come - 25|587) echo "-t smtp" ;; - 110) echo "-t pop3" ;; - 143) echo "-t imap" ;; - 389) echo "-t ldap";; - 3306) echo "-t mysql" ;; # to come - 5222) echo "-t xmpp" ;; # domain of jabber server maybe needed + 21) echo "-t ftp " ;; + 23) echo "-t telnet " ;; + 119|433) echo "-t nntp " ;; # to come + 25|587) echo "-t smtp " ;; + 110) echo "-t pop3 " ;; + 143) echo "-t imap " ;; + 389) echo "-t ldap ";; + 3306) echo "-t mysql " ;; # to come + 5222) echo "-t xmpp " ;; # domain of jabber server maybe needed 5432) echo "-t postgres" ;; -# for the following plain TLS ports we wouldn't need to list them. We do this just for reference which port is used by which service - 563) ;; # NNTPS - 636) ;; # LDAP - 443|465) ;; # HTTPS | SMTP - 631) ;; # CUPS - 993|995) ;; # POP3|IMAP - 3389) ;; # RDP + 563) ;; # NNTPS + 636) ;; # LDAP + 1443|8443|443|981) ;; # HTTPS + 465) ;; # HTTPS | SMTP + 631) ;; # CUPS + 853) ;; # DNS over TLS + 995|993) ;; # POP3|IMAP + 3389) ;; # RDP + *) ret=1 ;; # we don't know this ports so we rather do not scan it esac + return $ret } nmap_to_plain_file() { local target_fname="" local oneline="" - local ip hosttxt round_brackets ports_etc - local portstxt tmp tmp2 port + local ip hosttxt round_brackets ports_specs starttls + local tmp port host_spec protocol dontcare dontcare1 #FIXME: IPv6 is missing here # Ok, since we are here we are sure to have an nmap file. To avoid questions we make sure it's the right format too @@ -12373,12 +12378,6 @@ nmap_to_plain_file() { else fatal "Nmap file $FNAME is not in grep(p)able format (-oG filename.gmap)" -1 fi - # test whether there's more than one "open" per line which is not supported currently - while read -r oneline; do - if [[ $(tr ',' '\n' <<< "$oneline" | grep -c '\/open\/') -gt 1 ]]; then - fatal "nmap parser for file $FNAME currently cannot contain > 1 port per line" -3 - fi - done < "$FNAME" # strip extension and create output file *.txt in same folder target_fname="${FNAME%.*}.txt" > "${target_fname}" @@ -12391,28 +12390,34 @@ nmap_to_plain_file() { > "${target_fname}" || fatal "Cannot create \"${target_fname}\"" -1 fi - # format: - # Line x: "Status: Up" + # Line x: "Host: AAA.BBB.CCC.DDD () Status: Up" # Line x+1: "Host: AAA.BBB.CCC.DDD () Ports: 443/open/tcp//https///" - # or e.g.for ports in Line x+1 (if we can deal with > 1x port): - # Ports: 22/open/tcp//ssh///, 25/open/tcp//smtp///, 443/open/tcp//ssl|http// - while read -r hosttxt ip round_brackets ports_etc; do - grep -q "Status: " <<< "$ports_etc" && continue - grep -q '\/open\/' <<< "$ports_etc" || continue - read -r portstxt tmp <<< "$ports_etc" - IFS="/" read -r port tmp2 <<< "$tmp" # fetch first (and only) port (and for now ignore the rest) + # (or): Host: AAA.BBB.CCC.DDD () Ports: 22/open/tcp//ssh///, 25/open/tcp//smtp///, 443/open/tcp//ssl|http// + while read -r hosttxt ip round_brackets tmp ports_specs; do + grep -q "Status: " <<< "$ports_specs" && continue # we don't need this + grep -q '\/open\/tcp\/' <<< "$ports_specs" || continue # no open tcp at all for this IP --> move on fqdn="${round_brackets/\(/}" fqdn="${fqdn/\)/}" if [[ -n "$fqdn" ]]; then tmp="$(get_a_record "$fqdn")" debugme echo "$tmp \?= $ip" if [[ "$tmp" == "$ip" ]]; then - echo "$fqdn:$port" >>"$target_fname" - continue + host_spec="$fqdn" fi + else + host_spec="$ip" fi - echo "$ip:$port" >>"$target_fname" + while read oneline; do + # 25/open/tcp//smtp///, + grep -q '\/open\/tcp\/' <<< "$oneline" || continue # no open tcp for this port on this IP --> move on + IFS=/ read -r port dontcare protocol dontcare1 <<< "$oneline" + starttls="$(ports2starttls $port)" + [[ $? -eq 1 ]] && continue # nmap got a port but we don't know how to speak to + [[ "$DEBUG" -ge 1 ]] && echo "${starttls}$host_spec:$port" + echo "${starttls}${host_spec}:${port}" >>"$target_fname" + done < <(tr ',' '\n' <<< "$ports_specs") done < "$FNAME" + [[ "$DEBUG" -ge 1 ]] && echo [[ -s "$target_fname" ]] || \ fatal "Couldn't find any open port in $FNAME" -3