Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

also now honor different ports per host from nmap file.

Browse Source 
testssl.sh is taking an educated guess which port makes sense to scan,
which one not and for which one to use which starttls handshake upfront.
This minimizes needless sscans and error messages.
This commit is contained in:
Dirk 2017-06-13 18:42:07 +02:00
parent 531b4453ef
commit 7094c4436f
1 changed files with 41 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
testssl.sh
View File

@ -12332,33 +12332,38 @@ create_mass_testing_cmdline() {
ports2starttls() { ports2starttls() {
local tcp_port=$1 local tcp_port=$1
local ret=0
# https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
case $tcp_port in case $tcp_port in
21) echo "-t ftp" ;; 21) echo "-t ftp " ;;
23) echo "-t telnet" ;; 23) echo "-t telnet " ;;
119) echo "-t nntp" ;; # to come 119|433) echo "-t nntp " ;; # to come
25|587) echo "-t smtp" ;; 25|587) echo "-t smtp " ;;
110) echo "-t pop3" ;; 110) echo "-t pop3 " ;;
143) echo "-t imap" ;; 143) echo "-t imap " ;;
389) echo "-t ldap";; 389) echo "-t ldap ";;
3306) echo "-t mysql" ;; # to come 3306) echo "-t mysql " ;; # to come
5222) echo "-t xmpp" ;; # domain of jabber server maybe needed 5222) echo "-t xmpp " ;; # domain of jabber server maybe needed
5432) echo "-t postgres" ;; 5432) echo "-t postgres" ;;
# for the following plain TLS ports we wouldn't need to list them. We do this just for reference which port is used by which service 563) ;; # NNTPS
563) ;; # NNTPS 636) ;; # LDAP
636) ;; # LDAP 1443|8443|443|981) ;; # HTTPS
443|465) ;; # HTTPS | SMTP 465) ;; # HTTPS | SMTP
631) ;; # CUPS 631) ;; # CUPS
993|995) ;; # POP3|IMAP 853) ;; # DNS over TLS
3389) ;; # RDP 995|993) ;; # POP3|IMAP
3389) ;; # RDP
*) ret=1 ;; # we don't know this ports so we rather do not scan it
esac esac
return $ret
} }
nmap_to_plain_file() { nmap_to_plain_file() {
local target_fname="" local target_fname=""
local oneline="" local oneline=""
local ip hosttxt round_brackets ports_etc local ip hosttxt round_brackets ports_specs starttls
local portstxt tmp tmp2 port local tmp port host_spec protocol dontcare dontcare1
#FIXME: IPv6 is missing here #FIXME: IPv6 is missing here
# Ok, since we are here we are sure to have an nmap file. To avoid questions we make sure it's the right format too # Ok, since we are here we are sure to have an nmap file. To avoid questions we make sure it's the right format too
@ -12373,12 +12378,6 @@ nmap_to_plain_file() {
else else
fatal "Nmap file $FNAME is not in grep(p)able format (-oG filename.gmap)" -1 fatal "Nmap file $FNAME is not in grep(p)able format (-oG filename.gmap)" -1
fi fi
# test whether there's more than one "open" per line which is not supported currently
while read -r oneline; do
if [[ $(tr ',' '\n' <<< "$oneline" | grep -c '\/open\/') -gt 1 ]]; then
fatal "nmap parser for file $FNAME currently cannot contain > 1 port per line" -3
fi
done < "$FNAME"
# strip extension and create output file *.txt in same folder # strip extension and create output file *.txt in same folder
target_fname="${FNAME%.*}.txt" target_fname="${FNAME%.*}.txt"
> "${target_fname}" > "${target_fname}"
@ -12391,28 +12390,34 @@ nmap_to_plain_file() {
> "${target_fname}" || fatal "Cannot create \"${target_fname}\"" -1 > "${target_fname}" || fatal "Cannot create \"${target_fname}\"" -1
fi fi
# format: # Line x: "Host: AAA.BBB.CCC.DDD (<FQDN>) Status: Up"
# Line x: "Status: Up"
# Line x+1: "Host: AAA.BBB.CCC.DDD (<FQDN>) Ports: 443/open/tcp//https///" # Line x+1: "Host: AAA.BBB.CCC.DDD (<FQDN>) Ports: 443/open/tcp//https///"
# or e.g.for ports in Line x+1 (if we can deal with > 1x port): # (or): Host: AAA.BBB.CCC.DDD (<FQDN>) Ports: 22/open/tcp//ssh//<banner>/, 25/open/tcp//smtp//<banner>/, 443/open/tcp//ssl|http//<banner>
# Ports: 22/open/tcp//ssh//<banner>/, 25/open/tcp//smtp//<banner>/, 443/open/tcp//ssl|http//<banner> while read -r hosttxt ip round_brackets tmp ports_specs; do
while read -r hosttxt ip round_brackets ports_etc; do grep -q "Status: " <<< "$ports_specs" && continue # we don't need this
grep -q "Status: " <<< "$ports_etc" && continue grep -q '\/open\/tcp\/' <<< "$ports_specs" || continue # no open tcp at all for this IP --> move on
grep -q '\/open\/' <<< "$ports_etc" || continue
read -r portstxt tmp <<< "$ports_etc"
IFS="/" read -r port tmp2 <<< "$tmp" # fetch first (and only) port (and for now ignore the rest)
fqdn="${round_brackets/\(/}" fqdn="${round_brackets/\(/}"
fqdn="${fqdn/\)/}" fqdn="${fqdn/\)/}"
if [[ -n "$fqdn" ]]; then if [[ -n "$fqdn" ]]; then
tmp="$(get_a_record "$fqdn")" tmp="$(get_a_record "$fqdn")"
debugme echo "$tmp \?= $ip" debugme echo "$tmp \?= $ip"
if [[ "$tmp" == "$ip" ]]; then if [[ "$tmp" == "$ip" ]]; then
echo "$fqdn:$port" >>"$target_fname" host_spec="$fqdn"
continue
fi fi
else
host_spec="$ip"
fi fi
echo "$ip:$port" >>"$target_fname" while read oneline; do
# 25/open/tcp//smtp//<banner>/,
grep -q '\/open\/tcp\/' <<< "$oneline" || continue # no open tcp for this port on this IP --> move on
IFS=/ read -r port dontcare protocol dontcare1 <<< "$oneline"
starttls="$(ports2starttls $port)"
[[ $? -eq 1 ]] && continue # nmap got a port but we don't know how to speak to
[[ "$DEBUG" -ge 1 ]] && echo "${starttls}$host_spec:$port"
echo "${starttls}${host_spec}:${port}" >>"$target_fname"
done < <(tr ',' '\n' <<< "$ports_specs")
done < "$FNAME" done < "$FNAME"
[[ "$DEBUG" -ge 1 ]] && echo
[[ -s "$target_fname" ]] || \ [[ -s "$target_fname" ]] || \
fatal "Couldn't find any open port in $FNAME" -3 fatal "Couldn't find any open port in $FNAME" -3