From 721d046a7f795e3b67d6132db6c82c0b388d6449 Mon Sep 17 00:00:00 2001
From: Dirk <dirk@testssl.sh>
Date: Tue, 22 Sep 2020 15:24:41 +0200
Subject: [PATCH] Add the $EXPERIMENTAL part to winshock

... when checking other services as HTTP or RDP
---
 testssl.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/testssl.sh b/testssl.sh
index b102f48..c6924ca 100755
--- a/testssl.sh
+++ b/testssl.sh
@@ -17606,6 +17606,9 @@ run_winshock() {
           server_banner="$(grep -Eai '^Server:' $HEADERFILE)"
      elif [[ -s "$TEMPDIR/$NODEIP.service_detection.txt" ]]; then
           server_banner="$(grep -Eai '^Server:' "$TEMPDIR/$NODEIP.service_detection.txt")"
+     elif "$EXPERIMENTAL"; then
+          # If testing e.g. an SMTP server
+          :
      else
           # We can't use run_http_header here as it messes up the screen. We could automatically
           # run it when --winshock is requested though but this should suffice here.
@@ -17636,6 +17639,9 @@ run_winshock() {
                fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
                outln
           fi
+     elif "$EXPERIMENTAL"; then
+          out "seems "; pr_svrty_critical "vulnerable (NOT ok)"; outln "$check_patches"
+          fileout "${jsonID}" "CRITICAL" "seems vulnerable (NOT OK) $check_patches"
      else
           pr_svrty_best "not vulnerable (OK)"
           outln " - doesn't seem to be IIS 8.x"