mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
next step in color handling: 2=full color, 1: b/w, 0: no ESC codes at all
This commit is contained in:
parent
eee56b4bd4
commit
7414b5b310
84
testssl.sh
84
testssl.sh
@ -51,7 +51,7 @@ CAPATH="${CAPATH:-/etc/ssl/certs/}" # same as previous. Doing nothing yet. FC ha
|
|||||||
OSSL_VER="" # openssl version, will be autodetermined
|
OSSL_VER="" # openssl version, will be autodetermined
|
||||||
NC="" # netcat will be autodetermined
|
NC="" # netcat will be autodetermined
|
||||||
ECHO="/usr/bin/printf" # works under Linux, BSD, MacOS. watch out under Solaris, not tested yet under cygwin
|
ECHO="/usr/bin/printf" # works under Linux, BSD, MacOS. watch out under Solaris, not tested yet under cygwin
|
||||||
COLOR=${COLOR:-0} # with screen, tee and friends put 1 here (i.e. no color)
|
COLOR=${COLOR:-2} # 2: Full color, 1: b/w+positioning, 0: no ESC at all
|
||||||
SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally)
|
SHOW_LCIPHERS=no # determines whether the client side ciphers are displayed at all (makes no sense normally)
|
||||||
VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better
|
VERBERR=${VERBERR:-1} # 0 means to be more verbose (some like the errors to be dispayed so that one can tell better
|
||||||
# whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1
|
# whether the handshake succeeded or not. For errors with individual ciphers you also need to have SHOW_EACH_C=1
|
||||||
@ -85,11 +85,7 @@ IPS=""
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
go2_column() { $ECHO "\033[${1}G"; }
|
|
||||||
|
|
||||||
out() {
|
out() {
|
||||||
# if 2 args: second is column position
|
|
||||||
[ ! -z "$2" ] && go2_column "$2"
|
|
||||||
$ECHO "$1"
|
$ECHO "$1"
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -101,17 +97,17 @@ outln() {
|
|||||||
# some functions for text (i know we could do this with tput, but what about systems having no terminfo?
|
# some functions for text (i know we could do this with tput, but what about systems having no terminfo?
|
||||||
# http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
|
# http://www.tldp.org/HOWTO/Bash-Prompt-HOWTO/x329.html
|
||||||
off() {
|
off() {
|
||||||
out "\033[m\c"
|
[ "$COLOR" != 0 ] && out "\033[m\c"
|
||||||
}
|
}
|
||||||
|
|
||||||
liteblue() {
|
liteblue() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[0;34m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[0;34m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
liteblueln() { liteblue "$1"; outln; }
|
liteblueln() { liteblue "$1"; outln; }
|
||||||
|
|
||||||
blue() {
|
blue() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[1;34m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[1;34m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
blueln() { blue "$1"; outln; }
|
blueln() { blue "$1"; outln; }
|
||||||
@ -122,86 +118,86 @@ blueln() { blue "$1"; outln; }
|
|||||||
# FIXME: What bout folks who don't want color at all
|
# FIXME: What bout folks who don't want color at all
|
||||||
|
|
||||||
litered() {
|
litered() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[0;31m$1 " || bold "$1 "
|
[ "$COLOR" = 2 ] && out "\033[0;31m$1 " || bold "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
literedln() { litered "$1"; outln; }
|
literedln() { litered "$1"; outln; }
|
||||||
|
|
||||||
red() {
|
red() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[1;31m$1 " || bold "$1 "
|
[ "$COLOR" = 2 ] && out "\033[1;31m$1 " || bold "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
redln() { red "$1"; outln; }
|
redln() { red "$1"; outln; }
|
||||||
|
|
||||||
litemagenta() {
|
litemagenta() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[0;35m$1 " || underline "$1 "
|
[ "$COLOR" = 2 ] && out "\033[0;35m$1 " || underline "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
litemagentaln() { litemagenta "$1"; outln; }
|
litemagentaln() { litemagenta "$1"; outln; }
|
||||||
|
|
||||||
|
|
||||||
magenta() {
|
magenta() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[1;35m$1 " || underline "$1 "
|
[ "$COLOR" = 2 ] && out "\033[1;35m$1 " || underline "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
magentaln() { magenta "$1"; outln; }
|
magentaln() { magenta "$1"; outln; }
|
||||||
|
|
||||||
litecyan() {
|
litecyan() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[0;36m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[0;36m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
litecyanln() { litecyan "$1"; outln; }
|
litecyanln() { litecyan "$1"; outln; }
|
||||||
|
|
||||||
cyan() {
|
cyan() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[1;36m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[1;36m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
cyanln() { cyan "$1"; outln; }
|
cyanln() { cyan "$1"; outln; }
|
||||||
|
|
||||||
grey() {
|
grey() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[1;30m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[1;30m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
greyln() { grey "$1"; outln; }
|
greyln() { grey "$1"; outln; }
|
||||||
|
|
||||||
litegrey() {
|
litegrey() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[0;37m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[0;37m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
litegreyln() { litegrey "$1"; outln; }
|
litegreyln() { litegrey "$1"; outln; }
|
||||||
|
|
||||||
litegreen() {
|
litegreen() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[0;32m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[0;32m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
litegreenln() { litegreen "$1"; outln; }
|
litegreenln() { litegreen "$1"; outln; }
|
||||||
|
|
||||||
green() {
|
green() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[1;32m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[1;32m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
greenln() { green "$1"; outln; }
|
greenln() { green "$1"; outln; }
|
||||||
|
|
||||||
brown() {
|
brown() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[0;33m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[0;33m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
brownln() { brown "$1"; outln; }
|
brownln() { brown "$1"; outln; }
|
||||||
|
|
||||||
yellow() {
|
yellow() {
|
||||||
[ "$COLOR" = 0 ] && out "\033[1;33m$1 " || out "$1 "
|
[ "$COLOR" = 2 ] && out "\033[1;33m$1 " || out "$1 "
|
||||||
off
|
off
|
||||||
}
|
}
|
||||||
yellowlnln() { yellowln "$1"; outln; }
|
yellowlnln() { yellowln "$1"; outln; }
|
||||||
|
|
||||||
bold() { out "\033[1m$1"; off; }
|
bold() { [ "$COLOR" != 0 ] && out "\033[1m$1" || out "$1" ; off; }
|
||||||
boldln() { bold "$1" ; outln; }
|
boldln() { bold "$1" ; outln; }
|
||||||
|
|
||||||
underline() { out "\033[4m$1" ; off; }
|
underline() { [ "$COLOR" != 0 ] && out "\033[4m$1" || out "$1" ; off; }
|
||||||
|
|
||||||
boldandunder() { out "\033[1m\033[4m$1" ; off; }
|
boldandunder() { [ "$COLOR" != 0 ] && out "\033[1m\033[4m$1" || out "$1" ; off; }
|
||||||
|
|
||||||
reverse() { out "\033[7m$1" ; off; }
|
reverse() { [ "$COLOR" != 0 ] && out "\033[7m$1" || out "$1" ; off; }
|
||||||
|
|
||||||
|
|
||||||
# whether it is ok for offer/not offer enc/cipher/version
|
# whether it is ok for offer/not offer enc/cipher/version
|
||||||
@ -560,20 +556,16 @@ sockread() {
|
|||||||
|
|
||||||
|
|
||||||
show_rfc_style(){
|
show_rfc_style(){
|
||||||
|
[ ! -r "$MAP_RFC_FNAME" ] && return 1
|
||||||
RFCname=`grep -iw $1 $MAP_RFC_FNAME | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/'`
|
RFCname=`grep -iw $1 $MAP_RFC_FNAME | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/'`
|
||||||
if [ -n "$RFCname" ] ; then
|
[ -n "$RFCname" ] && out "$RFCname"
|
||||||
out "$RFCname" "$2";
|
return 0
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# header and list for all_ciphers+cipher_per_proto, and PFS+RC4
|
# header and list for all_ciphers+cipher_per_proto, and PFS+RC4
|
||||||
neat_header(){
|
neat_header(){
|
||||||
out " Hexcode"; out "Cipher Suite Name (OpenSSL)" 13; out "KeyExch." 43; out "Encryption" 52; out "Bits" 63
|
outln " Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${MAP_RFC_FNAME:+ Cipher Suite Name (RFC)}"
|
||||||
[ -r $MAP_RFC_FNAME ] && out "Cipher Suite Name (RFC)" 73
|
outln "-------------------------------------------------------------------------${MAP_RFC_FNAME:+------------------------------------------------}"
|
||||||
outln
|
|
||||||
printf "%s-----------------------------------------------------------------------"
|
|
||||||
[ -r $MAP_RFC_FNAME ] && printf "%s---------------------------------------------"
|
|
||||||
outln
|
|
||||||
}
|
}
|
||||||
|
|
||||||
neat_list(){
|
neat_list(){
|
||||||
@ -583,15 +575,14 @@ neat_list(){
|
|||||||
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305//g'` # workaround for empty strength=ChaCha20-Poly1305
|
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305//g'` # workaround for empty strength=ChaCha20-Poly1305
|
||||||
enc=`echo $enc | sed -e 's/(.*)//g'`
|
enc=`echo $enc | sed -e 's/(.*)//g'`
|
||||||
echo "$export" | grep -iq export && strength="$strength,export"
|
echo "$export" | grep -iq export && strength="$strength,export"
|
||||||
out " [$1]"; out "$2" 13; out "$kx" 43; out "$enc" 54; out "$strength" 63
|
$ECHO " [%-8s] %-29s %-10s %-10s %-9s${MAP_RFC_FNAME:+ %-40s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
|
||||||
[ -r $MAP_RFC_FNAME ] && show_rfc_style $HEXC 73
|
|
||||||
}
|
}
|
||||||
|
|
||||||
test_just_one(){
|
test_just_one(){
|
||||||
|
|
||||||
# erstmal überprüfen, ob openssl den cipher überhaupt hat | oder per socket
|
|
||||||
neat_header
|
neat_header
|
||||||
for arg in `echo $@ | sed 's/,/ /g'`; do
|
for arg in `echo $@ | sed 's/,/ /g'`; do
|
||||||
|
# 1st check whether openssl has cipher or not
|
||||||
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslvers kx auth enc mac export ; do
|
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslvers kx auth enc mac export ; do
|
||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc | strings | grep -qwai "$arg" # -w doesn't work yest for cipher strings --> column positioning
|
neat_list $HEXC $ciph $kx $enc | strings | grep -qwai "$arg" # -w doesn't work yest for cipher strings --> column positioning
|
||||||
@ -631,7 +622,6 @@ allciphers(){
|
|||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc
|
neat_list $HEXC $ciph $kx $enc
|
||||||
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
||||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
|
||||||
if [ $ret -eq 0 ]; then
|
if [ $ret -eq 0 ]; then
|
||||||
cyan " available"
|
cyan " available"
|
||||||
else
|
else
|
||||||
@ -660,7 +650,6 @@ cipher_per_proto(){
|
|||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc
|
neat_list $HEXC $ciph $kx $enc
|
||||||
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
||||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
|
||||||
if [ $ret -eq 0 ]; then
|
if [ $ret -eq 0 ]; then
|
||||||
cyan " available"
|
cyan " available"
|
||||||
else
|
else
|
||||||
@ -900,7 +889,6 @@ pfs() {
|
|||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc $strength
|
neat_list $HEXC $ciph $kx $enc $strength
|
||||||
if [ "$SHOW_EACH_C" -ne 0 ] ; then
|
if [ "$SHOW_EACH_C" -ne 0 ] ; then
|
||||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
|
||||||
if [ $ret -eq 0 ]; then
|
if [ $ret -eq 0 ]; then
|
||||||
green "works"
|
green "works"
|
||||||
else
|
else
|
||||||
@ -946,11 +934,10 @@ rc4() {
|
|||||||
normalize_ciphercode $hexcode
|
normalize_ciphercode $hexcode
|
||||||
neat_list $HEXC $ciph $kx $enc $strength
|
neat_list $HEXC $ciph $kx $enc $strength
|
||||||
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
if [ "$SHOW_EACH_C" -ne 0 ]; then
|
||||||
[ -r $MAP_RFC_FNAME ] && go2_column 114
|
|
||||||
if [ $ret -eq 0 ]; then
|
if [ $ret -eq 0 ]; then
|
||||||
litered "available "
|
litered "available"
|
||||||
else
|
else
|
||||||
out "not a/v "
|
out "not a/v"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
bad=1
|
bad=1
|
||||||
@ -1533,12 +1520,12 @@ mybanner() {
|
|||||||
hn=`hostname`
|
hn=`hostname`
|
||||||
#poor man's ident (nowadays not neccessarily installed)
|
#poor man's ident (nowadays not neccessarily installed)
|
||||||
idtag=`grep '\$Id' $0 | grep -w Exp | grep -v grep | sed -e 's/^# //' -e 's/\$ $/\$/'`
|
idtag=`grep '\$Id' $0 | grep -w Exp | grep -v grep | sed -e 's/^# //' -e 's/\$ $/\$/'`
|
||||||
idtagshy="\033[1;30m$idtag\033[m\033[1m"
|
[ "$COLOR" != 0 ] && idtag="\033[1;30m$idtag\033[m\033[1m"
|
||||||
bb=`cat <<EOF
|
bb=`cat <<EOF
|
||||||
|
|
||||||
#########################################################
|
#########################################################
|
||||||
$me v$VERSION ($SWURL)
|
$me v$VERSION ($SWURL)
|
||||||
($idtagshy)
|
($idtag)
|
||||||
|
|
||||||
This program is free software. Redistribution +
|
This program is free software. Redistribution +
|
||||||
modification under GPLv2 is permitted.
|
modification under GPLv2 is permitted.
|
||||||
@ -1779,8 +1766,11 @@ mybanner
|
|||||||
#PATH_TO_TESTSSL="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"
|
#PATH_TO_TESTSSL="$(cd "${0%/*}" 2>/dev/null; echo "$PWD"/"${0##*/}")"
|
||||||
PATH_TO_TESTSSL=`readlink "$BASH_SOURCE"` 2>/dev/null
|
PATH_TO_TESTSSL=`readlink "$BASH_SOURCE"` 2>/dev/null
|
||||||
[ -z $PATH_TO_TESTSSL ] && PATH_TO_TESTSSL="."
|
[ -z $PATH_TO_TESTSSL ] && PATH_TO_TESTSSL="."
|
||||||
MAP_RFC_FNAME=`dirname $PATH_TO_TESTSSL`"/mapping-rfc.txt" # this file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1)
|
#
|
||||||
# and https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
# next file provides a pair "keycode/ RFC style name", see the RFCs, cipher(1) and
|
||||||
|
# https://www.carbonwind.net/TLS_Cipher_Suites_Project/tls_ssl_cipher_suites_simple_table_all.htm
|
||||||
|
[ -r "$(dirname $PATH_TO_TESTSSL)/mapping-rfc.txt" ] && MAP_RFC_FNAME=`dirname $PATH_TO_TESTSSL`"/mapping-rfc.txt"
|
||||||
|
|
||||||
|
|
||||||
#FIXME: I know this sucks and getoptS is better
|
#FIXME: I know this sucks and getoptS is better
|
||||||
|
|
||||||
@ -1953,7 +1943,7 @@ case "$1" in
|
|||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.134 2014/11/17 16:43:58 dirkw Exp $
|
# $Id: testssl.sh,v 1.135 2014/11/17 17:49:54 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user