Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-31 22:09:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

replace grep -q by internal bash operator

Browse Source 
and provide the alias SETX for DEBUG_ALLINONE
This commit is contained in:
Dirk 2017-10-09 15:13:46 +02:00
parent 985c21dfb7
commit 785e94912d
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
testssl.sh
View File

@ -85,6 +85,8 @@ readonly PS4='|${LINENO}> \011${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
DEBUGTIME=${DEBUGTIME:-false} DEBUGTIME=${DEBUGTIME:-false}
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen (old behaviour for testssl.sh and bash3's default DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen (old behaviour for testssl.sh and bash3's default
# false: needed for performance analysis or useful for just having an extra file # false: needed for performance analysis or useful for just having an extra file
DEBUG_ALLINONE=${SETX=-false} # SETX as a shortcut for old style debugging, overriding DEBUG_ALLINONE
if grep -q xtrace <<< "$SHELLOPTS"; then if grep -q xtrace <<< "$SHELLOPTS"; then
if "$DEBUGTIME"; then if "$DEBUGTIME"; then
@ -3793,7 +3795,6 @@ run_client_simulation() {
fileout "client_simulation_Problem" "WARN" "You shouldn't run this with \"--ssl-native\" as you will get false results" fileout "client_simulation_Problem" "WARN" "You shouldn't run this with \"--ssl-native\" as you will get false results"
fi fi
outln outln
debugme echo debugme echo
if "$WIDE"; then if "$WIDE"; then
@ -3814,7 +3815,7 @@ run_client_simulation() {
for name in "${short[@]}"; do for name in "${short[@]}"; do
if ${current[i]} || "$ALL_CLIENTS" ; then if ${current[i]} || "$ALL_CLIENTS" ; then
# for ANY we test this service or if the service we determined from STARTTLS matches # for ANY we test this service or if the service we determined from STARTTLS matches
if [[ "${service[i]}" == "ANY" ]] || grep -q "$client_service" <<< "${service[i]}"; then if [[ "${service[i]}" == "ANY" ]] || [[ "${service[i]}" =~ $client_service ]]; then
out " $(printf -- "%-29s" "${names[i]}")" out " $(printf -- "%-29s" "${names[i]}")"
if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then if "$using_sockets" && [[ -n "${handshakebytes[i]}" ]]; then
client_simulation_sockets "${handshakebytes[i]}" client_simulation_sockets "${handshakebytes[i]}"
@ -3838,7 +3839,8 @@ run_client_simulation() {
temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE") # extract line temp=$(awk -F': ' '/^Server Temp Key/ { print $2 }' "$TMPFILE") # extract line
what_dh=$(awk -F',' '{ print $1 }' <<< $temp) what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
bits=$(awk -F',' '{ print $3 }' <<< $temp) bits=$(awk -F',' '{ print $3 }' <<< $temp)
if grep -q bits <<< $bits; then # formatting
if [[ "$bits" =~ bits ]]; then
curve="$(strip_spaces "$(awk -F',' '{ print $2 }' <<< $temp)")" curve="$(strip_spaces "$(awk -F',' '{ print $2 }' <<< $temp)")"
else else
curve="" curve=""
@ -4550,7 +4552,7 @@ read_dhbits_from_file() {
what_dh=$(awk -F',' '{ print $1 }' <<< $temp) what_dh=$(awk -F',' '{ print $1 }' <<< $temp)
bits=$(awk -F',' '{ print $3 }' <<< $temp) bits=$(awk -F',' '{ print $3 }' <<< $temp)
# RH's backport has the DH bits in second arg after comma # RH's backport has the DH bits in second arg after comma
if grep -q bits <<< $bits; then if [[ "$bits" =~ bits ]]; then
curve="$(strip_spaces "$(awk -F',' '{ print $2 }' <<< $temp)")" curve="$(strip_spaces "$(awk -F',' '{ print $2 }' <<< $temp)")"
else else
bits=$(awk -F',' '{ print $2 }' <<< $temp) bits=$(awk -F',' '{ print $2 }' <<< $temp)
@ -6520,7 +6522,7 @@ run_server_defaults() {
ciphers_to_test[1]="" ciphers_to_test[1]=""
ciphers_to_test[2]="" ciphers_to_test[2]=""
for ciph in $(colon_to_spaces $($OPENSSL ciphers "aRSA" 2>>$ERRFILE)); do for ciph in $(colon_to_spaces $($OPENSSL ciphers "aRSA" 2>>$ERRFILE)); do
if grep -q "\-RSA\-" <<<$ciph; then if [[ "$ciph" =~ -RSA- ]]; then
ciphers_to_test[1]="${ciphers_to_test[1]}:$ciph" ciphers_to_test[1]="${ciphers_to_test[1]}:$ciph"
else else
ciphers_to_test[2]="${ciphers_to_test[2]}:$ciph" ciphers_to_test[2]="${ciphers_to_test[2]}:$ciph"
@ -9731,7 +9733,7 @@ run_heartbleed(){
pr_bold " Heartbleed"; out " ($cve) " pr_bold " Heartbleed"; out " ($cve) "
[[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions [[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions
if ! grep -q heartbeat <<< "$TLS_EXTENSIONS"; then if [[ ! "${TLS_EXTENSIONS}" =~ heartbeat ]]; then
pr_done_best "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
outln ", no heartbeat extension" outln ", no heartbeat extension"
fileout "heartbleed" "OK" "Heartbleed: not vulnerable, no heartbeat extension" "$cve" "$cwe" fileout "heartbleed" "OK" "Heartbleed: not vulnerable, no heartbeat extension" "$cve" "$cwe"
@ -10085,7 +10087,7 @@ run_ticketbleed() {
# highly unlikely that it is NOT supported. We may loose time here but it's more solid # highly unlikely that it is NOT supported. We may loose time here but it's more solid
[[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions [[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions
if ! grep -q 'session ticket' <<< "$TLS_EXTENSIONS"; then if [[ ! "${TLS_EXTENSIONS}" =~ "session ticket" ]]; then
pr_done_best "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
outln ", no session ticket extension" outln ", no session ticket extension"
fileout "ticketbleed" "OK" "Ticketbleed: no session ticket extension" "$cve" "$cwe" fileout "ticketbleed" "OK" "Ticketbleed: no session ticket extension" "$cve" "$cwe"
@ -10262,7 +10264,7 @@ run_ticketbleed() {
echo "Session ID: ${sid_detected[i]}" echo "Session ID: ${sid_detected[i]}"
echo "memory: ${memory[i]}" echo "memory: ${memory[i]}"
echo -n "$sid_input in SID: " ; echo -n "$sid_input in SID: " ;
grep -q $sid_input <<< "${sid_detected[i]}" && echo "yes" || echo "no" [[ "${sid_detected[i]}" =~ $sid_input ]] && echo "yes" || echo "no"
fi fi
[[ "$DEBUG" -ge 1 ]] && echo $tls_hello_ascii >$TEMPDIR/$FUNCNAME.tls_hello_ascii${i}.txt [[ "$DEBUG" -ge 1 ]] && echo $tls_hello_ascii >$TEMPDIR/$FUNCNAME.tls_hello_ascii${i}.txt
else else
@ -10284,7 +10286,7 @@ run_ticketbleed() {
if ! "$early_exit"; then if ! "$early_exit"; then
# here we test the replys if a TLS server hello was received >1x # here we test the replys if a TLS server hello was received >1x
for i in 1 2 3 ; do for i in 1 2 3 ; do
if grep -q $sid_input <<< "${sid_detected[i]}"; then if [[ "${sid_detected[i]}" =~ $sid_input ]]; then
# was our faked TLS SID returned? # was our faked TLS SID returned?
nr_sid_detected+=1 nr_sid_detected+=1
fi fi
@ -12621,7 +12623,7 @@ prepare_arrays() {
elif [[ $OSSL_VER_MAJOR -lt 1 ]]; then elif [[ $OSSL_VER_MAJOR -lt 1 ]]; then
[[ ":${ossl_supported_sslv2}:" =~ ":${TLS_CIPHER_OSSL_NAME[i]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[i]=true [[ ":${ossl_supported_sslv2}:" =~ ":${TLS_CIPHER_OSSL_NAME[i]}:" ]] && TLS_CIPHER_OSSL_SUPPORTED[i]=true
else else
grep -qw "$hexc" <<< "$ossl_supported_sslv2" && TLS_CIPHER_OSSL_SUPPORTED[i]=true [[ "$ossl_supported_sslv2" =~ $hexc ]] && TLS_CIPHER_OSSL_SUPPORTED[i]=true
fi fi
i+=1 i+=1
done < "$CIPHERS_BY_STRENGTH_FILE" done < "$CIPHERS_BY_STRENGTH_FILE"
@ -13688,8 +13690,8 @@ nmap_to_plain_file() {
# Line x+1: "Host: AAA.BBB.CCC.DDD (<FQDN>) Ports: 443/open/tcp//https///" # Line x+1: "Host: AAA.BBB.CCC.DDD (<FQDN>) Ports: 443/open/tcp//https///"
# (or): Host: AAA.BBB.CCC.DDD (<FQDN>) Ports: 22/open/tcp//ssh//<banner>/, 25/open/tcp//smtp//<banner>/, 443/open/tcp//ssl|http//<banner> # (or): Host: AAA.BBB.CCC.DDD (<FQDN>) Ports: 22/open/tcp//ssh//<banner>/, 25/open/tcp//smtp//<banner>/, 443/open/tcp//ssl|http//<banner>
while read -r hosttxt ip round_brackets tmp ports_specs; do while read -r hosttxt ip round_brackets tmp ports_specs; do
grep -q "Status: " <<< "$ports_specs" && continue # we don't need this [[ "$ports_specs" =~ "Status: " ]] && continue # we don't need this
grep -q '\/open\/tcp\/' <<< "$ports_specs" || continue # no open tcp at all for this IP --> move on [[ "$ports_specs" =~ '/open/tcp/' ]] || continue # no open tcp at all for this IP --> move
host_spec="$ip" host_spec="$ip"
fqdn="${round_brackets/\(/}" fqdn="${round_brackets/\(/}"
fqdn="${fqdn/\)/}" fqdn="${fqdn/\)/}"
@ -13702,7 +13704,7 @@ nmap_to_plain_file() {
fi fi
while read -r oneline; do while read -r oneline; do
# 25/open/tcp//smtp//<banner>/, # 25/open/tcp//smtp//<banner>/,
grep -q '\/open\/tcp\/' <<< "$oneline" || continue # no open tcp for this port on this IP --> move on [[ "$oneline" =~ '/open/tcp/' ]] || continue # no open tcp for this port on this IP --> move on
IFS=/ read -r port dontcare protocol dontcare1 <<< "$oneline" IFS=/ read -r port dontcare protocol dontcare1 <<< "$oneline"
starttls="$(ports2starttls $port)" starttls="$(ports2starttls $port)"
[[ $? -eq 1 ]] && continue # nmap got a port but we don't know how to speak to [[ $? -eq 1 ]] && continue # nmap got a port but we don't know how to speak to