From 83d407546556ceb47ee242da0fe002498747d4e1 Mon Sep 17 00:00:00 2001 From: Dirk Date: Fri, 1 Apr 2022 14:45:48 +0200 Subject: [PATCH] fixes for roff and html --- doc/testssl.1 | 8 ++++---- doc/testssl.1.html | 9 +++++---- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index be72dd1..c34ece8 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -233,7 +233,7 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, Expect\-CT,\|\.\|\.\|\. .P \fB\-C, \-\-compression, \-\-crime\fR Checks for CRIME (\fICompression Ratio Info\-leak Made Easy\fR) vulnerability in TLS\. CRIME in SPDY is not yet being checked for\. .P -\fB\-B, \-\-breach\fR Checks for BREACH (\fIBrowser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext\fR) vulnerability\. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``\-\-assume\-http`\. Please note that only the URL supplied (normally "/" ) is being tested\. +\fB\-B, \-\-breach\fR Checks for BREACH (\fIBrowser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext\fR) vulnerability\. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via \fB\-\-assume\-http\fR\. Please note that only the URL supplied (normally "/" ) is being tested\. .P \fB\-O, \-\-poodle\fR Tests for SSL POODLE (\fIPadding Oracle On Downgraded Legacy Encryption\fR) vulnerability\. It basically checks for the existence of CBC ciphers in SSLv3\. .P @@ -301,9 +301,9 @@ whole 9 yards .P \fB\-\-json\fR Logs additionally to JSON file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\-pretty\fR flat \-\- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding\. For vulnerabilities it may contain a CVE and CWE entry too\. The output doesn't contain a banner or a footer\. .P -\fB\-\-jsonfile \fR or \fB\-oj \fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fBjsonfile\fR is a directory the output will put into \fBlogfile/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\. If\fRjsonfile` is a file it will use that file name, an absolute path is also permitted here\. +\fB\-\-jsonfile \fR or \fB\-oj \fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fBjsonfile\fR is a directory the output will put into \fBlogfile/${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\fR\. If\fBjsonfile\fR is a file it will use that file name, an absolute path is also permitted here\. .P -\fB\-\-json\-pretty\fR Logs additionally to JSON file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json in the current working directory of the shell\. The resulting JSON file is opposed to\fR\-\-json` non\-flat \-\- which means it is structured\. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time\. Then for every test section of testssl\.sh it contains a separate JSON object/section\. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding\. For vulnerabilities it may contain a CVE and CWE entry too\. The footer lists the scan time in seconds\. +\fB\-\-json\-pretty\fR Logs additionally to JSON file \fB${NODE}\-p${port}${YYYYMMDD\-HHMM}\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\fR non\-flat \-\- which means it is structured\. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time\. Then for every test section of testssl\.sh it contains a separate JSON object/section\. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding\. For vulnerabilities it may contain a CVE and CWE entry too\. The footer lists the scan time in seconds\. .P \fB\-\-jsonfile\-pretty \fR or \fB\-oJ \fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in pretty JSON format (see \fB\-\-json\-pretty\fR) into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\. .P @@ -327,7 +327,7 @@ whole 9 yards .P \fB\-\-overwrite\fR Normally, if an output file already exists and it has a file size greater zero, testssl\.sh will not allow you to overwrite this file\. This option will do that \fBwithout any warning\fR\. The environment variable OVERWRITE does the same\. Be careful, you have been warned! .P -\fB\-\-outprefix \fR Prepend output filename prefix \fIfname_prefix\fR before '${NODE}\-'\. You can use as well the environment variable FNAME_PREFIX\. Using this any output files will be named \fB\-${NODE}\-p${port}${YYYYMMDD\-HHMM}\.\fR when no file name of the respective output option was specified\. If you do not like the separator '\-' you can as well supply a \fB\fR ending in '\.', '_' or ','\. In this case or if you already supplied '\-' no additional '\-' will be appended to \fB\fR\. +\fB\-\-outprefix \fR Prepend output filename prefix \fIfname_prefix\fR before \fB${NODE}\-\fR\. You can use as well the environment variable FNAME_PREFIX\. Using this any output files will be named \fB\-${NODE}\-p${port}${YYYYMMDD\-HHMM}\.\fR when no file name of the respective output option was specified\. If you do not like the separator '\-' you can as well supply a \fB\fR ending in '\.', '_' or ','\. In this case or if you already supplied '\-' no additional '\-' will be appended to \fB\fR\. .P A few file output options can also be preset via environment variables\. .SS "COLOR RATINGS" diff --git a/doc/testssl.1.html b/doc/testssl.1.html index 5594593..9b43ca6 100644 --- a/doc/testssl.1.html +++ b/doc/testssl.1.html @@ -332,7 +332,7 @@ Also for multiple server certificates are being checked for as well as for the c

-C, --compression, --crime Checks for CRIME (Compression Ratio Info-leak Made Easy) vulnerability in TLS. CRIME in SPDY is not yet being checked for.

-

-B, --breach Checks for BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via ``--assume-http`. Please note that only the URL supplied (normally "/" ) is being tested.

+

-B, --breach Checks for BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) vulnerability. As for this vulnerability HTTP level compression is a prerequisite it'll be not tested if HTTP cannot be detected or the detection is not enforced via --assume-http. Please note that only the URL supplied (normally "/" ) is being tested.

-O, --poodle Tests for SSL POODLE (Padding Oracle On Downgraded Legacy Encryption) vulnerability. It basically checks for the existence of CBC ciphers in SSLv3.

@@ -403,9 +403,10 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe

--json Logs additionally to JSON file ${NODE}-p${port}${YYYYMMDD-HHMM}.json in the current working directory of the shell. The resulting JSON file is opposed to --json-pretty flat -- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too. The output doesn't contain a banner or a footer.

-

--jsonfile <jsonfile> or -oj <jsonfile> Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If jsonfile is a directory the output will put into logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json. If jsonfile` is a file it will use that file name, an absolute path is also permitted here.

+

--jsonfile <jsonfile> or -oj <jsonfile> Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If jsonfile is a directory the output will put into logfile/${NODE}-p${port}${YYYYMMDD-HHMM}.json. If jsonfile is a file it will use that file name, an absolute path is also permitted here.

+ +

--json-pretty Logs additionally to JSON file ${NODE}-p${port}${YYYYMMDD-HHMM}.json in the current working directory of the shell. The resulting JSON file is opposed to --json non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too. The footer lists the scan time in seconds.

-

--json-pretty Logs additionally to JSON file ${NODE}-p${port}${YYYYMMDD-HHMM}.json in the current working directory of the shell. The resulting JSON file is opposed to --json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen, including the command line, scan host, openssl binary used, testssl version and epoch of the start time. Then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a CVE and CWE entry too. The footer lists the scan time in seconds.

--jsonfile-pretty <jsonfile> or -oJ <jsonfile> Similar to the aforementioned --jsonfile or --logfile it logs the output in pretty JSON format (see --json-pretty) into a file or a directory. For further explanation see --jsonfile or --logfile.

@@ -429,7 +430,7 @@ Rating automatically gets disabled, to not give a wrong or misleading grade, whe

--overwrite Normally, if an output file already exists and it has a file size greater zero, testssl.sh will not allow you to overwrite this file. This option will do that without any warning. The environment variable OVERWRITE does the same. Be careful, you have been warned!

-

--outprefix <fname_prefix> Prepend output filename prefix fname_prefix before '${NODE}-'. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named <fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format> when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a <fname_prefix> ending in '.', '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to <fname_prefix>.

+

--outprefix <fname_prefix> Prepend output filename prefix fname_prefix before ${NODE}-. You can use as well the environment variable FNAME_PREFIX. Using this any output files will be named <fname_prefix>-${NODE}-p${port}${YYYYMMDD-HHMM}.<format> when no file name of the respective output option was specified. If you do not like the separator '-' you can as well supply a <fname_prefix> ending in '.', '_' or ','. In this case or if you already supplied '-' no additional '-' will be appended to <fname_prefix>.

A few file output options can also be preset via environment variables.