From d38a8b283dd2f142a948da403280eabc4fb65da7 Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 14 May 2022 11:42:43 +0200 Subject: [PATCH 1/2] Backport #2184, Censys link See #2127. The line is very long though: 152 chars --- t/08_isHTML_valid.t | 2 +- testssl.sh | 18 ++++++++++-------- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/t/08_isHTML_valid.t b/t/08_isHTML_valid.t index 6d79d40..81ebdf3 100755 --- a/t/08_isHTML_valid.t +++ b/t/08_isHTML_valid.t @@ -36,7 +36,7 @@ unlink 'tmp.html'; # Remove the HTML footer $edited_html =~ s/\n\<\/pre\>\n\<\/body\>\n\<\/html\>//; # Remove any hypertext links for URLs -$edited_html =~ s///g; +$edited_html =~ s///g; $edited_html =~ s/<\/a>//g; # Replace escaped characters with their original text diff --git a/testssl.sh b/testssl.sh index f36a95b..5ac1dce 100755 --- a/testssl.sh +++ b/testssl.sh @@ -15617,13 +15617,14 @@ run_drown() { local cwe="CWE-310" local hint="" local jsonID="DROWN" + local censys_host_url="https://search.censys.io/search?resource=hosts&sort=RELEVANCE&virtual_hosts=INCLUDE&" if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln pr_headlineln " Testing for DROWN vulnerability " outln fi -# if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl + # if we want to use OPENSSL: check for < openssl 1.0.2g, openssl 1.0.1s if native openssl pr_bold " DROWN"; out " (${cve// /, }) " # Any fingerprint that is placed in $RSA_CERT_FINGERPRINT_SHA2 is also added to @@ -15642,10 +15643,11 @@ run_drown() { return 1 fi + censys_host_url="$censys_host_url?q=$cert_fingerprint_sha2" if [[ $(has_server_protocol ssl2) -ne 1 ]]; then sslv2_sockets else - [[ aaa == bbb ]] # provoke retrurn code=1 + [[ aaa == bbb ]] # provoke return code=1 fi case $? in @@ -15664,14 +15666,14 @@ run_drown() { nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3)) if [[ 0 -eq "$nr_ciphers_detected" ]]; then prln_svrty_high "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)"; - fileout "$jsonID" "HIGH" "SSLv2 offered, but could not detect a cipher. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve CVE-2015-3197" "$cwe" "$hint" + fileout "$jsonID" "HIGH" "SSLv2 offered, but could not detect a cipher. Make sure you don't use this certificate elsewhere, see $censys_host_url" "$cve CVE-2015-3197" "$cwe" "$hint" else prln_svrty_critical "VULNERABLE (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers"; - fileout "$jsonID" "CRITICAL" "VULNERABLE, SSLv2 offered with $nr_ciphers_detected ciphers. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve" "$cwe" "$hint" + fileout "$jsonID" "CRITICAL" "VULNERABLE, SSLv2 offered with $nr_ciphers_detected ciphers. Make sure you don't use this certificate elsewhere, see $censys_host_url" "$cve" "$cwe" "$hint" fi outln "$spaces Make sure you don't use this certificate elsewhere, see:" out "$spaces " - pr_url "https://censys.io/ipv4?q=$cert_fingerprint_sha2" + pr_url "$censys_host_url" outln fi ;; @@ -15680,9 +15682,9 @@ run_drown() { if [[ -n "$cert_fingerprint_sha2" ]]; then outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services" out "$spaces " - pr_url "https://censys.io/ipv4?q=$cert_fingerprint_sha2" - outln " could help you to find out" - fileout "${jsonID}_hint" "INFO" "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve" "$cwe" + pr_url "$censys_host_url" + outln + fileout "${jsonID}_hint" "INFO" "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see $censys_host_url" "$cve" "$cwe" else outln "$spaces no RSA certificate, thus certificate can't be used with SSLv2 elsewhere" fileout "${jsonID}_hint" "INFO" "no RSA certificate, can't be used with SSLv2 elsewhere" "$cve" "$cwe" From 78e67d8fff8521f5f8714ac2165d8fe99e5601cf Mon Sep 17 00:00:00 2001 From: Dirk Date: Sat, 14 May 2022 11:52:45 +0200 Subject: [PATCH 2/2] Shorten censys link Remove sort order and fix the argument separator --- testssl.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/testssl.sh b/testssl.sh index 5ac1dce..020197c 100755 --- a/testssl.sh +++ b/testssl.sh @@ -15617,7 +15617,7 @@ run_drown() { local cwe="CWE-310" local hint="" local jsonID="DROWN" - local censys_host_url="https://search.censys.io/search?resource=hosts&sort=RELEVANCE&virtual_hosts=INCLUDE&" + local censys_host_url="https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE" if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then outln @@ -15643,7 +15643,7 @@ run_drown() { return 1 fi - censys_host_url="$censys_host_url?q=$cert_fingerprint_sha2" + censys_host_url="$censys_host_url&q=$cert_fingerprint_sha2" if [[ $(has_server_protocol ssl2) -ne 1 ]]; then sslv2_sockets else