mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-10 18:50:58 +01:00
Only test current clients
This commit is contained in:
Frank Breedijk
parent
9d481423b9
commit
9377e6ee95
90
testssl.sh
90
testssl.sh
@ -2041,48 +2041,50 @@ run_client_simulation() {
|
|||||||
debugme outln
|
debugme outln
|
||||||
for name in "${short[@]}"; do
|
for name in "${short[@]}"; do
|
||||||
# Make sure we run client simulations for those clients that support it
|
# Make sure we run client simulations for those clients that support it
|
||||||
if [[ `echo "${service[i]}" | grep "$client_service" | wc -l` -eq 1 || "${service[i]}" == "ANY" ]]; then
|
if $do_all_simulations || ${current[i]} ; then
|
||||||
#FIXME: printf formatting would look better, especially if we want a wide option here
|
if $do_all_simulations || [[ `echo "${service[i]}" | grep "$client_service" | wc -l` -eq 1 || "${service[i]}" == "ANY" ]]; then
|
||||||
out " ${names[i]} "
|
#FIXME: printf formatting would look better, especially if we want a wide option here
|
||||||
if $using_sockets && [[ -n "${handshakebytes[i]}" ]]; then
|
out " ${names[i]} "
|
||||||
client_simulation_sockets "${handshakebytes[i]}"
|
if $using_sockets && [[ -n "${handshakebytes[i]}" ]]; then
|
||||||
sclient_success=$?
|
client_simulation_sockets "${handshakebytes[i]}"
|
||||||
if [[ $sclient_success -eq 0 ]]; then
|
|
||||||
if [[ "0x${DETECTED_TLS_VERSION}" -lt ${lowest_protocol[i]} ]] || \
|
|
||||||
[[ "0x${DETECTED_TLS_VERSION}" -gt ${highest_protocol[i]} ]]; then
|
|
||||||
sclient_success=1
|
|
||||||
fi
|
|
||||||
[[ $sclient_success -eq 0 ]] && cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE >$ERRFILE
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
for pflag in ${protos[i]}; do
|
|
||||||
$OPENSSL s_client -cipher ${ciphers[i]} $pflag $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
|
||||||
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} $pflag $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
|
||||||
sclient_connect_successful $? $TMPFILE
|
|
||||||
sclient_success=$?
|
sclient_success=$?
|
||||||
[[ $sclient_success -eq 0 ]] && break; # Stop trying if a protocol works
|
if [[ $sclient_success -eq 0 ]]; then
|
||||||
done
|
if [[ "0x${DETECTED_TLS_VERSION}" -lt ${lowest_protocol[i]} ]] || \
|
||||||
fi
|
[[ "0x${DETECTED_TLS_VERSION}" -gt ${highest_protocol[i]} ]]; then
|
||||||
if [[ $sclient_success -ne 0 ]]; then
|
sclient_success=1
|
||||||
outln "No connection"
|
fi
|
||||||
fileout "client_${short[i]}" "INFO" "$(strip_spaces "${names[i]}") client simulation: No connection"
|
[[ $sclient_success -eq 0 ]] && cp "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" $TMPFILE >$ERRFILE
|
||||||
else
|
fi
|
||||||
#FIXME: awk
|
else
|
||||||
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
for pflag in ${protos[i]}; do
|
||||||
[[ "$proto" == TLSv1 ]] && proto="TLSv1.0"
|
$OPENSSL s_client -cipher ${ciphers[i]} $pflag $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null >$TMPFILE 2>$ERRFILE
|
||||||
#FiXME: awk
|
debugme echo "$OPENSSL s_client -cipher ${ciphers[i]} $pflag $STARTTLS $BUGS $PROXY -connect $NODEIP:$PORT ${sni[i]} </dev/null"
|
||||||
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
sclient_connect_successful $? $TMPFILE
|
||||||
$using_sockets && [[ -n "${handshakebytes[i]}" ]] && [[ -n "$MAPPING_FILE_RFC" ]] && cipher="$(rfc2openssl "$cipher")"
|
sclient_success=$?
|
||||||
outln "$proto $cipher"
|
[[ $sclient_success -eq 0 ]] && break; # Stop trying if a protocol works
|
||||||
if [[ -n "${warning[i]}" ]]; then
|
done
|
||||||
out " "
|
|
||||||
outln "${warning[i]}"
|
|
||||||
fi
|
fi
|
||||||
fileout "client_${short[i]}" "INFO" \
|
if [[ $sclient_success -ne 0 ]]; then
|
||||||
"$(strip_spaces "${names[i]}") client simulation: $proto $cipher ${warning[i]}"
|
outln "No connection"
|
||||||
debugme cat $TMPFILE
|
fileout "client_${short[i]}" "INFO" "$(strip_spaces "${names[i]}") client simulation: No connection"
|
||||||
fi
|
else
|
||||||
fi # correct service?
|
#FIXME: awk
|
||||||
|
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
|
||||||
|
[[ "$proto" == TLSv1 ]] && proto="TLSv1.0"
|
||||||
|
#FiXME: awk
|
||||||
|
cipher=$(grep -wa Cipher $TMPFILE | egrep -avw "New|is" | sed -e 's/ //g' -e 's/^Cipher://')
|
||||||
|
$using_sockets && [[ -n "${handshakebytes[i]}" ]] && [[ -n "$MAPPING_FILE_RFC" ]] && cipher="$(rfc2openssl "$cipher")"
|
||||||
|
outln "$proto $cipher"
|
||||||
|
if [[ -n "${warning[i]}" ]]; then
|
||||||
|
out " "
|
||||||
|
outln "${warning[i]}"
|
||||||
|
fi
|
||||||
|
fileout "client_${short[i]}" "INFO" \
|
||||||
|
"$(strip_spaces "${names[i]}") client simulation: $proto $cipher ${warning[i]}"
|
||||||
|
debugme cat $TMPFILE
|
||||||
|
fi
|
||||||
|
fi # correct service?
|
||||||
|
fi #current?
|
||||||
i=$((i+1))
|
i=$((i+1))
|
||||||
done
|
done
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
@ -5982,6 +5984,8 @@ tuning options (can also be preset via environment variables):
|
|||||||
--proxy <host>:<port> connect via the specified HTTP proxy
|
--proxy <host>:<port> connect via the specified HTTP proxy
|
||||||
-6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
|
-6 use also IPv6. Works only with supporting OpenSSL version and IPv6 connectivity
|
||||||
--sneaky leave less traces in target logs: user agent, referer
|
--sneaky leave less traces in target logs: user agent, referer
|
||||||
|
--all-clients simulate all clients, not just all clients that are current and support the
|
||||||
|
service we are testing
|
||||||
|
|
||||||
output options (can also be preset via environment variables):
|
output options (can also be preset via environment variables):
|
||||||
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
|
--warnings <batch|off|false> "batch" doesn't wait for keypress, "off" or "false" skips connection warning
|
||||||
@ -6872,6 +6876,7 @@ initialize_globals() {
|
|||||||
do_test_just_one=false
|
do_test_just_one=false
|
||||||
do_tls_sockets=false
|
do_tls_sockets=false
|
||||||
do_client_simulation=false
|
do_client_simulation=false
|
||||||
|
do_all_simulations=false
|
||||||
do_display_only=false
|
do_display_only=false
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6901,6 +6906,7 @@ set_scanning_defaults() {
|
|||||||
do_ssl_poodle=true
|
do_ssl_poodle=true
|
||||||
do_tls_fallback_scsv=true
|
do_tls_fallback_scsv=true
|
||||||
do_client_simulation=true
|
do_client_simulation=true
|
||||||
|
do_all_simulations=false
|
||||||
VULN_COUNT=10
|
VULN_COUNT=10
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -7037,6 +7043,10 @@ parse_cmd_line() {
|
|||||||
-c|--client-simulation)
|
-c|--client-simulation)
|
||||||
do_client_simulation=true
|
do_client_simulation=true
|
||||||
;;
|
;;
|
||||||
|
--all-clients)
|
||||||
|
do_client_simulation=true
|
||||||
|
do_all_simulations=true
|
||||||
|
;;
|
||||||
-U|--vulnerable)
|
-U|--vulnerable)
|
||||||
do_vulnerabilities=true
|
do_vulnerabilities=true
|
||||||
do_heartbleed=true
|
do_heartbleed=true
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user