Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-09 02:00:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

count_ciphers is now un-sed'ed, minor improvements

Browse Source
This commit is contained in:
Dirk 2017-03-31 12:24:25 +02:00
parent 10ac0ffed4
commit a480e5f699
1 changed files with 49 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
testssl.sh
View File

@ -1146,8 +1146,8 @@ if [[ $(uname) == "Linux" ]] ; then
toupper() { echo -n "${1^^}" ; } toupper() { echo -n "${1^^}" ; }
tolower() { echo -n "${1,,}" ; } tolower() { echo -n "${1,,}" ; }
else else
toupper() { echo -n "$1" | tr 'a-z' 'A-Z'; } toupper() { tr 'a-z' 'A-Z' <<< "$1"; }
tolower() { echo -n "$1" | tr 'A-Z' 'a-z' ; } tolower() { tr 'A-Z' 'a-z' <<< "$1"; }
fi fi
debugme() { debugme() {
@ -1181,7 +1181,7 @@ count_words() {
} }
count_ciphers() { count_ciphers() {
echo -n "$1" | sed 's/:/ /g' | wc -w | sed 's/ //g' echo $(wc -w <<< "${1//:/ }")
} }
actually_supported_ciphers() { actually_supported_ciphers() {
@ -1476,7 +1476,6 @@ service_detection() {
head $TMPFILE | egrep -aqw "Jive News|InterNetNews|NNRP|INN" && SERVICE=NNTP head $TMPFILE | egrep -aqw "Jive News|InterNetNews|NNRP|INN" && SERVICE=NNTP
debugme head -50 $TMPFILE debugme head -50 $TMPFILE
fi fi
# FIXME: we can guess ports by port number if not properly recognized (and label it as guessed)
out " Service detected: $CORRECT_SPACES" out " Service detected: $CORRECT_SPACES"
case $SERVICE in case $SERVICE in
@ -2494,7 +2493,7 @@ std_cipherlists() {
;; ;;
esac esac
tmpfile_handle $FUNCNAME.$debugname.txt tmpfile_handle $FUNCNAME.$debugname.txt
[[ $DEBUG -ge 1 ]] && outln " -- $1" || outln #FIXME: should be in standard output at some time [[ $DEBUG -ge 1 ]] && tmln_out " -- $1" || tmln_out
else else
singlespaces=$(sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g' <<< "$2") singlespaces=$(sed -e 's/ \+/ /g' -e 's/^ //' -e 's/ $//g' -e 's/ //g' <<< "$2")
if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then if [[ "$OPTIMAL_PROTO" == "-ssl2" ]]; then
@ -10155,7 +10154,7 @@ run_beast(){
fi fi
else else
if ! "$vuln_beast" ; then if ! "$vuln_beast" ; then
prln_done_good " no CBC ciphers for $(toupper $proto) (OK)" prln_done_good "no CBC ciphers for $(toupper $proto) (OK)"
fileout "cbc_$proto" "OK" "BEAST: No CBC ciphers for $(toupper $proto)" "$cve" "$cwe" fileout "cbc_$proto" "OK" "BEAST: No CBC ciphers for $(toupper $proto)" "$cve" "$cwe"
fi fi
fi fi
@ -10862,7 +10861,7 @@ EOF
} }
maketempf() { maketempf() {
TEMPDIR=$(mktemp -d /tmp/ssltester.XXXXXX) || exit -6 TEMPDIR=$(mktemp -d /tmp/testssl.XXXXXX) || exit -6
TMPFILE=$TEMPDIR/tempfile.txt || exit -6 TMPFILE=$TEMPDIR/tempfile.txt || exit -6
if [[ "$DEBUG" -eq 0 ]]; then if [[ "$DEBUG" -eq 0 ]]; then
ERRFILE="/dev/null" ERRFILE="/dev/null"
@ -11218,9 +11217,9 @@ filter_ip6_address() {
continue continue
fi fi
if "$HAS_SED_E"; then if "$HAS_SED_E"; then
echo "$a" | sed -E 's/^abcdeABCDEFf0123456789:]//g' | sed -e '/^$/d' -e '/^;;/d' sed -E 's/^abcdeABCDEFf0123456789:]//g' <<< "$a" | sed -e '/^$/d' -e '/^;;/d'
else else
echo "$a" | sed -r 's/[^abcdefABCDEF0123456789:]//g' | sed -e '/^$/d' -e '/^;;/d' sed -r 's/[^abcdefABCDEF0123456789:]//g' <<< "$a" | sed -e '/^$/d' -e '/^;;/d'
fi fi
done done
} }
@ -11233,9 +11232,9 @@ filter_ip4_address() {
continue continue
fi fi
if "$HAS_SED_E"; then if "$HAS_SED_E"; then
echo "$a" | sed -E 's/[^[:digit:].]//g' | sed -e '/^$/d' sed -E 's/[^[:digit:].]//g' <<< "$a" | sed -e '/^$/d'
else else
echo "$a" | sed -r 's/[^[:digit:].]//g' | sed -e '/^$/d' sed -r 's/[^[:digit:].]//g' <<< "$a" | sed -e '/^$/d'
fi fi
done done
} }
@ -11578,7 +11577,7 @@ sclient_auth() {
# this function determines OPTIMAL_PROTO. It is a workaround function as under certain circumstances # this function determines OPTIMAL_PROTO. It is a workaround function as under certain circumstances
# (e.g. IIS6.0 and openssl 1.0.2 as opposed to 1.0.1) needs a protocol otherwise s_client -connect will fail! # (e.g. IIS6.0 and openssl 1.0.2 as opposed to 1.0.1) needs a protocol otherwise s_client -connect will fail!
# Circumstances observed so far: 1.) IIS 6 2.) starttls + dovecot imap # Circumstances observed so far: 1.) IIS 6 2.) starttls + dovecot imap
# The first try in the loop is empty as we prefer not to specify always a protocol if it works w/o. # The first try in the loop is empty as we prefer not to specify always a protocol if we can get along w/o it
# #
determine_optimal_proto() { determine_optimal_proto() {
local all_failed local all_failed
@ -11659,9 +11658,9 @@ determine_service() {
ua="$UA_SNEAKY" || \ ua="$UA_SNEAKY" || \
ua="$UA_STD" ua="$UA_STD"
GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n" GET_REQ11="GET $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
#HEAD_REQ11="HEAD $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n" # HEAD_REQ11="HEAD $URL_PATH HTTP/1.1\r\nHost: $NODE\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
#GET_REQ10="GET $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n" # GET_REQ10="GET $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nConnection: Close\r\nAccept: text/*\r\n\r\n"
#HEAD_REQ10="HEAD $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n" # HEAD_REQ10="HEAD $URL_PATH HTTP/1.0\r\nUser-Agent: $ua\r\nAccept: text/*\r\n\r\n"
service_detection $OPTIMAL_PROTO service_detection $OPTIMAL_PROTO
else else
# STARTTLS # STARTTLS
@ -11811,9 +11810,35 @@ run_mx_all_ips() {
return $ret return $ret
} }
run_mass_testing() {
local cmdline=""
local first=true
local global_cmdline=${CMDLINE%%--file*} # $global_cmdline may have arguments in addition to the one in the file
if [[ ! -r "$FNAME" ]] && "$IKNOW_FNAME"; then
fatal "Can't read file \"$FNAME\"" "2"
fi
pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n"
while read cmdline; do
cmdline=$(filter_input "$cmdline")
[[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch $cmdline"
draw_line "=" $((TERM_WIDTH / 2)); outln;
outln "$cmdline"
"$first" || fileout_separator # this is needed for appended output, see #687
CHILD_MASS_TESTING=true $cmdline # we call ourselves here. $do_mass_testing is the parent, $CHILD_MASS_TESTING... you figured
first=false
done < "${FNAME}"
return $?
}
#FIXME: not called/tested yet
run_mass_testing_parallel() { run_mass_testing_parallel() {
local cmdline="" local cmdline=""
local first=true
local global_cmdline=${CMDLINE%%--file*} local global_cmdline=${CMDLINE%%--file*}
if [[ ! -r "$FNAME" ]] && $IKNOW_FNAME; then if [[ ! -r "$FNAME" ]] && $IKNOW_FNAME; then
@ -11828,40 +11853,15 @@ run_mass_testing_parallel() {
[[ "$cmdline" == "EOF" ]] && break [[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch $cmdline" cmdline="$0 $global_cmdline --warnings=batch $cmdline"
draw_line "=" $((TERM_WIDTH / 2)); outln; draw_line "=" $((TERM_WIDTH / 2)); outln;
determine_logfile
outln "$cmdline" outln "$cmdline"
CHILD_MASS_TESTING=true $cmdline >$LOGFILE & CHILD_MASS_TESTING=true $cmdline >$LOGFILE &
# first=false
sleep $PARALLEL_SLEEP sleep $PARALLEL_SLEEP
done < "$FNAME" done < "$FNAME"
return $? return $?
} }
run_mass_testing() {
local cmdline=""
local first=true
local global_cmdline=${CMDLINE%%--file*}
if [[ ! -r "$FNAME" ]] && "$IKNOW_FNAME"; then
fatal "Can't read file \"$FNAME\"" "2"
fi
pr_reverse "====== Running in file batch mode with file=\"$FNAME\" ======"; outln "\n"
while read cmdline; do
cmdline=$(filter_input "$cmdline")
[[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch $cmdline"
draw_line "=" $((TERM_WIDTH / 2)); outln;
outln "$cmdline"
"$first" || fileout_separator
CHILD_MASS_TESTING=true $cmdline
first=false
done < "${FNAME}"
return $?
}
# This initializes boolean global do_* variables. They keep track of what to do # This initializes boolean global do_* variables. They keep track of what to do
# -- as the name insinuates # -- as the name insinuates
@ -12490,9 +12490,6 @@ ip=""
lets_roll init lets_roll init
initialize_globals initialize_globals
parse_cmd_line "$@" parse_cmd_line "$@"
json_header
csv_header
html_header
get_install_dir get_install_dir
set_color_functions set_color_functions
maketempf maketempf
@ -12503,6 +12500,9 @@ mybanner
check_proxy check_proxy
check4openssl_oldfarts check4openssl_oldfarts
check_bsd_mount check_bsd_mount
json_header
csv_header
html_header
if "$do_display_only"; then if "$do_display_only"; then
prettyprint_local "$PATTERN2SHOW" prettyprint_local "$PATTERN2SHOW"