mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-06 00:39:44 +01:00
commit
ab55c26424
56
testssl.sh
56
testssl.sh
@ -11,7 +11,7 @@
|
||||
# Please file bugs at github! https://github.com/drwetter/testssl.sh/issues
|
||||
#
|
||||
# Project lead and initiator: Dirk Wetter, copyleft: 2007-today, contributions so far see CREDITS.md
|
||||
# Main contriubtions from David Cooper
|
||||
# Main contributions from David Cooper
|
||||
#
|
||||
# License: GPLv2, see http://www.fsf.org/licensing/licenses/info/GPLv2.html
|
||||
# and accompanying license "LICENSE.txt". Redistribution + modification under this
|
||||
@ -93,7 +93,7 @@ declare -r ALLOK=0 # All is fine
|
||||
#
|
||||
declare -r PS4='|${LINENO}> \011${FUNCNAME[0]:+${FUNCNAME[0]}(): }'
|
||||
DEBUGTIME=${DEBUGTIME:-false} # stackoverflow.com/questions/5014823/how-to-profile-a-bash-shell-script-slow-startup#20855353, profiling bash
|
||||
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one sceen (old behaviour for testssl.sh and bash3's default
|
||||
DEBUG_ALLINONE=${DEBUG_ALLINONE:-false} # true: do debugging in one screen (old behavior for testssl.sh and bash3's default
|
||||
# false: needed for performance analysis or useful for just having an extra file
|
||||
DEBUG_ALLINONE=${SETX:-false} # SETX as a shortcut for old style debugging, overriding DEBUG_ALLINONE
|
||||
if [[ "$SHELLOPTS" =~ xtrace ]]; then
|
||||
@ -139,7 +139,7 @@ TESTSSL_INSTALL_DIR="${TESTSSL_INSTALL_DIR:-""}" # If you run testssl.sh and it
|
||||
CA_BUNDLES_PATH="${CA_BUNDLES_PATH:-""}" # You can have your stores some place else
|
||||
ADDITIONAL_CA_FILES="${ADDITIONAL_CA_FILES:-""}" # single file with a CA in PEM format or comma separated lists of them
|
||||
CIPHERS_BY_STRENGTH_FILE=""
|
||||
TLS_DATA_FILE="" # mandatory file for socket-based handdhakes
|
||||
TLS_DATA_FILE="" # mandatory file for socket-based handshakes
|
||||
OPENSSL_LOCATION=""
|
||||
HNAME="$(hostname)"
|
||||
HNAME="${HNAME%%.*}"
|
||||
@ -202,7 +202,7 @@ SSL_NATIVE=${SSL_NATIVE:-false} # we do per default bash sockets where p
|
||||
ASSUME_HTTP=${ASSUME_HTTP:-false} # in seldom cases (WAF, old servers, grumpy SSL) service detection fails. "True" enforces HTTP checks
|
||||
BUGS=${BUGS:-""} # -bugs option from openssl, needed for some BIG IP F5
|
||||
WARNINGS=${WARNINGS:-""} # can be either off or batch
|
||||
DEBUG=${DEBUG:-0} # 1: normal putput the files in /tmp/ are kept for further debugging purposes
|
||||
DEBUG=${DEBUG:-0} # 1: normal output the files in /tmp/ are kept for further debugging purposes
|
||||
# 2: list more what's going on , also lists some errors of connections
|
||||
# 3: slight hexdumps + other info,
|
||||
# 4: display bytes sent via sockets
|
||||
@ -237,7 +237,7 @@ MAX_WAITSOCK=${MAX_WAITSOCK:-10} # waiting at max 10 seconds for socket r
|
||||
CCS_MAX_WAITSOCK=${CCS_MAX_WAITSOCK:-5} # for the two CCS payload (each). There shouldn't be any reason to change this.
|
||||
HEARTBLEED_MAX_WAITSOCK=${HEARTBLEED_MAX_WAITSOCK:-8} # for the heartbleed payload. There shouldn't be any reason to change this.
|
||||
STARTTLS_SLEEP=${STARTTLS_SLEEP:-10} # max time wait on a socket for STARTTLS. MySQL has a fixed value of 1 which can't be overwritten (#914)
|
||||
FAST_STARTTLS=${FAST_STARTTLS:-true} # at the cost of reliabilty decrease the handshakes for STARTTLS
|
||||
FAST_STARTTLS=${FAST_STARTTLS:-true} # at the cost of reliability decrease the handshakes for STARTTLS
|
||||
USLEEP_SND=${USLEEP_SND:-0.1} # sleep time for general socket send
|
||||
USLEEP_REC=${USLEEP_REC:-0.2} # sleep time for general socket receive
|
||||
HSTS_MIN=${HSTS_MIN:-179} # >179 days is ok for HSTS
|
||||
@ -286,7 +286,7 @@ PROTOS_OFFERED="" # This keeps which protocol is being off
|
||||
DETECTED_TLS_VERSION=""
|
||||
TLS_EXTENSIONS=""
|
||||
declare -r NPN_PROTOs="spdy/4a2,spdy/3,spdy/3.1,spdy/2,spdy/1,http/1.1"
|
||||
# alpn_protos needs to be space-separated, not comma-seperated, including odd ones observerd @ facebook and others, old ones like h2-17 omitted as they could not be found
|
||||
# alpn_protos needs to be space-separated, not comma-seperated, including odd ones observed @ facebook and others, old ones like h2-17 omitted as they could not be found
|
||||
declare -r ALPN_PROTOs="h2 spdy/3.1 http/1.1 h2-fb spdy/1 spdy/2 spdy/3 stun.turn stun.nat-discovery webrtc c-webrtc ftp"
|
||||
declare -a SESS_RESUMPTION
|
||||
TEMPDIR=""
|
||||
@ -469,7 +469,7 @@ html_reserved(){
|
||||
html_out() {
|
||||
"$do_html" || return 0
|
||||
[[ -n "$HTMLFILE" ]] && [[ ! -d "$HTMLFILE" ]] && printf -- "%b" "${1//%/%%}" >> "$HTMLFILE"
|
||||
# here and other printf's: a little bit of sanitzing with bash internal search&replace -- otherwise printf will hiccup at '%'. '--' and %b do the rest.
|
||||
# here and other printf's: a little bit of sanitizing with bash internal search&replace -- otherwise printf will hiccup at '%'. '--' and %b do the rest.
|
||||
}
|
||||
|
||||
# This is intentionally the same.
|
||||
@ -1490,7 +1490,7 @@ http_get() {
|
||||
fi
|
||||
return $?
|
||||
else
|
||||
# Worst option: slower and hiccups with chunked transfers. Workround for the
|
||||
# Worst option: slower and hiccups with chunked transfers. Workaround for the
|
||||
# latter is using HTTP/1.0. We do not support https here, yet.
|
||||
# First the URL will be split
|
||||
IFS=/ read -r proto z node query <<< "$1"
|
||||
@ -1766,7 +1766,7 @@ asciihex_to_binary_file(){
|
||||
}
|
||||
|
||||
# arg1: text string
|
||||
# Output a comma-separated ASCII-HEX string resprestation of the input string.
|
||||
# Output a comma-separated ASCII-HEX string representation of the input string.
|
||||
string_to_asciihex() {
|
||||
local string="$1"
|
||||
local -i i eos
|
||||
@ -1821,7 +1821,7 @@ s_client_options() {
|
||||
! "$HAS_NO_SSL2" && options="${options//-no_ssl2/}"
|
||||
|
||||
# At least one server will fail under some circumstances if compression methods are offered.
|
||||
# So, only offer compression methds if necessary for the test. In OpenSSL 1.1.0 and
|
||||
# So, only offer compression methods if necessary for the test. In OpenSSL 1.1.0 and
|
||||
# 1.1.1 compression is only offered if the "-comp" option is provided.
|
||||
# OpenSSL 1.0.0, 1.0.1, and 1.0.2 offer compression unless the "-no_comp" option is provided.
|
||||
# OpenSSL 0.9.8 does not support either the "-comp" or the "-no_comp" option.
|
||||
@ -1874,7 +1874,7 @@ service_detection() {
|
||||
local -i was_killed
|
||||
|
||||
if ! "$CLIENT_AUTH"; then
|
||||
# SNI is not standardardized for !HTTPS but fortunately for other protocols s_client doesn't seem to care
|
||||
# SNI is not standardized for !HTTPS but fortunately for other protocols s_client doesn't seem to care
|
||||
printf "$GET_REQ11" | $OPENSSL s_client $(s_client_options "$1 -quiet $BUGS -connect $NODEIP:$PORT $PROXY $SNI") >$TMPFILE 2>$ERRFILE &
|
||||
wait_kill $! $HEADER_MAXSLEEP
|
||||
was_killed=$?
|
||||
@ -2299,7 +2299,7 @@ run_hpkp() {
|
||||
fileout "HPKP_SPKIs" "INFO" "Only Public-Key-Pins-Report-Only"
|
||||
fi
|
||||
|
||||
# remove leading Public-Key-Pins* and convert it to mulitline arg
|
||||
# remove leading Public-Key-Pins* and convert it to multiline arg
|
||||
sed -e 's/Public-Key-Pins://g' -e s'/Public-Key-Pins-Report-Only://' <<< "$first_hpkp_header" | \
|
||||
tr ';' '\n' | sed -e 's/\"//g' -e 's/^ //' >$TMPFILE
|
||||
|
||||
@ -4710,7 +4710,7 @@ run_prototest_openssl() {
|
||||
}
|
||||
|
||||
# idempotent function to add SSL/TLS protocols. It should accelerate testing.
|
||||
# PROTOS_OFFERED can be e.g. "ssl2:no ssl3:no tls1_2:yes" which means tha
|
||||
# PROTOS_OFFERED can be e.g. "ssl2:no ssl3:no tls1_2:yes" which means that
|
||||
# SSLv2 and SSLv3 was tested but not available, TLS 1.2 was tested and available
|
||||
# TLS 1.0 and TLS 1.2 not tested yet
|
||||
#
|
||||
@ -4725,7 +4725,7 @@ add_tls_offered() {
|
||||
fi
|
||||
}
|
||||
|
||||
# function which checks whether SSLv2 - TLS 1.2 is being offereed, see add_tls_offered()
|
||||
# function which checks whether SSLv2 - TLS 1.2 is being offered, see add_tls_offered()
|
||||
has_server_protocol() {
|
||||
local proto
|
||||
local proto_val_pair
|
||||
@ -6176,8 +6176,8 @@ cipher_pref_check() {
|
||||
if [[ $p == tls1_2 ]] && ! "$SERVER_SIZE_LIMIT_BUG"; then
|
||||
# for some servers the ClientHello is limited to 128 ciphers or the ClientHello itself has a length restriction.
|
||||
# So far, this was only observed in TLS 1.2, affected are e.g. old Cisco LBs or ASAs, see issue #189
|
||||
# To check whether a workaround is needed we send a laaarge list of ciphers/big client hello. If connect fails,
|
||||
# we hit the bug and automagically do the workround. Cost: this is for all servers only 1x more connect
|
||||
# To check whether a workaround is needed we send a large list of ciphers/big client hello. If connect fails,
|
||||
# we hit the bug and automagically do the workaround. Cost: this is for all servers only 1x more connect
|
||||
$OPENSSL s_client $(s_client_options "$STARTTLS -tls1_2 $BUGS -cipher "$overflow_probe_cipherlist" -connect $NODEIP:$PORT $PROXY $SNI") </dev/null 2>>$ERRFILE >$TMPFILE
|
||||
if ! sclient_connect_successful $? $TMPFILE; then
|
||||
#FIXME this needs to be handled differently. We need 2 status: BUG={true,false,not tested yet}
|
||||
@ -6723,7 +6723,7 @@ extract_certificates() {
|
||||
issuerDN="$($OPENSSL x509 -in $HOSTCERT -noout -issuer 2>/dev/null)"
|
||||
issuerDN="${issuerDN:8}"
|
||||
previssuerDN="$issuerDN"
|
||||
# The second certficate (level1.crt) SHOULD be issued to the CA
|
||||
# The second certificate (level1.crt) SHOULD be issued to the CA
|
||||
# that issued the server's certificate. But, according to RFC 8446
|
||||
# clients SHOULD be prepared to handle cases in which the server
|
||||
# does not order the certificates correctly.
|
||||
@ -6916,7 +6916,7 @@ get_cn_from_cert() {
|
||||
# attention! openssl 1.0.2 doesn't properly handle online output from certificates from trustwave.com/github.com
|
||||
#FIXME: use -nameopt oid for robustness
|
||||
|
||||
# for e.g. russian sites -esc_msb,utf8 works in an UTF8 terminal -- any way to check platform indepedent?
|
||||
# for e.g. russian sites -esc_msb,utf8 works in an UTF8 terminal -- any way to check platform independent?
|
||||
# see x509(1ssl):
|
||||
subject="$($OPENSSL x509 -in $1 -noout -subject -nameopt multiline,-align,sname,-esc_msb,utf8,-space_eq 2>>$ERRFILE)"
|
||||
echo "$(awk -F'=' '/CN=/ { print $2 }' <<< "$subject")"
|
||||
@ -6964,7 +6964,7 @@ wildcard_match()
|
||||
is_wildcard "$certname"
|
||||
[[ $? -ne 0 ]] && return 1
|
||||
|
||||
# Comparisons of DNS names are case insenstive, so convert both names to uppercase.
|
||||
# Comparisons of DNS names are case insensitive, so convert both names to uppercase.
|
||||
certname="$(toupper "$certname")"
|
||||
servername="$(toupper "$servername")"
|
||||
|
||||
@ -8886,7 +8886,7 @@ run_pfs() {
|
||||
if [[ -z "$curves_offered" ]] && [[ -n "$curve_found" ]]; then
|
||||
# The server is not using one of the groups from RFC 7919.
|
||||
if [[ -z "$DH_GROUP_OFFERED" ]]; then
|
||||
# this global will get the name of the group eithe here or in run_logjam()
|
||||
# this global will get the name of the group either here or in run_logjam()
|
||||
key_bitstring="$(awk '/-----BEGIN PUBLIC KEY/,/-----END PUBLIC KEY/ { print $0 }' $TEMPDIR/$NODEIP.parse_tls_serverhello.txt)"
|
||||
get_common_prime "$jsonID" "$key_bitstring" ""
|
||||
[[ $? -eq 0 ]] && curves_offered="$DH_GROUP_OFFERED" && len_dh_p=$DH_GROUP_LEN_P
|
||||
@ -10582,7 +10582,7 @@ check_tls_serverhellodone() {
|
||||
[[ -z "$key_and_iv" ]] && [[ $tls_handshake_ascii_len -gt 0 ]]; then
|
||||
return 3
|
||||
fi
|
||||
# If we haven't encoountered a fatal alert or a server hello done,
|
||||
# If we haven't encountered a fatal alert or a server hello done,
|
||||
# then there must be more data to retrieve.
|
||||
return 1
|
||||
}
|
||||
@ -12995,7 +12995,7 @@ sub_session_ticket_tls() {
|
||||
|
||||
#FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output
|
||||
# from a previous handshake) --> would save 1x connect
|
||||
#ATTENTION: we DO NOT use SNI here as we assume ticketbleed is a vulnerabilty of the TLS stack. If we'd do SNI here, we'd also need
|
||||
#ATTENTION: we DO NOT use SNI here as we assume ticketbleed is a vulnerability of the TLS stack. If we'd do SNI here, we'd also need
|
||||
# it in the ClientHello of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work!
|
||||
#
|
||||
sessticket_tls="$($OPENSSL s_client $(s_client_options "$BUGS $OPTIMAL_PROTO $PROXY -connect $NODEIP:$PORT") </dev/null 2>$ERRFILE | awk '/TLS session ticket:/,/^$/' | awk '!/TLS session ticket/')"
|
||||
@ -13979,14 +13979,14 @@ out_common_prime() {
|
||||
out "common primes detected: "; pr_italic "$DH_GROUP_OFFERED"
|
||||
fileout "$jsonID2" "INFO" "$DH_GROUP_OFFERED" "$cve" "$cwe"
|
||||
# Now (below) size matters -- i.e. the bit size. As this is about a known prime we label it more strict.
|
||||
# This needs maybe needs a another thought as it could appear inconsitent with run_pfs and elsewhere.
|
||||
# for now we label the bit size similar in the screen, but distiguish the leading text for logjam before
|
||||
# This needs maybe needs another thought as it could appear inconsistent with run_pfs and elsewhere.
|
||||
# for now we label the bit size similar in the screen, but distinguish the leading text for logjam before
|
||||
elif [[ $DH_GROUP_LEN_P -le 800 ]]; then
|
||||
pr_svrty_critical "VULNERABLE (NOT ok):"; out " common prime: "
|
||||
fileout "$jsonID2" "CRITICAL" "$DH_GROUP_OFFERED" "$cve" "$cwe"
|
||||
pr_dh "$DH_GROUP_OFFERED" $DH_GROUP_LEN_P
|
||||
elif [[ $DH_GROUP_LEN_P -le 1024 ]]; then
|
||||
# really? Here we assume that 1024bit common prime for nation states are worth and possible to precompute (TBC)
|
||||
# really? Here we assume that 1024-bit common prime for nation states are worth and possible to precompute (TBC)
|
||||
# otherwise 1024 are just medium
|
||||
pr_svrty_high "VULNERABLE (NOT ok):"; out " common prime: "
|
||||
fileout "$jsonID2" "HIGH" "$DH_GROUP_OFFERED" "$cve" "$cwe"
|
||||
@ -14154,7 +14154,7 @@ run_logjam() {
|
||||
pr_svrty_good "not vulnerable (OK):"; out " no DH EXPORT ciphers${addtl_warning}"
|
||||
fileout "$jsonID" "OK" "not vulnerable, no DH EXPORT ciphers,$addtl_warning" "$cve" "$cwe"
|
||||
out ", no DH key detected with <= TLS 1.2"
|
||||
fileout "$jsonID2" "OK" "no DH key13977 with <= TLS 1.2" "$cve" "$cwe"
|
||||
fileout "$jsonID2" "OK" "no DH key with <= TLS 1.2" "$cve" "$cwe"
|
||||
elif [[ $subret -eq 0 ]]; then
|
||||
pr_svrty_good "not vulnerable (OK):"; out " no DH EXPORT ciphers${addtl_warning}"
|
||||
fileout "$jsonID" "OK" "not vulnerable, no DH EXPORT ciphers,$addtl_warning" "$cve" "$cwe"
|
||||
@ -15436,7 +15436,7 @@ run_robot() {
|
||||
"$vulnerable" && break
|
||||
fi
|
||||
# Don't continue testing if it has already been determined that the server is
|
||||
# stronly vulnerable.
|
||||
# strongly vulnerable.
|
||||
if [[ $testnum -eq 2 ]]; then
|
||||
[[ "${response[1]}" != "${response[2]}" ]] && break
|
||||
elif [[ $testnum -eq 3 ]]; then
|
||||
@ -15902,7 +15902,7 @@ tuning / connect options (most also can be preset via environment variables):
|
||||
b) arg "one" means: just test the first DNS returns (useful for multiple IPs)
|
||||
-n, --nodns <min|none> if "none": do not try any DNS lookups, "min" queries A, AAAA and MX records
|
||||
--sneaky leave less traces in target logs: user agent, referer
|
||||
--ids-friendly skips a few vulnerablity checks which may cause IDSs to block the scanning IP
|
||||
--ids-friendly skips a few vulnerability checks which may cause IDSs to block the scanning IP
|
||||
--phone-out allow to contact external servers for CRL download and querying OCSP responder
|
||||
|
||||
output options (can also be preset via environment variables):
|
||||
|
Loading…
Reference in New Issue
Block a user