From 4579ed239814536aee2e32828cc7f63c1a8dc186 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 25 Apr 2017 15:06:41 +0200 Subject: [PATCH 1/3] Fix prln usage to outln --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index e8d54b2..52bd3ef 100755 --- a/testssl.sh +++ b/testssl.sh @@ -9116,7 +9116,7 @@ run_ticketbleed() { [[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for Ticketbleed vulnerability " && outln pr_bold " Ticketbleed"; out " ($cve), experiment. " - [[ "$SERVICE" != HTTP ]] && prln "-- (applicable only for HTTPS)" && return 0 + [[ "$SERVICE" != HTTP ]] && outln "-- (applicable only for HTTPS)" && return 0 if $(has_server_protocol "tls1"); then tls_hexcode="x03, x01" From 9c7076b5792eb58f273bd7dd93559c39e2845e8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 25 Apr 2017 15:12:01 +0200 Subject: [PATCH 2/3] $? has an exitcode of the previous if then fi statement, use exit $ret --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index e8d54b2..edf8569 100755 --- a/testssl.sh +++ b/testssl.sh @@ -12990,5 +12990,5 @@ lets_roll() { #} #main -exit $? +exit $ret From 3d2666ab7903cb5a5ebaf107aa39ccd9c131cbef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Tue, 25 Apr 2017 16:17:43 +0200 Subject: [PATCH 3/3] Downgrade BREACH attack to MEDIUM severity (as it depends on many things) --- testssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index ed5bad5..92a9106 100755 --- a/testssl.sh +++ b/testssl.sh @@ -9548,7 +9548,7 @@ run_breach() { pr_svrty_high "potentially NOT ok, uses $result HTTP compression." outln "$disclaimer" outln "$spaces$when_makesense" - fileout "breach" "HIGH" "BREACH: potentially VULNERABLE, uses $result HTTP compression. $disclaimer ($when_makesense)" "$cve" "$cwe" "$hint" + fileout "breach" "MEDIUM" "BREACH: potentially VULNERABLE, uses $result HTTP compression. $disclaimer ($when_makesense)" "$cve" "$cwe" "$hint" ret=1 fi # Any URL can be vulnerable. I am testing now only the given URL!