Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-30 05:15:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

- version bumped to 2.1rc1, better layout for chacha (albeit bit ugly), better layout for all ciphers, test_just_one w/ headline

Browse Source
This commit is contained in:
Dirk
2014-11-18 01:36:29 +01:00
parent 16279267ea
commit cf8fa2c3f3
1 changed files with 11 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
testssl.sh
View File

@@ -4,7 +4,7 @@
# Program for spotting weak SSL encryption, ciphers, version and some vulnerablities or features
VERSION="2.1beta"
VERSION="2.1rc1"
SWURL="https://testssl.sh"
SWCONTACT="dirk aet testssl dot sh"
@@ -443,7 +443,7 @@ prettyprint_local() {
neat_header
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslversmin kx auth enc mac export; do
normalize_ciphercode $hexcode
normalize_ciphercode $hexcode
if [ -n "$1" ]; then
echo $HEXC | grep -iq "$1" || continue
fi
@@ -554,35 +554,35 @@ sockread() {
show_rfc_style(){
[ ! -r "$MAP_RFC_FNAME" ] && return 1
RFCname=`grep -iw $1 $MAP_RFC_FNAME | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/'`
RFCname=`grep -iw $1 "$MAP_RFC_FNAME" | sed -e 's/^.*TLS/TLS/' -e 's/^.*SSL/SSL/'`
[ -n "$RFCname" ] && out "$RFCname"
return 0
}
# header and list for all_ciphers+cipher_per_proto, and PFS+RC4
neat_header(){
outln " Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${MAP_RFC_FNAME:+ Cipher Suite Name (RFC)}"
outln " Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits${MAP_RFC_FNAME:+ Cipher Suite Name (RFC)}"
outln "-------------------------------------------------------------------------${MAP_RFC_FNAME:+------------------------------------------------}"
}
neat_list(){
kx=`echo $3 | sed 's/Kx=//g'`
enc=`echo $4 | sed 's/Enc=//g'`
strength=`echo $enc | sed -e 's/.*(//' -e 's/)//'`
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305//g'` # workaround for empty strength=ChaCha20-Poly1305
enc=`echo $enc | sed -e 's/(.*)//g'`
strength=`echo $enc | sed -e 's/.*(//' -e 's/)//'` # strength = encryption bits
strength=`echo $strength | sed -e 's/ChaCha20-Poly1305/ly1305/g'` # workaround for empty bits ChaCha20-Poly1305
enc=`echo $enc | sed -e 's/(.*)//g' -e 's/ChaCha20-Poly1305/ChaCha20-Po/g'` # workaround for empty bits ChaCha20-Poly1305
echo "$export" | grep -iq export && strength="$strength,export"
$ECHO " [%-8s] %-29s %-10s %-10s %-9s${MAP_RFC_FNAME:+ %-40s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
$ECHO " %-8s %-29s %-10s %-11s%-11s${MAP_RFC_FNAME:+ %-48s}${SHOW_EACH_C:+ }" "$1" "$2" "$kx" "$enc" "$strength" "$(show_rfc_style $HEXC)"
}
test_just_one(){
blue "--> Testing single cipher with word pattern "\"$1\"" (ignore case)"; outln "\n"
neat_header
for arg in `echo $@ | sed 's/,/ /g'`; do
# 1st check whether openssl has cipher or not
$OPENSSL ciphers -V 'ALL:COMPLEMENTOFALL:@STRENGTH' | while read hexcode dash ciph sslvers kx auth enc mac export ; do
normalize_ciphercode $hexcode
neat_list $HEXC $ciph $kx $enc | strings | grep -qwai "$arg" # -w doesn't work yest for cipher strings --> column positioning
neat_list $HEXC $ciph $kx $enc | strings | grep -qwai "$arg"
if [ $? -eq 0 ]; then
$OPENSSL s_client -cipher $ciph $STARTTLS -connect $NODEIP:$PORT $SNI &>$TMPFILE </dev/null
ret=$?
@@ -827,7 +827,6 @@ simple_preference() {
fi
outln
#gmt_unix_time, removed since 1.0.1f
#
#remotetime=`grep -w "Start Time" $TMPFILE | sed 's/[A-Za-z:() ]//g'`
@@ -1952,7 +1951,7 @@ case "$1" in
exit $ret ;;
esac
# $Id: testssl.sh,v 1.136 2014/11/17 23:26:57 dirkw Exp $
# $Id: testssl.sh,v 1.137 2014/11/18 00:36:28 dirkw Exp $
# vim:ts=5:sw=5