mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-20 23:49:30 +01:00
- FIX regression: CRIME check
- FIX: port ended up sometimes as URL part - also if it runs http a line is displayed as confirmation that HTTP was detected
This commit is contained in:
parent
db99cc8c0c
commit
d15d5b0c6f
19
testssl.sh
19
testssl.sh
@ -331,8 +331,6 @@ EOF
|
|||||||
|
|
||||||
# determines whether the port has an HTTP service running or not (plain TLS, no STARTTLS)
|
# determines whether the port has an HTTP service running or not (plain TLS, no STARTTLS)
|
||||||
runs_HTTP() {
|
runs_HTTP() {
|
||||||
ret=1
|
|
||||||
|
|
||||||
# SNI is nonsense for !HTTP but fortunately SMTP and friends don't care
|
# SNI is nonsense for !HTTP but fortunately SMTP and friends don't care
|
||||||
printf "GET / HTTP/1.1\r\nServer: $NODE\r\n\r\n\r\n" | $OPENSSL s_client -quiet -connect $NODE:$PORT $SNI &>$TMPFILE &
|
printf "GET / HTTP/1.1\r\nServer: $NODE\r\n\r\n\r\n" | $OPENSSL s_client -quiet -connect $NODE:$PORT $SNI &>$TMPFILE &
|
||||||
wait_kill $! $HEADER_MAXSLEEP
|
wait_kill $! $HEADER_MAXSLEEP
|
||||||
@ -344,10 +342,13 @@ runs_HTTP() {
|
|||||||
|
|
||||||
case $SERVICE in
|
case $SERVICE in
|
||||||
HTTP)
|
HTTP)
|
||||||
;;
|
outln " HTTP service detected\n"
|
||||||
|
ret=0 ;;
|
||||||
IMAP|POP|SMTP)
|
IMAP|POP|SMTP)
|
||||||
outln " $SERVICE service detected, thus skipping HTTP checks\n" ;;
|
outln " $SERVICE service detected, thus skipping HTTP checks\n"
|
||||||
*) outln " Couldn't determine what's running on port $PORT, assuming not HTTP\n" ;;
|
ret=0 ;;
|
||||||
|
*) outln " Couldn't determine what's running on port $PORT, assuming not HTTP\n"
|
||||||
|
ret=1;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
tmpfile_handle $FUNCNAME.txt
|
tmpfile_handle $FUNCNAME.txt
|
||||||
@ -2086,8 +2087,8 @@ crime() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
#STR=`$OPENSSL s_client $ADDCMD $STARTTLS -connect $NODEIP:$PORT $SNI 2>&1 </dev/null | grep Compression `
|
#STR=`$OPENSSL s_client $ADDCMD $STARTTLS -connect $NODEIP:$PORT $SNI 2>&1 </dev/null | grep Compression `
|
||||||
$OPENSSL s_client $ADDCMD $STARTTLS -connect $NODEIP:$PORT $SNI 2>&1 </dev/null >$TMPFILE
|
$OPENSSL s_client $ADDCMD $STARTTLS -connect $NODEIP:$PORT $SNI </dev/null &>$TMPFILE
|
||||||
if grep Compression | grep -q NONE >/dev/null; then
|
if grep Compression $TMPFILE | grep -q NONE >/dev/null; then
|
||||||
pr_green "not vulnerable (OK)"
|
pr_green "not vulnerable (OK)"
|
||||||
[[ $SERVICE == "HTTP" ]] || out " (not using HTTP anyway)"
|
[[ $SERVICE == "HTTP" ]] || out " (not using HTTP anyway)"
|
||||||
ret=0
|
ret=0
|
||||||
@ -2528,7 +2529,7 @@ parse_hn_port() {
|
|||||||
fi
|
fi
|
||||||
SNI="-servername $NODE"
|
SNI="-servername $NODE"
|
||||||
|
|
||||||
URL_PATH=`echo $1 | sed 's/.*'"${NODE}"'//'` # remove protocol and node part
|
URL_PATH=`echo $1 | sed 's/.*'"${NODE}"'//' | sed 's/.*'"${PORT}"'//'` # remove protocol and node part and port
|
||||||
URL_PATH=`echo $URL_PATH | sed 's/\/\//\//g'` # we rather want // -> /
|
URL_PATH=`echo $URL_PATH | sed 's/\/\//\//g'` # we rather want // -> /
|
||||||
|
|
||||||
# now get NODEIP
|
# now get NODEIP
|
||||||
@ -2833,6 +2834,6 @@ case "$1" in
|
|||||||
exit $ret ;;
|
exit $ret ;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
# $Id: testssl.sh,v 1.185 2015/02/12 08:32:46 dirkw Exp $
|
# $Id: testssl.sh,v 1.186 2015/02/12 12:40:52 dirkw Exp $
|
||||||
# vim:ts=5:sw=5
|
# vim:ts=5:sw=5
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user