Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-01 06:19:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add output options similar to nmap (FIX #861)

Browse Source
This commit is contained in:
Dirk 2017-10-20 16:32:57 +02:00
parent 52e02d9d43
commit d3795f1254
3 changed files with 53 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
doc/testssl.1
View File

@ -1,7 +1,7 @@
.\" generated with Ronn/v0.7.3
.\" http://github.com/rtomayko/ronn/tree/0.7.3
.
.TH "TESTSSL" "1" "September 2017" "" ""
.TH "TESTSSL" "1" "October 2017" "" ""
.
.SH "NAME"
\fBtestssl\fR
@ -366,31 +366,34 @@ whole 9 yards
\fB\-\-log, \-\-logging\fR Logs stdout also to \fB<NODE>\-p<port#><YYYYMMDD\-HHMM>\.log\fR in current working directory of the shell\. Depending on the color output option (see above) the output file will contain color and other markup escape codes\. \fBcat\fR and \-\- if properly configured \fBless\fR \-\- will show the output properly formatted on your terminal\. The output shows a banner with the almost the same information as on the screen\. In addition it shows the command line of the testssl\.sh instance\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\.
.
.P
\fB\-\-logfile <logfile>\fR Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself\. If \fB<logfile>\fR is a directory the output will put into \fB<logfile>/<NODE>\-p<port#><YYYYMMDD\-HHMM>\.log\fR\. If \fB<logfile>\fRis a file it will use that file name, an absolute path is also permitted here\. LOGFILE is the variable you need to set if you prefer to work environment variables instead\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\.
\fB\-\-logfile <logfile>\fR or \fB\-oL <logfile>\fR Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself\. If \fB<logfile>\fR is a directory the output will put into \fB<logfile>/<NODE>\-p<port#><YYYYMMDD\-HHMM>\.log\fR\. If \fB<logfile>\fRis a file it will use that file name, an absolute path is also permitted here\. LOGFILE is the variable you need to set if you prefer to work environment variables instead\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\.
.
.P
\fB\-\-json\fR Logs additionally to JSON file \fB<NODE>\-p<port#><YYYYMMDD\-HHMM>\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\-pretty\fR flat \-\- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding\. For vulnerabilities it may contain a cve and cwe entry too\. The output doesn\'t contain a banner or a footer\.
.
.P
\fB\-\-jsonfile <jsonfile>\fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fB<jsonfile>\fR is a directory the output will put into \fB<logfile>/<NODE>\-p<port#><YYYYMMDD\-HHMM>\.json\fR\. If \fB<jsonfile>\fRis a file it will use that file name, an absolute path is also permitted here\. JSONFILE is the variable you need to set if you prefer to work environment variables instead\.
\fB\-\-jsonfile <jsonfile>\fR or \fB\-oj <jsonfile>\fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fB<jsonfile>\fR is a directory the output will put into \fB<logfile>/<NODE>\-p<port#><YYYYMMDD\-HHMM>\.json\fR\. If \fB<jsonfile>\fRis a file it will use that file name, an absolute path is also permitted here\. JSONFILE is the variable you need to set if you prefer to work environment variables instead\.
.
.P
\fB\-\-json\-pretty\fR Logs additionally to JSON file \fB<NODE>\-p<port#><YYYYMMDD\-HHMM>\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\fR non\-flat \-\- which means it is structured\. The structure contains a header similar to the banner on the screen (with the epoch of the start time) and then for every test section of testssl\.sh it contains a separate JSON object/section\. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding\. For vulnerabilities it may contain a cve and cwe entry too\. The footer lists the scan time in seconds\.
.
.P
\fB\-\-jsonfile\-pretty <jsonfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in pretty JSON format (see \fB\-\-json\-pretty\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBJSONFILE\fR is the variable you need to set if you prefer to work environment with variables instead\.
\fB\-\-jsonfile\-pretty <jsonfile>\fR or \fB\-oJ <jsonfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in pretty JSON format (see \fB\-\-json\-pretty\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBJSONFILE\fR is the variable you need to set if you prefer to work environment with variables instead\.
.
.P
\fB\-\-csv\fR Logs additionally to a CSV file \fB<NODE>\-p<port#><YYYYMMDD\-HHMM>\.csv\fR in the current working directory of the shell\. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity,the finding and for vulnerabilities a cve and cwe too)\.
.
.P
\fB\-\-csvfile <csvfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in CSV format (see \fB\-\-cvs\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBCSVFILE\fR is the variable you need to set if you prefer to work environment with variables instead\.
\fB\-\-csvfile <csvfile>\fR or \fB\-oC <csvfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in CSV format (see \fB\-\-cvs\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBCSVFILE\fR is the variable you need to set if you prefer to work environment with variables instead\.
.
.P
\-\-html Logs additionally to an HTML file \fB<NODE>\-p<port#><YYYYMMDD\-HHMM>\.html\fR in the current working directory of the shell\. It contains a 1:1 output of the console\. In former versions there was a non\-native option to use "aha" (Ansi HTML Adapter: github\.com/theZiz/aha) like \fBtestssl\.sh <options> <URI> | aha >output\.html\fR \. This is not necessary anymore\.
.
.P
\fB\-\-htmlfile <htmlfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in HTML format (see \fB\-\-html\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\. \fBHTMLFILE\fR is the variable you need to set if you prefer to work with environment variables instead\.
\fB\-\-htmlfile <htmlfile>\fR or \fB\-oH <htmlfile>\fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in HTML format (see \fB\-\-html\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\. \fBHTMLFILE\fR is the variable you need to set if you prefer to work with environment variables instead\.
.
.P
\fB\-oA <basename>\fR / \fB\-oa <basename>\fR Similar to nmap it does a file output to all available file formats: LOG,JSON,CSV,HTML\. \fB\-oA\fR does JSON pretty, \fB\-oa\fR flat JSON
.
.P
\fB\-\-hints\fR This option is not in use yet\. This option is meant to give hints how to fix a finding or at least a help to improve something\. GIVE_HINTS is the environment variable for this\.

12
doc/testssl.1.md
View File

@ -248,23 +248,25 @@ The same can be achieved by setting the environment variable `WARNINGS`.
`--log, --logging` Logs stdout also to `<NODE>-p<port#><YYYYMMDD-HHMM>.log` in current working directory of the shell. Depending on the color output option (see above) the output file will contain color and other markup escape codes. `cat` and -- if properly configured `less` -- will show the output properly formatted on your terminal. The output shows a banner with the almost the same information as on the screen. In addition it shows the command line of the testssl.sh instance. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh.
`--logfile <logfile>` Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself. If `<logfile>` is a directory the output will put into `<logfile>/<NODE>-p<port#><YYYYMMDD-HHMM>.log`. If `<logfile>`is a file it will use that file name, an absolute path is also permitted here. LOGFILE is the variable you need to set if you prefer to work environment variables instead. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh.
`--logfile <logfile>` or `-oL <logfile>` Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself. If `<logfile>` is a directory the output will put into `<logfile>/<NODE>-p<port#><YYYYMMDD-HHMM>.log`. If `<logfile>`is a file it will use that file name, an absolute path is also permitted here. LOGFILE is the variable you need to set if you prefer to work environment variables instead. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh.
`--json` Logs additionally to JSON file `<NODE>-p<port#><YYYYMMDD-HHMM>.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json-pretty` flat -- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding. For vulnerabilities it may contain a cve and cwe entry too. The output doesn't contain a banner or a footer.
`--jsonfile <jsonfile>` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `<jsonfile>` is a directory the output will put into `<logfile>/<NODE>-p<port#><YYYYMMDD-HHMM>.json`. If `<jsonfile>`is a file it will use that file name, an absolute path is also permitted here. JSONFILE is the variable you need to set if you prefer to work environment variables instead.
`--jsonfile <jsonfile>` or `-oj <jsonfile>` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `<jsonfile>` is a directory the output will put into `<logfile>/<NODE>-p<port#><YYYYMMDD-HHMM>.json`. If `<jsonfile>`is a file it will use that file name, an absolute path is also permitted here. JSONFILE is the variable you need to set if you prefer to work environment variables instead.
`--json-pretty` Logs additionally to JSON file `<NODE>-p<port#><YYYYMMDD-HHMM>.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen (with the epoch of the start time) and then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a cve and cwe entry too. The footer lists the scan time in seconds.
`--jsonfile-pretty <jsonfile>` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in pretty JSON format (see `--json-pretty`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `JSONFILE` is the variable you need to set if you prefer to work environment with variables instead.
`--jsonfile-pretty <jsonfile>` or `-oJ <jsonfile>` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in pretty JSON format (see `--json-pretty`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `JSONFILE` is the variable you need to set if you prefer to work environment with variables instead.
`--csv` Logs additionally to a CSV file `<NODE>-p<port#><YYYYMMDD-HHMM>.csv` in the current working directory of the shell. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity,the finding and for vulnerabilities a cve and cwe too).
`--csvfile <csvfile>` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in CSV format (see `--cvs`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `CSVFILE` is the variable you need to set if you prefer to work environment with variables instead.
`--csvfile <csvfile>` or `-oC <csvfile>` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in CSV format (see `--cvs`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `CSVFILE` is the variable you need to set if you prefer to work environment with variables instead.
--html Logs additionally to an HTML file `<NODE>-p<port#><YYYYMMDD-HHMM>.html` in the current working directory of the shell. It contains a 1:1 output of the console. In former versions there was a non-native option to use "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like `testssl.sh <options> <URI> | aha >output.html` . This is not necessary anymore.
`--htmlfile <htmlfile>` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in HTML format (see `--html`) additionally into a file or a directory. For further explanation see `--jsonfile` or `--logfile`. `HTMLFILE` is the variable you need to set if you prefer to work with environment variables instead.
`--htmlfile <htmlfile>` or `-oH <htmlfile>` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in HTML format (see `--html`) additionally into a file or a directory. For further explanation see `--jsonfile` or `--logfile`. `HTMLFILE` is the variable you need to set if you prefer to work with environment variables instead.
`-oA <basename>` / `-oa <basename>` Similar to nmap it does a file output to all available file formats: LOG,JSON,CSV,HTML. `-oA` does JSON pretty, `-oa` flat JSON
`--hints` This option is not in use yet. This option is meant to give hints how to fix a finding or at least a help to improve something. GIVE_HINTS is the environment variable for this.

51
testssl.sh
View File

@ -12629,15 +12629,16 @@ output options (can also be preset via environment variables):
file output options (can also be preset via environment variables)
--log, --logging logs stdout to <NODE>-p<port#><YYYYMMDD-HHMM>.log in current working directory (cwd)
--logfile <logfile> logs stdout to <dir/NODE>-p<port#><YYYYMMDD-HHMM>.log if <logfile> is a dir or to a specified <logfile>
--logfile|-oL <logfile> logs stdout to <dir/NODE>-p<port#><YYYYMMDD-HHMM>.log if <logfile> is a dir or to a specified <logfile>
--json additional output of findings to flat JSON file <NODE>-p<port#><YYYYMMDD-HHMM>.json in cwd
--jsonfile <jsonfile> additional output to the specified flat JSON file or directory, similar to --logfile
--jsonfile|-oj <jsonfile> additional output to the specified flat JSON file or directory, similar to --logfile
--json-pretty additional JSON structured output of findings to a file <NODE>-p<port#><YYYYMMDD-HHMM>.json in cwd
--jsonfile-pretty <jsonfile> additional JSON structured output to the specified file or directory, similar to --logfile
--jsonfile-pretty|-oJ <jsonfile> additional JSON structured output to the specified file or directory, similar to --logfile
--csv additional output of findings to CSV file <NODE>-p<port#><YYYYMMDD-HHMM>.csv in cwd or directory
--csvfile <csvfile> additional output as CSV to the specified file or directory, similar to --logfile
--csvfile|-oC <csvfile> additional output as CSV to the specified file or directory, similar to --logfile
--html additional output as HTML to file <NODE>-p<port#><YYYYMMDD-HHMM>.html
--htmlfile <htmlfile> additional output as HTML to the specifed file or directory, similar to --logfile
--htmlfile|-oH <htmlfile> additional output as HTML to the specifed file or directory, similar to --logfile
-oa/-oA <basename> similar to nmap it outputs a LOG,JSON,CSV,HTML file. -oA: JSON pretty, -oa: flat JSON
--hints additional hints to findings
--severity <severity> severities with lower level will be filtered for CSV+JSON, possible values <LOW|MEDIUM|HIGH|CRITICAL>
--append if <logfile>, <csvfile>, <jsonfile> or <htmlfile> exists rather append then overwrite. Omits any header
@ -13733,7 +13734,7 @@ create_mass_testing_cmdline() {
nr_cmds+=1
else
case "$cmd" in
--jsonfile|--jsonfile=*)
--jsonfile|--jsonfile=*|-oj|-oj=*)
# If <jsonfile> is a file, then have provide a different
# file name to each child process. If <jsonfile> is a
# directory, then just pass it on to the child processes.
@ -13745,7 +13746,7 @@ create_mass_testing_cmdline() {
MASS_TESTING_CMDLINE[nr_cmds]="$cmd"
fi
;;
--jsonfile-pretty|--jsonfile-pretty=*)
--jsonfile-pretty|--jsonfile-pretty=*|-oJ|-oJ=*)
if "$JSONHEADER"; then
MASS_TESTING_CMDLINE[nr_cmds]="--jsonfile-pretty=$TEMPDIR/jsonfile_${test_number}.json"
[[ "$cmd" == --jsonfile-pretty ]] && skip_next=true
@ -13753,7 +13754,7 @@ create_mass_testing_cmdline() {
MASS_TESTING_CMDLINE[nr_cmds]="$cmd"
fi
;;
--csvfile|--csvfile=*)
--csvfile|--csvfile=*|-oC|-oC=*)
if "$CSVHEADER"; then
MASS_TESTING_CMDLINE[nr_cmds]="--csvfile=$TEMPDIR/csvfile_${test_number}.csv"
[[ "$cmd" == --csvfile ]] && skip_next=true
@ -13761,7 +13762,7 @@ create_mass_testing_cmdline() {
MASS_TESTING_CMDLINE[nr_cmds]="$cmd"
fi
;;
--htmlfile|--htmlfile=*)
--htmlfile|--htmlfile=*|-oH|-oH=*)
if "$HTMLHEADER"; then
MASS_TESTING_CMDLINE[nr_cmds]="--htmlfile=$TEMPDIR/htmlfile_${test_number}.html"
[[ "$cmd" == --htmlfile ]] && skip_next=true
@ -14506,7 +14507,7 @@ parse_cmd_line() {
do_logging=true
;; # DEFINITION of LOGFILE if no arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--logfile|--logfile=*)
--logfile|--logfile=*|-oL|-oL=*)
LOGFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_logging=true
@ -14516,7 +14517,7 @@ parse_cmd_line() {
do_json=true
;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--jsonfile|--jsonfile=*)
--jsonfile|--jsonfile=*|-oj|-oj=*)
$do_pretty_json && JSONHEADER=false && fatal "flat and pretty JSON output are mutually exclusive" 251
JSONFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
@ -14526,7 +14527,7 @@ parse_cmd_line() {
$do_json && JSONHEADER=false && fatal "flat and pretty JSON output are mutually exclusive" 251
do_pretty_json=true
;;
--jsonfile-pretty|--jsonfile-pretty=*)
--jsonfile-pretty|--jsonfile-pretty=*|-oJ|-oJ=*)
$do_json && JSONHEADER=false && fatal "flat and pretty JSON output are mutually exclusive" 251
JSONFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
@ -14543,7 +14544,7 @@ parse_cmd_line() {
do_csv=true
;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a log location additionally
--csvfile|--csvfile=*)
--csvfile|--csvfile=*|-oC|-oC=*)
CSVFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_csv=true
@ -14552,11 +14553,33 @@ parse_cmd_line() {
do_html=true
;; # DEFINITION of HTMLFILE is not arg specified: automagically in parse_hn_port()
# following does the same but we can specify a file location additionally
--htmlfile|--htmlfile=*)
--htmlfile|--htmlfile=*|-oH|-oH=*)
HTMLFILE="$(parse_opt_equal_sign "$1" "$2")"
[[ $? -eq 0 ]] && shift
do_html=true
;;
--outFile|--outFile|-oa|-oa=*)
HTMLFILE="$(parse_opt_equal_sign "$1" "$2").html"
CSVFILE="$(parse_opt_equal_sign "$1" "$2").csv"
JSONFILE="$(parse_opt_equal_sign "$1" "$2").json"
LOGFILE="$(parse_opt_equal_sign "$1" "$2").log"
[[ $? -eq 0 ]] && shift
do_html=true
do_json=true
do_csv=true
do_logging=true
;;
--outfile|--outfile|-oA|-oA=*)
HTMLFILE="$(parse_opt_equal_sign "$1" "$2").html"
CSVFILE="$(parse_opt_equal_sign "$1" "$2").csv"
JSONFILE="$(parse_opt_equal_sign "$1" "$2").json"
LOGFILE="$(parse_opt_equal_sign "$1" "$2").log"
[[ $? -eq 0 ]] && shift
do_html=true
do_pretty_json=true
do_csv=true
do_logging=true
;;
--append)
APPEND=true
;;