From d3795f12542ca5866d32476524d6d965ad32cce9 Mon Sep 17 00:00:00 2001 From: Dirk Date: Fri, 20 Oct 2017 16:32:57 +0200 Subject: [PATCH] Add output options similar to nmap (FIX #861) --- doc/testssl.1 | 15 ++++++++------ doc/testssl.1.md | 12 +++++++----- testssl.sh | 51 +++++++++++++++++++++++++++++++++++------------- 3 files changed, 53 insertions(+), 25 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index 0d2efe7..0c6a75a 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "TESTSSL" "1" "September 2017" "" "" +.TH "TESTSSL" "1" "October 2017" "" "" . .SH "NAME" \fBtestssl\fR @@ -366,31 +366,34 @@ whole 9 yards \fB\-\-log, \-\-logging\fR Logs stdout also to \fB\-p\.log\fR in current working directory of the shell\. Depending on the color output option (see above) the output file will contain color and other markup escape codes\. \fBcat\fR and \-\- if properly configured \fBless\fR \-\- will show the output properly formatted on your terminal\. The output shows a banner with the almost the same information as on the screen\. In addition it shows the command line of the testssl\.sh instance\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\. . .P -\fB\-\-logfile \fR Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself\. If \fB\fR is a directory the output will put into \fB/\-p\.log\fR\. If \fB\fRis a file it will use that file name, an absolute path is also permitted here\. LOGFILE is the variable you need to set if you prefer to work environment variables instead\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\. +\fB\-\-logfile \fR or \fB\-oL \fR Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself\. If \fB\fR is a directory the output will put into \fB/\-p\.log\fR\. If \fB\fRis a file it will use that file name, an absolute path is also permitted here\. LOGFILE is the variable you need to set if you prefer to work environment variables instead\. Please note that the resulting log file is formatted according to the width of your screen while running testssl\.sh\. . .P \fB\-\-json\fR Logs additionally to JSON file \fB\-p\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\-pretty\fR flat \-\- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding\. For vulnerabilities it may contain a cve and cwe entry too\. The output doesn\'t contain a banner or a footer\. . .P -\fB\-\-jsonfile \fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fB\fR is a directory the output will put into \fB/\-p\.json\fR\. If \fB\fRis a file it will use that file name, an absolute path is also permitted here\. JSONFILE is the variable you need to set if you prefer to work environment variables instead\. +\fB\-\-jsonfile \fR or \fB\-oj \fR Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself\. If \fB\fR is a directory the output will put into \fB/\-p\.json\fR\. If \fB\fRis a file it will use that file name, an absolute path is also permitted here\. JSONFILE is the variable you need to set if you prefer to work environment variables instead\. . .P \fB\-\-json\-pretty\fR Logs additionally to JSON file \fB\-p\.json\fR in the current working directory of the shell\. The resulting JSON file is opposed to \fB\-\-json\fR non\-flat \-\- which means it is structured\. The structure contains a header similar to the banner on the screen (with the epoch of the start time) and then for every test section of testssl\.sh it contains a separate JSON object/section\. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding\. For vulnerabilities it may contain a cve and cwe entry too\. The footer lists the scan time in seconds\. . .P -\fB\-\-jsonfile\-pretty \fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in pretty JSON format (see \fB\-\-json\-pretty\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBJSONFILE\fR is the variable you need to set if you prefer to work environment with variables instead\. +\fB\-\-jsonfile\-pretty \fR or \fB\-oJ \fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in pretty JSON format (see \fB\-\-json\-pretty\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBJSONFILE\fR is the variable you need to set if you prefer to work environment with variables instead\. . .P \fB\-\-csv\fR Logs additionally to a CSV file \fB\-p\.csv\fR in the current working directory of the shell\. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity,the finding and for vulnerabilities a cve and cwe too)\. . .P -\fB\-\-csvfile \fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in CSV format (see \fB\-\-cvs\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBCSVFILE\fR is the variable you need to set if you prefer to work environment with variables instead\. +\fB\-\-csvfile \fR or \fB\-oC \fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in CSV format (see \fB\-\-cvs\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB`\-\-logfile\fR\. \fBCSVFILE\fR is the variable you need to set if you prefer to work environment with variables instead\. . .P \-\-html Logs additionally to an HTML file \fB\-p\.html\fR in the current working directory of the shell\. It contains a 1:1 output of the console\. In former versions there was a non\-native option to use "aha" (Ansi HTML Adapter: github\.com/theZiz/aha) like \fBtestssl\.sh | aha >output\.html\fR \. This is not necessary anymore\. . .P -\fB\-\-htmlfile \fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in HTML format (see \fB\-\-html\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\. \fBHTMLFILE\fR is the variable you need to set if you prefer to work with environment variables instead\. +\fB\-\-htmlfile \fR or \fB\-oH \fR Similar to the aforementioned \fB\-\-jsonfile\fR or \fB\-\-logfile\fR it logs the output in HTML format (see \fB\-\-html\fR) additionally into a file or a directory\. For further explanation see \fB\-\-jsonfile\fR or \fB\-\-logfile\fR\. \fBHTMLFILE\fR is the variable you need to set if you prefer to work with environment variables instead\. +. +.P +\fB\-oA \fR / \fB\-oa \fR Similar to nmap it does a file output to all available file formats: LOG,JSON,CSV,HTML\. \fB\-oA\fR does JSON pretty, \fB\-oa\fR flat JSON . .P \fB\-\-hints\fR This option is not in use yet\. This option is meant to give hints how to fix a finding or at least a help to improve something\. GIVE_HINTS is the environment variable for this\. diff --git a/doc/testssl.1.md b/doc/testssl.1.md index c45915e..76de546 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -248,23 +248,25 @@ The same can be achieved by setting the environment variable `WARNINGS`. `--log, --logging` Logs stdout also to `-p.log` in current working directory of the shell. Depending on the color output option (see above) the output file will contain color and other markup escape codes. `cat` and -- if properly configured `less` -- will show the output properly formatted on your terminal. The output shows a banner with the almost the same information as on the screen. In addition it shows the command line of the testssl.sh instance. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh. -`--logfile ` Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself. If `` is a directory the output will put into `/-p.log`. If ``is a file it will use that file name, an absolute path is also permitted here. LOGFILE is the variable you need to set if you prefer to work environment variables instead. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh. +`--logfile ` or `-oL ` Instead of the previous option you may want to use this one if you want to log into a directory or if you rather want to specify the log file name yourself. If `` is a directory the output will put into `/-p.log`. If ``is a file it will use that file name, an absolute path is also permitted here. LOGFILE is the variable you need to set if you prefer to work environment variables instead. Please note that the resulting log file is formatted according to the width of your screen while running testssl.sh. `--json` Logs additionally to JSON file `-p.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json-pretty` flat -- which means each section is self contained and has an identifier for each single check, the hostname/IP address, the port, severity and the finding. For vulnerabilities it may contain a cve and cwe entry too. The output doesn't contain a banner or a footer. -`--jsonfile ` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `` is a directory the output will put into `/-p.json`. If ``is a file it will use that file name, an absolute path is also permitted here. JSONFILE is the variable you need to set if you prefer to work environment variables instead. +`--jsonfile ` or `-oj ` Instead of the previous option you may want to use this one if you want to log the JSON out put into a directory or if you rather want to specify the log file name yourself. If `` is a directory the output will put into `/-p.json`. If ``is a file it will use that file name, an absolute path is also permitted here. JSONFILE is the variable you need to set if you prefer to work environment variables instead. `--json-pretty` Logs additionally to JSON file `-p.json` in the current working directory of the shell. The resulting JSON file is opposed to `--json` non-flat -- which means it is structured. The structure contains a header similar to the banner on the screen (with the epoch of the start time) and then for every test section of testssl.sh it contains a separate JSON object/section. Each finding has a key/value pair identifier with the identifier for each single check, the severity and the finding. For vulnerabilities it may contain a cve and cwe entry too. The footer lists the scan time in seconds. -`--jsonfile-pretty ` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in pretty JSON format (see `--json-pretty`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `JSONFILE` is the variable you need to set if you prefer to work environment with variables instead. +`--jsonfile-pretty ` or `-oJ ` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in pretty JSON format (see `--json-pretty`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `JSONFILE` is the variable you need to set if you prefer to work environment with variables instead. `--csv` Logs additionally to a CSV file `-p.csv` in the current working directory of the shell. The output contains a header with the keys, the values are the same as in the flat JSON format (identifier for each single check, the hostname/IP address, the port, severity,the finding and for vulnerabilities a cve and cwe too). -`--csvfile ` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in CSV format (see `--cvs`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `CSVFILE` is the variable you need to set if you prefer to work environment with variables instead. +`--csvfile ` or `-oC ` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in CSV format (see `--cvs`) additionally into a file or a directory. For further explanation see `--jsonfile` or ``--logfile`. `CSVFILE` is the variable you need to set if you prefer to work environment with variables instead. --html Logs additionally to an HTML file `-p.html` in the current working directory of the shell. It contains a 1:1 output of the console. In former versions there was a non-native option to use "aha" (Ansi HTML Adapter: github.com/theZiz/aha) like `testssl.sh | aha >output.html` . This is not necessary anymore. -`--htmlfile ` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in HTML format (see `--html`) additionally into a file or a directory. For further explanation see `--jsonfile` or `--logfile`. `HTMLFILE` is the variable you need to set if you prefer to work with environment variables instead. +`--htmlfile ` or `-oH ` Similar to the aforementioned `--jsonfile` or `--logfile` it logs the output in HTML format (see `--html`) additionally into a file or a directory. For further explanation see `--jsonfile` or `--logfile`. `HTMLFILE` is the variable you need to set if you prefer to work with environment variables instead. + +`-oA ` / `-oa ` Similar to nmap it does a file output to all available file formats: LOG,JSON,CSV,HTML. `-oA` does JSON pretty, `-oa` flat JSON `--hints` This option is not in use yet. This option is meant to give hints how to fix a finding or at least a help to improve something. GIVE_HINTS is the environment variable for this. diff --git a/testssl.sh b/testssl.sh index be48b5e..486adb5 100755 --- a/testssl.sh +++ b/testssl.sh @@ -12629,15 +12629,16 @@ output options (can also be preset via environment variables): file output options (can also be preset via environment variables) --log, --logging logs stdout to -p.log in current working directory (cwd) - --logfile logs stdout to -p.log if is a dir or to a specified + --logfile|-oL logs stdout to -p.log if is a dir or to a specified --json additional output of findings to flat JSON file -p.json in cwd - --jsonfile additional output to the specified flat JSON file or directory, similar to --logfile + --jsonfile|-oj additional output to the specified flat JSON file or directory, similar to --logfile --json-pretty additional JSON structured output of findings to a file -p.json in cwd - --jsonfile-pretty additional JSON structured output to the specified file or directory, similar to --logfile + --jsonfile-pretty|-oJ additional JSON structured output to the specified file or directory, similar to --logfile --csv additional output of findings to CSV file -p.csv in cwd or directory - --csvfile additional output as CSV to the specified file or directory, similar to --logfile + --csvfile|-oC additional output as CSV to the specified file or directory, similar to --logfile --html additional output as HTML to file -p.html - --htmlfile additional output as HTML to the specifed file or directory, similar to --logfile + --htmlfile|-oH additional output as HTML to the specifed file or directory, similar to --logfile + -oa/-oA similar to nmap it outputs a LOG,JSON,CSV,HTML file. -oA: JSON pretty, -oa: flat JSON --hints additional hints to findings --severity severities with lower level will be filtered for CSV+JSON, possible values --append if , , or exists rather append then overwrite. Omits any header @@ -13733,7 +13734,7 @@ create_mass_testing_cmdline() { nr_cmds+=1 else case "$cmd" in - --jsonfile|--jsonfile=*) + --jsonfile|--jsonfile=*|-oj|-oj=*) # If is a file, then have provide a different # file name to each child process. If is a # directory, then just pass it on to the child processes. @@ -13745,7 +13746,7 @@ create_mass_testing_cmdline() { MASS_TESTING_CMDLINE[nr_cmds]="$cmd" fi ;; - --jsonfile-pretty|--jsonfile-pretty=*) + --jsonfile-pretty|--jsonfile-pretty=*|-oJ|-oJ=*) if "$JSONHEADER"; then MASS_TESTING_CMDLINE[nr_cmds]="--jsonfile-pretty=$TEMPDIR/jsonfile_${test_number}.json" [[ "$cmd" == --jsonfile-pretty ]] && skip_next=true @@ -13753,7 +13754,7 @@ create_mass_testing_cmdline() { MASS_TESTING_CMDLINE[nr_cmds]="$cmd" fi ;; - --csvfile|--csvfile=*) + --csvfile|--csvfile=*|-oC|-oC=*) if "$CSVHEADER"; then MASS_TESTING_CMDLINE[nr_cmds]="--csvfile=$TEMPDIR/csvfile_${test_number}.csv" [[ "$cmd" == --csvfile ]] && skip_next=true @@ -13761,7 +13762,7 @@ create_mass_testing_cmdline() { MASS_TESTING_CMDLINE[nr_cmds]="$cmd" fi ;; - --htmlfile|--htmlfile=*) + --htmlfile|--htmlfile=*|-oH|-oH=*) if "$HTMLHEADER"; then MASS_TESTING_CMDLINE[nr_cmds]="--htmlfile=$TEMPDIR/htmlfile_${test_number}.html" [[ "$cmd" == --htmlfile ]] && skip_next=true @@ -14506,7 +14507,7 @@ parse_cmd_line() { do_logging=true ;; # DEFINITION of LOGFILE if no arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally - --logfile|--logfile=*) + --logfile|--logfile=*|-oL|-oL=*) LOGFILE="$(parse_opt_equal_sign "$1" "$2")" [[ $? -eq 0 ]] && shift do_logging=true @@ -14516,7 +14517,7 @@ parse_cmd_line() { do_json=true ;; # DEFINITION of JSONFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally - --jsonfile|--jsonfile=*) + --jsonfile|--jsonfile=*|-oj|-oj=*) $do_pretty_json && JSONHEADER=false && fatal "flat and pretty JSON output are mutually exclusive" 251 JSONFILE="$(parse_opt_equal_sign "$1" "$2")" [[ $? -eq 0 ]] && shift @@ -14526,7 +14527,7 @@ parse_cmd_line() { $do_json && JSONHEADER=false && fatal "flat and pretty JSON output are mutually exclusive" 251 do_pretty_json=true ;; - --jsonfile-pretty|--jsonfile-pretty=*) + --jsonfile-pretty|--jsonfile-pretty=*|-oJ|-oJ=*) $do_json && JSONHEADER=false && fatal "flat and pretty JSON output are mutually exclusive" 251 JSONFILE="$(parse_opt_equal_sign "$1" "$2")" [[ $? -eq 0 ]] && shift @@ -14543,7 +14544,7 @@ parse_cmd_line() { do_csv=true ;; # DEFINITION of CSVFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a log location additionally - --csvfile|--csvfile=*) + --csvfile|--csvfile=*|-oC|-oC=*) CSVFILE="$(parse_opt_equal_sign "$1" "$2")" [[ $? -eq 0 ]] && shift do_csv=true @@ -14552,11 +14553,33 @@ parse_cmd_line() { do_html=true ;; # DEFINITION of HTMLFILE is not arg specified: automagically in parse_hn_port() # following does the same but we can specify a file location additionally - --htmlfile|--htmlfile=*) + --htmlfile|--htmlfile=*|-oH|-oH=*) HTMLFILE="$(parse_opt_equal_sign "$1" "$2")" [[ $? -eq 0 ]] && shift do_html=true ;; + --outFile|--outFile|-oa|-oa=*) + HTMLFILE="$(parse_opt_equal_sign "$1" "$2").html" + CSVFILE="$(parse_opt_equal_sign "$1" "$2").csv" + JSONFILE="$(parse_opt_equal_sign "$1" "$2").json" + LOGFILE="$(parse_opt_equal_sign "$1" "$2").log" + [[ $? -eq 0 ]] && shift + do_html=true + do_json=true + do_csv=true + do_logging=true + ;; + --outfile|--outfile|-oA|-oA=*) + HTMLFILE="$(parse_opt_equal_sign "$1" "$2").html" + CSVFILE="$(parse_opt_equal_sign "$1" "$2").csv" + JSONFILE="$(parse_opt_equal_sign "$1" "$2").json" + LOGFILE="$(parse_opt_equal_sign "$1" "$2").log" + [[ $? -eq 0 ]] && shift + do_html=true + do_pretty_json=true + do_csv=true + do_logging=true + ;; --append) APPEND=true ;;