Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-29 04:49:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2186 from drwetter/censys_fix_2127

Browse Source 
Fix censys link in DROWN section
This commit is contained in:
Dirk Wetter 2022-05-14 13:57:46 +02:00 committed by GitHub
commit d931eb470c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
t/32_isHTML_valid.t
View File

@ -35,7 +35,7 @@ unlink 'tmp.html';
# Remove the HTML footer
$edited_html =~ s/\n\<\/pre\>\n\<\/body\>\n\<\/html\>//;
# Remove any hypertext links for URLs
$edited_html =~ s/<a href=[0-9A-Za-z ";:=\/\.\?\-]*>//g;
$edited_html =~ s/<a href=[0-9A-Za-z ";:_&=\/\.\?\-]*>//g;
$edited_html =~ s/<\/a>//g;
# Replace escaped characters with their original text

2
t/baseline_data/default_testssl.csvfile
View File

@ -91,7 +91,7 @@
"SWEET32","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327"
"FREAK","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2015-0204","CWE-310"
"DROWN","testssl.sh/81.169.166.184","443","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
"DROWN_hint","testssl.sh/81.169.166.184","443","INFO","Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=317383D12511E625564E8C850DD7494CAC6903ECAD7394055A5D3FB5E6EFB402","CVE-2016-0800 CVE-2016-0703","CWE-310"
"DROWN_hint","testssl.sh/81.169.166.184","443","INFO","Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&sort=RELEVANCE&virtual_hosts=INCLUDE&?q=31B44391529821C6A77F3C78B02D716A07F99B8FDB342BF5A78F263C25375968","CVE-2016-0800 CVE-2016-0703","CWE-310"
"LOGJAM","testssl.sh/81.169.166.184","443","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310"
"LOGJAM-common_primes","testssl.sh/81.169.166.184","443","OK","--","CVE-2015-4000","CWE-310"
"BEAST_CBC_TLS1","testssl.sh/81.169.166.184","443","MEDIUM","ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA","CVE-2011-3389","CWE-20"

16
testssl.sh
View File

@ -17802,6 +17802,7 @@ run_drown() {
local cwe="CWE-310"
local hint=""
local jsonID="DROWN"
local censys_host_url="https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE"
if [[ $VULN_COUNT -le $VULN_THRESHLD ]]; then
outln
@ -17827,6 +17828,7 @@ run_drown() {
return 1
fi
censys_host_url="$censys_host_url&q=$cert_fingerprint_sha2"
if [[ $(has_server_protocol ssl2) -ne 1 ]]; then
sslv2_sockets
else
@ -17849,26 +17851,26 @@ run_drown() {
nr_ciphers_detected=$((V2_HELLO_CIPHERSPEC_LENGTH / 3))
if [[ 0 -eq "$nr_ciphers_detected" ]]; then
prln_svrty_high "CVE-2015-3197: SSLv2 supported but couldn't detect a cipher (NOT ok)";
fileout "$jsonID" "HIGH" "SSLv2 offered, but could not detect a cipher. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve CVE-2015-3197" "$cwe" "$hint"
fileout "$jsonID" "HIGH" "SSLv2 offered, but could not detect a cipher. Make sure you don't use this certificate elsewhere, see $censys_host_url" "$cve CVE-2015-3197" "$cwe" "$hint"
else
prln_svrty_critical "VULNERABLE (NOT ok), SSLv2 offered with $nr_ciphers_detected ciphers";
fileout "$jsonID" "CRITICAL" "VULNERABLE, SSLv2 offered with $nr_ciphers_detected ciphers. Make sure you don't use this certificate elsewhere, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve" "$cwe" "$hint"
fileout "$jsonID" "CRITICAL" "VULNERABLE, SSLv2 offered with $nr_ciphers_detected ciphers. Make sure you don't use this certificate elsewhere, see $censys_host_url" "$cve" "$cwe" "$hint"
set_grade_cap "F" "Vulnerable to DROWN"
fi
outln "$spaces Make sure you don't use this certificate elsewhere, see:"
out "$spaces "
pr_url "https://censys.io/ipv4?q=$cert_fingerprint_sha2"
pr_url "$censys_host_url"
outln
fi
;;
*) prln_svrty_best "not vulnerable on this host and port (OK)"
fileout "$jsonID" "OK" "not vulnerable on this host and port" "$cve" "$cwe"
if [[ -n "$cert_fingerprint_sha2" ]]; then
outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services"
outln "$spaces make sure you don't use this certificate elsewhere with SSLv2 enabled services, see"
out "$spaces "
pr_url "https://censys.io/ipv4?q=$cert_fingerprint_sha2"
outln " could help you to find out"
fileout "${jsonID}_hint" "INFO" "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://censys.io/ipv4?q=$cert_fingerprint_sha2" "$cve" "$cwe"
pr_url "$censys_host_url"
outln
fileout "${jsonID}_hint" "INFO" "Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see $censys_host_url" "$cve" "$cwe"
else
outln "$spaces no RSA certificate, thus certificate can't be used with SSLv2 elsewhere"
fileout "${jsonID}_hint" "INFO" "no RSA certificate, can't be used with SSLv2 elsewhere" "$cve" "$cwe"