mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-11 03:00:57 +01:00
#618 Argument separation in CSV/flat JSON
This commit is contained in:
AlGreed
parent
1afebe79d1
commit
e16416e11e
43
testssl.sh
43
testssl.sh
@ -760,8 +760,17 @@ fileout() {
|
|||||||
if ( "$do_pretty_json" && [[ "$1" == "service" ]] ) || show_finding "$severity"; then
|
if ( "$do_pretty_json" && [[ "$1" == "service" ]] ) || show_finding "$severity"; then
|
||||||
local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")")
|
local finding=$(strip_lf "$(newline_to_spaces "$(strip_quote "$3")")")
|
||||||
[[ -f "$JSONFILE" ]] && (fileout_json_finding "$1" "$severity" "$finding" "$cve" "$cwe" "$hint")
|
[[ -f "$JSONFILE" ]] && (fileout_json_finding "$1" "$severity" "$finding" "$cve" "$cwe" "$hint")
|
||||||
"$do_csv" && \
|
|
||||||
|
if "$do_csv"; then
|
||||||
|
if "$do_test_just_one"; then
|
||||||
|
if [[ "$1" != "service" ]]; then
|
||||||
|
read hexcode opensll_csn kx encyption bits rfc_csn availability <<< "$3"
|
||||||
|
echo -e \""$1\"",\"$NODE/$NODEIP\",\"$PORT"\",\""$severity"\",\""$hexcode\",\"$opensll_csn\",\"$kx\",\"$encyption\",\"$bits\",\"$rfc_csn\",\"$availability"\",\""$cve"\",\""$cwe"\",\""$hint"\"" >> "$CSVFILE"
|
||||||
|
fi
|
||||||
|
else
|
||||||
echo -e \""$1\"",\"$NODE/$NODEIP\",\"$PORT"\",\""$severity"\",\""$finding"\",\""$cve"\",\""$cwe"\",\""$hint"\"" >> "$CSVFILE"
|
echo -e \""$1\"",\"$NODE/$NODEIP\",\"$PORT"\",\""$severity"\",\""$finding"\",\""$cve"\",\""$cwe"\",\""$hint"\"" >> "$CSVFILE"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
"$FIRST_FINDING" && FIRST_FINDING=false
|
"$FIRST_FINDING" && FIRST_FINDING=false
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
@ -841,7 +850,11 @@ csv_header() {
|
|||||||
CSVHEADER=false
|
CSVHEADER=false
|
||||||
else
|
else
|
||||||
[[ -e "$CSVFILE" ]] && fatal "\"$CSVFILE\" exists. Either use \"--append\" or (re)move it" 1
|
[[ -e "$CSVFILE" ]] && fatal "\"$CSVFILE\" exists. Either use \"--append\" or (re)move it" 1
|
||||||
echo "\"id\",\"fqdn/ip\",\"port\",\"severity\",\"finding\",\"cve\",\"cwe\",\"hint\"" > "$CSVFILE"
|
if "$do_test_just_one"; then
|
||||||
|
echo "\"ID\",\"FQDN/IP\",\"Port\",\"Severity\",\"Hexcode\",\"OpenSSL CSN\",\"Key Exchange\",\"Encryption\",\"Bits\",\"RFC CSN\",\"Availability\",\"CVE\",\"CWE\",\"Hint\"" > "$CSVFILE"
|
||||||
|
else
|
||||||
|
echo "\"ID\",\"FQDN/IP\",\"Port\",\"Severity\",\"Finding\",\"CVE\",\"CWE\",\"Hint\"" > "$CSVFILE"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
@ -2416,7 +2429,7 @@ neat_list(){
|
|||||||
fi
|
fi
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
read what_dh bits <<< "$kx"
|
read what_dh bits <<< "$(echo "$kx" | awk -F"(" '{a=$1" ("$2; print a}')"
|
||||||
len=${#kx}
|
len=${#kx}
|
||||||
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
if [[ "$DISPLAY_CIPHERNAMES" =~ rfc ]]; then
|
||||||
out "$(printf -- " %-7s %-49s " "$hexcode" "$tls_cipher")"
|
out "$(printf -- " %-7s %-49s " "$hexcode" "$tls_cipher")"
|
||||||
@ -2623,7 +2636,7 @@ test_just_one(){
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
"$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -2681,7 +2694,7 @@ test_just_one(){
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
"$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -2867,7 +2880,7 @@ run_allciphers() {
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
"$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -2930,7 +2943,7 @@ run_allciphers() {
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
"$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
fi
|
fi
|
||||||
@ -3150,7 +3163,7 @@ run_cipher_per_proto() {
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
"$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -3216,7 +3229,7 @@ run_cipher_per_proto() {
|
|||||||
fi
|
fi
|
||||||
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
if [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]]; then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
"$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -6240,7 +6253,7 @@ run_pfs() {
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if "$WIDE"; then
|
if "$WIDE"; then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -6266,7 +6279,7 @@ run_pfs() {
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if "$WIDE"; then
|
if "$WIDE"; then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -9870,7 +9883,7 @@ run_beast(){
|
|||||||
vuln_beast=true
|
vuln_beast=true
|
||||||
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -9901,7 +9914,7 @@ run_beast(){
|
|||||||
vuln_beast=true
|
vuln_beast=true
|
||||||
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -10193,7 +10206,7 @@ run_rc4() {
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
||||||
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
dhlen=$(read_dhbits_from_file "$TMPFILE" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
"$WIDE" && "$SHOW_SIGALGO" && grep -q "\-\-\-\-\-BEGIN CERTIFICATE\-\-\-\-\-" $TMPFILE && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in $TMPFILE | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
@ -10239,7 +10252,7 @@ run_rc4() {
|
|||||||
ciphers_found[i]=true
|
ciphers_found[i]=true
|
||||||
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
if "$WIDE" && ( [[ ${kx[i]} == "Kx=ECDH" ]] || [[ ${kx[i]} == "Kx=DH" ]] || [[ ${kx[i]} == "Kx=EDH" ]] ); then
|
||||||
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
dhlen=$(read_dhbits_from_file "$TEMPDIR/$NODEIP.parse_tls_serverhello.txt" quiet)
|
||||||
kx[i]="${kx[i]} $dhlen"
|
kx[i]="${kx[i]}($dhlen)"
|
||||||
fi
|
fi
|
||||||
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
"$WIDE" && "$SHOW_SIGALGO" && [[ -r "$HOSTCERT" ]] && \
|
||||||
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
sigalg[i]="$($OPENSSL x509 -noout -text -in "$HOSTCERT" | awk -F':' '/Signature Algorithm/ { print $2 }' | head -1)"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user