Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-17 09:22:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2851 from testssl/fix_2847

Browse Source 
Fix port and block problem for Opossum
This commit is contained in:
Dirk Wetter
2025-07-20 18:05:19 +02:00
committed by GitHub
parent 35cb521ef2 e09d79aad9
commit e62949d39d
1 changed files with 46 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
testssl.sh
View File

@ -1923,50 +1923,57 @@ http_head() {
# arg2: extra http header # arg2: extra http header
# #
# return codes: # return codes:
# 0: all fine # 0: all fine (response header is returned as string)
# 1: server dind't respond within HEADER_MAXSLEEP # 1: server didn't respond within HEADER_MAXSLEEP
# 3: server dind't respond within HEADER_MAXSLEEP and PROXY was defined # 3: server didn't respond within HEADER_MAXSLEEP and PROXY was defined
# #
http_header_printf() { http_head_printf() {
local request_header="$2" local request_header="$2"
local useragent="$UA_STD" local useragent="$UA_STD"
local tmpfile=$TEMPDIR/$NODE.$NODEIP.http_header_printf.log local tmpfile=$TEMPDIR/$NODE.$NODEIP.http_head_printf.log
local errfile=$TEMPDIR/$NODE.$NODEIP.http_header_printf-err.log local errfile=$TEMPDIR/$NODE.$NODEIP.http_head_printf-err.log
local -i ret=0 local -i ret=0
local proto="" foo="" node="" query="" local proto="" foo="" node="" query=""
[[ $DEBUG -eq 0 ]] && errfile=/dev/null [[ $DEBUG -eq 0 ]] && errfile=/dev/null
IFS=/ read -r proto foo node query <<< "$1" IFS=/ read -r proto foo node query <<< "$1"
exec 33<>/dev/tcp/$node/80 node=${node%:*}
printf -- "%b" "HEAD ${proto}//${node}/${query} HTTP/1.1\r\nUser-Agent: ${useragent}\r\nHost: ${node}\r\n${request_header}\r\nAccept: */*\r\n\r\n\r\n" >&33 2>$errfile & # $node works here good as it connects via IPv6 first, then IPv4.
# This is a subshell, so fd 8 is not inherited
bash -c "exec 8<>/dev/tcp/$node/80" 2>/dev/null &
wait_kill $! $HEADER_MAXSLEEP wait_kill $! $HEADER_MAXSLEEP
if [[ $? -ne 0 ]]; then if [[ $? -ne 3 ]]; then
# not killed # process with pid !$ wasn't killed but was that a reject? So we try again
if [[ -n "$PROXY" ]]; then # to make sure there wasn't a TCP reset
ret=3 bash -c "exec 8<>/dev/tcp/$node/80" 2>/dev/null
fi if [[ $? -eq 0 ]]; then
ret=1 exec 33<>/dev/tcp/$node/80
else # not killed --> socket open. Now we connect to the virtual host "$node"
printf -- "%b" "HEAD ${proto}//${node}/${query} HTTP/1.1\r\nUser-Agent: ${useragent}\r\nHost: ${node}\r\n${request_header}\r\nAccept: */*\r\n\r\n\r\n" >&33 2>$errfile
ret=0 ret=0
fi
if [[ $DEBUG -eq 0 ]] ; then if [[ $DEBUG -eq 0 ]] ; then
cat <&33 cat <&33
else else
cat <&33 >$tmpfile cat <&33 >$tmpfile
cat $tmpfile cat $tmpfile
fi fi
else
if [[ -n "$PROXY" ]]; then
ret=3
else
ret=1
fi
fi
exec 33<&- exec 33<&-
exec 33>&- exec 33>&-
fi
return $ret return $ret
} }
ldap_get() { ldap_get() {
local ldif local ldif
local -i success
local crl="$1"
local tmpfile="$2"
local jsonID="$3" local jsonID="$3"
if type -p curl &>/dev/null; then if type -p curl &>/dev/null; then
@ -17704,18 +17711,24 @@ run_opossum() {
case $service in case $service in
HTTP) HTTP)
uri=${URI/https:\/\//} uri=${URI/https:\/\//}
response=$(http_header_printf http://${uri} 'Upgrade: TLS/1.0\r\n\r\nClose\r\n') response=$(http_head_printf http://${uri} 'Upgrade: TLS/1.0\r\n\r\nClose\r\n')
# In any case we use $response but we handle the return codes # In any case we use $response but we handle the return codes
case $? in # 0: connection was fine, 1 or 3: no http connection
0) ret=0 ;; ret=$?
1|3) ret=7 ;; # got stuck
esac
if [[ $response =~ Upgrade:\ TLS ]]; then if [[ $response =~ Upgrade:\ TLS ]]; then
prln_svrty_high "VULNERABLE (NOT ok)" prln_svrty_high "VULNERABLE (NOT ok)"
fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint" fileout "$jsonID" "CRITICAL" "VULNERABLE" "$cve" "$cwe" "$hint"
else elif [[ $ret -eq 0 ]]; then
prln_svrty_good "not vulnerable (OK)" prln_svrty_good "not vulnerable (OK)"
fileout "$jsonID" "OK" "not vulnerable $append" "$cve" "$cwe" fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
else
if [[ $ret -eq 3 ]]; then
prln_local_problem "direct connection to port 80 failed, better try without proxy"
fileout "$jsonID" "WARN" "direct connection to port 80 failed, try w/o no proxy" "$cve" "$cwe"
else
outln "connection to port 80 failed"
fileout "$jsonID" "INFO" "connection to port 80 failed" "$cve" "$cwe"
fi
fi fi
;; ;;
IMAP|FTP|POP3|SMTP|LMTP|NNTP) IMAP|FTP|POP3|SMTP|LMTP|NNTP)