mirror of
https://github.com/drwetter/testssl.sh.git
synced 2025-01-01 06:19:44 +01:00
Dirk Wetter
GitHub
commit
e6f6bcaaa7
@ -36,7 +36,6 @@ printf "\n%s\n", "Diff unit test IPv4 against \"$uri\"";
|
|||||||
#1 run
|
#1 run
|
||||||
`$prg $check2run $uri 2>&1`;
|
`$prg $check2run $uri 2>&1`;
|
||||||
|
|
||||||
|
|
||||||
$diff = diff $socket_csv, $master_socket_csv;
|
$diff = diff $socket_csv, $master_socket_csv;
|
||||||
|
|
||||||
$socket_csv=`cat tmp.csv`;
|
$socket_csv=`cat tmp.csv`;
|
||||||
@ -54,7 +53,6 @@ $master_socket_csv=~ s/censys.io.*\n//g;
|
|||||||
$socket_csv=~ s/HTTP_headerTime.*\n//g;
|
$socket_csv=~ s/HTTP_headerTime.*\n//g;
|
||||||
$master_socket_csv=~ s/HTTP_headerTime.*\n//g;
|
$master_socket_csv=~ s/HTTP_headerTime.*\n//g;
|
||||||
|
|
||||||
|
|
||||||
# Compare the differences to the master file -- and print differences if there were detected.
|
# Compare the differences to the master file -- and print differences if there were detected.
|
||||||
#
|
#
|
||||||
cmp_ok($socket_csv, "eq", $master_socket_csv, "Check whether CSV output matches master file from $uri") or
|
cmp_ok($socket_csv, "eq", $master_socket_csv, "Check whether CSV output matches master file from $uri") or
|
||||||
|
|||||||
@ -66,7 +66,7 @@
|
|||||||
"DH_groups","testssl.sh/81.169.166.184","443","OK","Unknown DH group (2048 bits)","",""
|
"DH_groups","testssl.sh/81.169.166.184","443","OK","Unknown DH group (2048 bits)","",""
|
||||||
"HTTP_status_code","testssl.sh/81.169.166.184","443","INFO","200 OK ('/')","",""
|
"HTTP_status_code","testssl.sh/81.169.166.184","443","INFO","200 OK ('/')","",""
|
||||||
"HTTP_clock_skew","testssl.sh/81.169.166.184","443","INFO","0 seconds from localtime","",""
|
"HTTP_clock_skew","testssl.sh/81.169.166.184","443","INFO","0 seconds from localtime","",""
|
||||||
"HTTP_headerTime","testssl.sh/81.169.166.184","443","INFO","1639146981","",""
|
"HTTP_headerTime","testssl.sh/81.169.166.184","443","INFO","1653487014","",""
|
||||||
"HSTS_time","testssl.sh/81.169.166.184","443","OK","362 days (=31337000 seconds) > 15552000 seconds","",""
|
"HSTS_time","testssl.sh/81.169.166.184","443","OK","362 days (=31337000 seconds) > 15552000 seconds","",""
|
||||||
"HSTS_subdomains","testssl.sh/81.169.166.184","443","INFO","only for this domain","",""
|
"HSTS_subdomains","testssl.sh/81.169.166.184","443","INFO","only for this domain","",""
|
||||||
"HSTS_preload","testssl.sh/81.169.166.184","443","INFO","domain is NOT marked for preloading","",""
|
"HSTS_preload","testssl.sh/81.169.166.184","443","INFO","domain is NOT marked for preloading","",""
|
||||||
@ -76,7 +76,7 @@
|
|||||||
"cookie_count","testssl.sh/81.169.166.184","443","INFO","0 at '/'","",""
|
"cookie_count","testssl.sh/81.169.166.184","443","INFO","0 at '/'","",""
|
||||||
"X-Frame-Options","testssl.sh/81.169.166.184","443","OK","DENY","",""
|
"X-Frame-Options","testssl.sh/81.169.166.184","443","OK","DENY","",""
|
||||||
"X-Content-Type-Options","testssl.sh/81.169.166.184","443","OK","nosniff","",""
|
"X-Content-Type-Options","testssl.sh/81.169.166.184","443","OK","nosniff","",""
|
||||||
"Content-Security-Policy","testssl.sh/81.169.166.184","443","OK","script-src 'unsafe-inline'; style-src 'unsafe-inline' 'self'; default-src 'self' ; child-src 'none'; object-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests","",""
|
"Content-Security-Policy","testssl.sh/81.169.166.184","443","OK","script-src 'unsafe-inline'; style-src 'unsafe-inline' 'self'; object-src 'self'; base-uri 'none'; form-action 'none'; img-src 'self' ; default-src 'self'; frame-ancestors 'self'; upgrade-insecure-requests;","",""
|
||||||
"banner_reverseproxy","testssl.sh/81.169.166.184","443","INFO","--","","CWE-200"
|
"banner_reverseproxy","testssl.sh/81.169.166.184","443","INFO","--","","CWE-200"
|
||||||
"heartbleed","testssl.sh/81.169.166.184","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
|
"heartbleed","testssl.sh/81.169.166.184","443","OK","not vulnerable, no heartbeat extension","CVE-2014-0160","CWE-119"
|
||||||
"CCS","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2014-0224","CWE-310"
|
"CCS","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2014-0224","CWE-310"
|
||||||
@ -91,7 +91,7 @@
|
|||||||
"SWEET32","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327"
|
"SWEET32","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2016-2183 CVE-2016-6329","CWE-327"
|
||||||
"FREAK","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2015-0204","CWE-310"
|
"FREAK","testssl.sh/81.169.166.184","443","OK","not vulnerable","CVE-2015-0204","CWE-310"
|
||||||
"DROWN","testssl.sh/81.169.166.184","443","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
|
"DROWN","testssl.sh/81.169.166.184","443","OK","not vulnerable on this host and port","CVE-2016-0800 CVE-2016-0703","CWE-310"
|
||||||
"DROWN_hint","testssl.sh/81.169.166.184","443","INFO","Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&sort=RELEVANCE&virtual_hosts=INCLUDE&?q=31B44391529821C6A77F3C78B02D716A07F99B8FDB342BF5A78F263C25375968","CVE-2016-0800 CVE-2016-0703","CWE-310"
|
"DROWN_hint","testssl.sh/81.169.166.184","443","INFO","Make sure you don't use this certificate elsewhere with SSLv2 enabled services, see https://search.censys.io/search?resource=hosts&virtual_hosts=INCLUDE&q=31B44391529821C6A77F3C78B02D716A07F99B8FDB342BF5A78F263C25375968","CVE-2016-0800 CVE-2016-0703","CWE-310"
|
||||||
"LOGJAM","testssl.sh/81.169.166.184","443","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310"
|
"LOGJAM","testssl.sh/81.169.166.184","443","OK","not vulnerable, no DH EXPORT ciphers,","CVE-2015-4000","CWE-310"
|
||||||
"LOGJAM-common_primes","testssl.sh/81.169.166.184","443","OK","--","CVE-2015-4000","CWE-310"
|
"LOGJAM-common_primes","testssl.sh/81.169.166.184","443","OK","--","CVE-2015-4000","CWE-310"
|
||||||
"BEAST_CBC_TLS1","testssl.sh/81.169.166.184","443","MEDIUM","ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA","CVE-2011-3389","CWE-20"
|
"BEAST_CBC_TLS1","testssl.sh/81.169.166.184","443","MEDIUM","ECDHE-RSA-AES256-SHA ECDHE-RSA-AES128-SHA DHE-RSA-CAMELLIA256-SHA DHE-RSA-CAMELLIA128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA","CVE-2011-3389","CWE-20"
|
||||||
|
|||||||
13
testssl.sh
13
testssl.sh
@ -16705,6 +16705,7 @@ run_crime() {
|
|||||||
|
|
||||||
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CRIME vulnerability " && outln
|
[[ $VULN_COUNT -le $VULN_THRESHLD ]] && outln && pr_headlineln " Testing for CRIME vulnerability " && outln
|
||||||
pr_bold " CRIME, TLS " ; out "($cve) "
|
pr_bold " CRIME, TLS " ; out "($cve) "
|
||||||
|
jsonID="CRIME_TLS"
|
||||||
|
|
||||||
if "$TLS13_ONLY"; then
|
if "$TLS13_ONLY"; then
|
||||||
pr_svrty_best "not vulnerable (OK)"
|
pr_svrty_best "not vulnerable (OK)"
|
||||||
@ -16717,7 +16718,7 @@ run_crime() {
|
|||||||
if ! "$HAS_ZLIB"; then
|
if ! "$HAS_ZLIB"; then
|
||||||
if "$SSL_NATIVE"; then
|
if "$SSL_NATIVE"; then
|
||||||
prln_local_problem "$OPENSSL lacks zlib support"
|
prln_local_problem "$OPENSSL lacks zlib support"
|
||||||
fileout "CRIME_TLS" "WARN" "CRIME, TLS: Not tested. $OPENSSL lacks zlib support" "$cve" "$cwe"
|
fileout "$jsonID" "WARN" "CRIME, TLS: Not tested. $OPENSSL lacks zlib support" "$cve" "$cwe"
|
||||||
return 1
|
return 1
|
||||||
else
|
else
|
||||||
tls_sockets "03" "$TLS12_CIPHER" "" "" "true"
|
tls_sockets "03" "$TLS12_CIPHER" "" "" "true"
|
||||||
@ -16735,23 +16736,23 @@ run_crime() {
|
|||||||
|
|
||||||
if [[ $sclient_success -ne 0 ]]; then
|
if [[ $sclient_success -ne 0 ]]; then
|
||||||
pr_warning "test failed (couldn't connect)"
|
pr_warning "test failed (couldn't connect)"
|
||||||
fileout "CRIME_TLS" "WARN" "Check failed, couldn't connect" "$cve" "$cwe"
|
fileout "$jsonID" "WARN" "Check failed, couldn't connect" "$cve" "$cwe"
|
||||||
ret=1
|
ret=1
|
||||||
elif grep -a Compression $TMPFILE | grep -aq NONE >/dev/null; then
|
elif grep -a Compression $TMPFILE | grep -aq NONE >/dev/null; then
|
||||||
pr_svrty_good "not vulnerable (OK)"
|
pr_svrty_good "not vulnerable (OK)"
|
||||||
if [[ $SERVICE != HTTP ]] && [[ "$CLIENT_AUTH" != required ]]; then
|
if [[ $SERVICE != HTTP ]] && [[ "$CLIENT_AUTH" != required ]]; then
|
||||||
out " (not using HTTP anyway)"
|
out " (not using HTTP anyway)"
|
||||||
fileout "CRIME_TLS" "OK" "not vulnerable (not using HTTP anyway)" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "not vulnerable (not using HTTP anyway)" "$cve" "$cwe"
|
||||||
else
|
else
|
||||||
fileout "CRIME_TLS" "OK" "not vulnerable" "$cve" "$cwe"
|
fileout "$jsonID" "OK" "not vulnerable" "$cve" "$cwe"
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
if [[ $SERVICE == HTTP ]] || [[ "$CLIENT_AUTH" == required ]]; then
|
if [[ $SERVICE == HTTP ]] || [[ "$CLIENT_AUTH" == required ]]; then
|
||||||
pr_svrty_high "VULNERABLE (NOT ok)"
|
pr_svrty_high "VULNERABLE (NOT ok)"
|
||||||
fileout "CRIME_TLS" "HIGH" "VULNERABLE" "$cve" "$cwe" "$hint"
|
fileout "$jsonID" "HIGH" "VULNERABLE" "$cve" "$cwe" "$hint"
|
||||||
else
|
else
|
||||||
pr_svrty_medium "VULNERABLE but not using HTTP: probably no exploit known"
|
pr_svrty_medium "VULNERABLE but not using HTTP: probably no exploit known"
|
||||||
fileout "CRIME_TLS" "MEDIUM" "VULNERABLE, but not using HTTP. Probably no exploit known" "$cve" "$cwe" "$hint"
|
fileout "$jsonID" "MEDIUM" "VULNERABLE, but not using HTTP. Probably no exploit known" "$cve" "$cwe" "$hint"
|
||||||
# not clear whether a protocol != HTTP offers the ability to repeatedly modify the input
|
# not clear whether a protocol != HTTP offers the ability to repeatedly modify the input
|
||||||
# which is done e.g. via javascript in the context of HTTP
|
# which is done e.g. via javascript in the context of HTTP
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user