renamed pr_green to pr_done_best

This commit is contained in:
Thomas Martens 2016-03-01 20:39:30 +01:00
parent 2686f8cdb4
commit ff9f1632e4

View File

@ -341,8 +341,8 @@ pr_greyln() { pr_grey "$1"; outln; }
pr_done_good() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[0;34m$1" || out "\033[0;32m$1" ) || out "$1"; pr_off; } # This is good pr_done_good() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[0;34m$1" || out "\033[0;32m$1" ) || out "$1"; pr_off; } # This is good
pr_done_goodln() { pr_done_good "$1"; outln; } pr_done_goodln() { pr_done_good "$1"; outln; }
pr_green() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;34m$1" || out "\033[1;32m$1" ) || out "$1"; pr_off; } # This is the best pr_done_best() { [[ "$COLOR" -eq 2 ]] && ( "$COLORBLIND" && out "\033[1;34m$1" || out "\033[1;32m$1" ) || out "$1"; pr_off; } # This is the best
pr_greenln() { pr_green "$1"; outln; } pr_done_bestln() { pr_done_best "$1"; outln; }
pr_yellow() { [[ "$COLOR" -eq 2 ]] && out "\033[1;33m$1" || out "$1"; pr_off; } # academic or minor problem pr_yellow() { [[ "$COLOR" -eq 2 ]] && out "\033[1;33m$1" || out "$1"; pr_off; } # academic or minor problem
pr_yellowln() { pr_yellow "$1"; outln; } pr_yellowln() { pr_yellow "$1"; outln; }
@ -1355,7 +1355,7 @@ std_cipherlists() {
case $3 in case $3 in
0) # ok to offer 0) # ok to offer
if [[ $sclient_success -eq 0 ]]; then if [[ $sclient_success -eq 0 ]]; then
pr_greenln "offered (OK)" pr_done_bestln "offered (OK)"
fileout "std_$4" "OK" "$2 offered (OK)" fileout "std_$4" "OK" "$2 offered (OK)"
else else
pr_brownln "not offered (NOT ok)" pr_brownln "not offered (NOT ok)"
@ -1367,7 +1367,7 @@ std_cipherlists() {
pr_svrty_criticalln "offered (NOT ok)" pr_svrty_criticalln "offered (NOT ok)"
fileout "std_$4" "NOT OK" "$2 offered (NOT ok) - ugly" fileout "std_$4" "NOT OK" "$2 offered (NOT ok) - ugly"
else else
pr_greenln "not offered (OK)" pr_done_bestln "not offered (OK)"
fileout "std_$4" "OK" "$2 not offered (OK)" fileout "std_$4" "OK" "$2 not offered (OK)"
fi fi
;; ;;
@ -2143,7 +2143,7 @@ run_protocols() {
fileout "sslv2" "NOT OK" "SSLv2 is offered (NOT ok)" fileout "sslv2" "NOT OK" "SSLv2 is offered (NOT ok)"
;; ;;
1) 1)
pr_greenln "not offered (OK)" pr_done_bestln "not offered (OK)"
fileout "sslv2" "OK" "SSLv2 is not offered (OK)" fileout "sslv2" "OK" "SSLv2 is not offered (OK)"
;; ;;
5) 5)
@ -2169,7 +2169,7 @@ run_protocols() {
fileout "sslv3" "NOT OK" "SSLv3 is offered (NOT ok)" fileout "sslv3" "NOT OK" "SSLv3 is offered (NOT ok)"
;; ;;
1) 1)
pr_greenln "not offered (OK)" pr_done_bestln "not offered (OK)"
fileout "sslv3" "OK" "SSLv3 is not offered (OK)" fileout "sslv3" "OK" "SSLv3 is not offered (OK)"
;; ;;
2) 2)
@ -2254,7 +2254,7 @@ run_protocols() {
fi fi
case $? in case $? in
0) 0)
pr_greenln "offered (OK)" pr_done_bestln "offered (OK)"
fileout "tls1_2" "OK" "TLSv1.2 is offered (OK)" fileout "tls1_2" "OK" "TLSv1.2 is offered (OK)"
;; # GCM cipher in TLS 1.2: very good! ;; # GCM cipher in TLS 1.2: very good!
1) 1)
@ -2407,7 +2407,7 @@ run_server_preference() {
remark4default_cipher=" (limited sense as client will pick)" remark4default_cipher=" (limited sense as client will pick)"
fileout "order" "NOT OK" "Server does NOT set a cipher order (NOT ok)" fileout "order" "NOT OK" "Server does NOT set a cipher order (NOT ok)"
else else
pr_green "yes (OK)" pr_done_best "yes (OK)"
remark4default_cipher="" remark4default_cipher=""
fileout "order" "OK" "Server sets a cipher order (OK)" fileout "order" "OK" "Server sets a cipher order (OK)"
fi fi
@ -2424,7 +2424,7 @@ run_server_preference() {
default_proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g') default_proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
case "$default_proto" in case "$default_proto" in
*TLSv1.2) *TLSv1.2)
pr_greenln $default_proto pr_done_bestln $default_proto
fileout "order_proto" "OK" "Default protocol TLS1.2 (OK)" fileout "order_proto" "OK" "Default protocol TLS1.2 (OK)"
;; ;;
*TLSv1.1) *TLSv1.1)
@ -2475,7 +2475,7 @@ run_server_preference() {
fileout "order_cipher" "NOT OK" "Default cipher: $default_cipher$(read_dhbits_from_file "$TMPFILE") (NOT ok) $remark4default_cipher" fileout "order_cipher" "NOT OK" "Default cipher: $default_cipher$(read_dhbits_from_file "$TMPFILE") (NOT ok) $remark4default_cipher"
;; # FIXME BEAST: We miss some CBC ciphers here, need to work w/ a list ;; # FIXME BEAST: We miss some CBC ciphers here, need to work w/ a list
*GCM*|*CHACHA20*) *GCM*|*CHACHA20*)
pr_green "$default_cipher" pr_done_best "$default_cipher"
fileout "order_cipher" "OK" "Default cipher: $default_cipher$(read_dhbits_from_file "$TMPFILE") (OK) $remark4default_cipher" fileout "order_cipher" "OK" "Default cipher: $default_cipher$(read_dhbits_from_file "$TMPFILE") (OK) $remark4default_cipher"
;; # best ones ;; # best ones
ECDHE*AES*) ECDHE*AES*)
@ -3464,7 +3464,7 @@ run_pfs() {
neat_list $HEXC $pfs_cipher "$kx" $enc $strength neat_list $HEXC $pfs_cipher "$kx" $enc $strength
if [[ "$SHOW_EACH_C" -ne 0 ]]; then if [[ "$SHOW_EACH_C" -ne 0 ]]; then
if [[ $sclient_success -eq 0 ]]; then if [[ $sclient_success -eq 0 ]]; then
pr_green "works" pr_done_best "works"
else else
out "not a/v" out "not a/v"
fi fi
@ -3988,12 +3988,12 @@ sslv2_sockets() {
fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 replay (rerun with DEBUG>=2)" fileout "sslv2" "WARN" "SSLv2: received a strange SSLv2 replay (rerun with DEBUG>=2)"
;; ;;
1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP! 1) # no sslv2 server hello returned, like in openlitespeed which returns HTTP!
pr_greenln "not offered (OK)" pr_done_bestln "not offered (OK)"
ret=0 ret=0
fileout "sslv2" "OK" "SSLv2 not offered (OK)" fileout "sslv2" "OK" "SSLv2 not offered (OK)"
;; ;;
0) # reset 0) # reset
pr_greenln "not offered (OK)" pr_done_bestln "not offered (OK)"
ret=0 ret=0
fileout "sslv2" "OK" "SSLv2 not offered (OK)" fileout "sslv2" "OK" "SSLv2 not offered (OK)"
;; ;;
@ -4234,7 +4234,7 @@ run_heartbleed(){
[[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions [[ -z "$TLS_EXTENSIONS" ]] && determine_tls_extensions
if ! grep -q heartbeat <<< "$TLS_EXTENSIONS"; then if ! grep -q heartbeat <<< "$TLS_EXTENSIONS"; then
pr_green "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
outln " (no heartbeat extension)" outln " (no heartbeat extension)"
fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK) (no heartbeat extension)" fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK) (no heartbeat extension)"
return 0 return 0
@ -4337,7 +4337,7 @@ run_heartbleed(){
fi fi
ret=1 ret=1
else else
pr_green "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
if [[ $retval -eq 3 ]]; then if [[ $retval -eq 3 ]]; then
fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK) (timed out)" fileout "heartbleed" "OK" "Heartbleed (CVE-2014-0160): not vulnerable (OK) (timed out)"
else else
@ -4355,7 +4355,7 @@ run_heartbleed(){
# helper function # helper function
ok_ids(){ ok_ids(){
pr_greenln "\n ok -- something resetted our ccs packets" pr_done_bestln "\n ok -- something resetted our ccs packets"
return 0 return 0
} }
@ -4458,7 +4458,7 @@ run_ccs_injection(){
debugme echo "lines: $lines, byte6: $byte6" debugme echo "lines: $lines, byte6: $byte6"
if [[ "$byte6" == "0a" ]] || [[ "$lines" -gt 1 ]]; then if [[ "$byte6" == "0a" ]] || [[ "$lines" -gt 1 ]]; then
pr_green "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
if [[ $retval -eq 3 ]]; then if [[ $retval -eq 3 ]]; then
fileout "ccs" "OK" "CCS (CVE-2014-0224): not vulnerable (OK) (timed out)" fileout "ccs" "OK" "CCS (CVE-2014-0224): not vulnerable (OK) (timed out)"
else else
@ -4503,7 +4503,7 @@ run_renego() {
fileout "secure_renego" "NOT OK" "Secure Renegotiation (CVE-2009-3555) : VULNERABLE (NOT ok)" fileout "secure_renego" "NOT OK" "Secure Renegotiation (CVE-2009-3555) : VULNERABLE (NOT ok)"
;; ;;
1) 1)
pr_greenln "not vulnerable (OK)" pr_done_bestln "not vulnerable (OK)"
fileout "secure_renego" "OK" "Secure Renegotiation (CVE-2009-3555) : not vulnerable (OK)" fileout "secure_renego" "OK" "Secure Renegotiation (CVE-2009-3555) : not vulnerable (OK)"
;; ;;
*) *)
@ -4648,7 +4648,7 @@ run_crime() {
# STR=$(grep Compression $TMPFILE ) # STR=$(grep Compression $TMPFILE )
# if echo $STR | grep -q NONE >/dev/null; then # if echo $STR | grep -q NONE >/dev/null; then
# pr_green "not vulnerable (OK)" # pr_done_best "not vulnerable (OK)"
# ret=$((ret + 0)) # ret=$((ret + 0))
# else # else
# pr_svrty_critical "VULNERABLE (NOT ok)" # pr_svrty_critical "VULNERABLE (NOT ok)"
@ -4706,7 +4706,7 @@ run_breach() {
pr_litemagenta ") " pr_litemagenta ") "
ret=3 ret=3
elif [[ -z $result ]]; then elif [[ -z $result ]]; then
pr_green "no HTTP compression (OK) " pr_done_best "no HTTP compression (OK) "
outln "$disclaimer" outln "$disclaimer"
fileout "breach" "OK" "BREACH (CVE-2013-3587) : no HTTP compression (OK) $disclaimer" fileout "breach" "OK" "BREACH (CVE-2013-3587) : no HTTP compression (OK) $disclaimer"
ret=0 ret=0
@ -4744,7 +4744,7 @@ run_ssl_poodle() {
pr_svrty_high "VULNERABLE (NOT ok)"; out ", uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)" pr_svrty_high "VULNERABLE (NOT ok)"; out ", uses SSLv3+CBC (check TLS_FALLBACK_SCSV mitigation below)"
fileout "poodle_ssl" "NOT OK" "POODLE, SSL (CVE-2014-3566) : VULNERABLE (NOT ok), uses SSLv3+CBC (check if TLS_FALLBACK_SCSV mitigation is used)" fileout "poodle_ssl" "NOT OK" "POODLE, SSL (CVE-2014-3566) : VULNERABLE (NOT ok), uses SSLv3+CBC (check if TLS_FALLBACK_SCSV mitigation is used)"
else else
pr_green "not vulnerable (OK)" pr_done_best "not vulnerable (OK)"
fileout "poodle_ssl" "OK" "POODLE, SSL (CVE-2014-3566) : not vulnerable (OK)" fileout "poodle_ssl" "OK" "POODLE, SSL (CVE-2014-3566) : not vulnerable (OK)"
fi fi
outln outln
@ -4857,7 +4857,7 @@ run_freak() {
pr_svrty_critical "VULNERABLE (NOT ok)"; out ", uses EXPORT RSA ciphers" pr_svrty_critical "VULNERABLE (NOT ok)"; out ", uses EXPORT RSA ciphers"
fileout "freak" "NOT OK" "FREAK (CVE-2015-0204) : VULNERABLE (NOT ok), uses EXPORT RSA ciphers" fileout "freak" "NOT OK" "FREAK (CVE-2015-0204) : VULNERABLE (NOT ok), uses EXPORT RSA ciphers"
else else
pr_green "not vulnerable (OK)"; out "$addtl_warning" pr_done_best "not vulnerable (OK)"; out "$addtl_warning"
fileout "freak" "OK" "FREAK (CVE-2015-0204) : not vulnerable (OK) $addtl_warning" fileout "freak" "OK" "FREAK (CVE-2015-0204) : not vulnerable (OK) $addtl_warning"
fi fi
outln outln
@ -4909,7 +4909,7 @@ run_logjam() {
pr_svrty_critical "VULNERABLE (NOT ok)"; out ", uses DHE EXPORT ciphers, common primes not checked." pr_svrty_critical "VULNERABLE (NOT ok)"; out ", uses DHE EXPORT ciphers, common primes not checked."
fileout "logjam" "NOT OK" "LOGJAM (CVE-2015-4000) : VULNERABLE (NOT ok), uses DHE EXPORT ciphers, common primes not checked." fileout "logjam" "NOT OK" "LOGJAM (CVE-2015-4000) : VULNERABLE (NOT ok), uses DHE EXPORT ciphers, common primes not checked."
else else
pr_green "not vulnerable (OK)"; out "$addtl_warning" pr_done_best "not vulnerable (OK)"; out "$addtl_warning"
fileout "logjam" "OK" "LOGJAM (CVE-2015-4000) : not vulnerable (OK) $addtl_warning" fileout "logjam" "OK" "LOGJAM (CVE-2015-4000) : not vulnerable (OK) $addtl_warning"
fi fi
outln outln