Commit Graph

3860 Commits

Author SHA1 Message Date
Dirk Wetter
05ef9f91b6
Merge pull request #1972 from drwetter/fix_dig-r
Fix cases where dig -r wasn't working
2021-09-01 19:50:15 +02:00
Dirk
bc742e0ea4 Amend previous commit
* add -q in grep statement to make sure the console stays clean
* redo check for noidnout by also using the help function of dig
2021-09-01 18:44:28 +02:00
Dirk
f8a87315cf Fix cases where dig -r wasn't working
* the ignore ~/.digrc option from dig is now parsed from the builtin help
* there was a potential DNS call which is now avoided
* for +noidnout check however there's a call to invalid. added
* the OPENSSL_CONF="" in check_resolver_bins() was moved a few lines
  higher to avoid other errors in the terminal

Tested on (EOL) Ubuntu 14.04 which only has dig in an older version

See also #1950
2021-09-01 18:28:12 +02:00
Dirk Wetter
ad3f7c3438
Merge pull request #1970 from drwetter/dependabot/github_actions/docker/build-push-action-2.7.0
Bump docker/build-push-action from 2.6.1 to 2.7.0
2021-08-30 10:19:39 +02:00
dependabot[bot]
c39edaaa1d
Bump docker/build-push-action from 2.6.1 to 2.7.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.6.1 to 2.7.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v2.6.1...v2.7.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-08-30 01:03:28 +00:00
Dirk Wetter
9eaccee776
Merge pull request #1962 from dcooper16/fix1961
Fix #1961
2021-08-27 09:35:04 +02:00
Dirk Wetter
be22ae2cf9
Merge pull request #1968 from jauderho/3.1dev
Add GH Action to build Docker images
2021-08-27 09:32:01 +02:00
David Cooper
667de371cd Fix #1961
This commit fixes #1961 in the 3.1dev branch by leaving NODEIP set to the server's IP address rather than changing it to the DNS name in the case of STARTTLS XMPP.

In order to address the problem of $OPENSSL s_client not working with STARTTLS XMPP if an IP address is provided to -connect, the -xmpphost option is used to provide the DNS name.
2021-08-09 13:22:31 -04:00
Jauder Ho
c7a9b74e16
Update docker-3.1dev.yml 2021-08-09 11:58:03 +00:00
Jauder Ho
e58ceb7b10 Removed docker-3.0.yml from 3.1dev branch 2021-08-09 11:18:20 +00:00
Jauder Ho
4dc984df2e Revert ref test 2021-08-09 11:14:07 +00:00
Jauder Ho
ca271c5d8b Test out GITHUB_REF 2021-08-09 11:09:11 +00:00
Jauder Ho
b1aeeb47e0 Testing context 2021-08-09 10:36:17 +00:00
Jauder Ho
4df60052af Use GH Action to build new container images upon push 2021-08-09 10:21:10 +00:00
Dirk Wetter
f15da8d15d
Merge pull request #1966 from drwetter/no_starttls
Add CVEs for No-STARTTLS vulnerability
2021-08-08 21:33:14 +02:00
Dirk
aaf6409581 Add CVEs for No-STARTTLS vulnerability
In text output only the original one from Wietse Venema.
The other known so far in JSON/CSV
2021-08-08 21:30:35 +02:00
Dirk Wetter
89de30c867
Merge pull request #1965 from jauderho/gha_build_status
Update build status to reflect use of GHA
2021-08-08 14:00:14 +02:00
Jauder Ho
6daa2956b9
Update Readme.md 2021-08-08 04:07:33 +00:00
Jauder Ho
fd9fac67aa
Update Readme.md 2021-08-08 03:51:34 +00:00
Dirk Wetter
77e47cadff
Merge pull request #1963 from drwetter/fix_1956_3.1dev
Redirect debugme() outputs to stderr (3.1dev)
2021-08-07 16:18:43 +02:00
Dirk Wetter
c1253f2cd0
Merge pull request #1953 from jauderho/3.1dev
Add Dependenbot checking for GitHub Actions
2021-08-07 16:17:33 +02:00
Dirk Wetter
7b0947c290
Merge pull request #1958 from dcooper16/use_all+
Use all+ in calls to tls_sockets()
2021-08-07 16:04:07 +02:00
Dirk
3f8c62dc41 Change debugme1 calls to include redirection from stderr back to stdout
The fact that debugme1() redirects to stderr and the calls to this functions
redo that is deliberately as in the future we might want to use debugme1
without redirection.
2021-08-07 15:26:51 +02:00
Dirk
4e01f86c99 Redirect debugme() outputs to stderr (3.1dev)
... to address #1956 and other places. Similar to #1957,
only for the 3.1dev rolling release branch.

Also it changes debugme1() back? to output debug
statements only when $DEBUG >= 1. Per default here
also stderr is used.
2021-08-07 15:20:09 +02:00
David Cooper
b4d11459a8 Use all+ in calls to tls_sockets()
get_server_certificate() includes a few calls to tls_sockets() in which the response will be TLS 1.3 and in which the response will be useless if it cannot be decrypted (since the goal is to obtain the server's certificate). So, these calls to tls_sockets() should specify "all+" rather than "all".
2021-08-05 11:36:32 -04:00
Dirk Wetter
1739ae1400
Merge pull request #1960 from dcooper16/certificate_compression
Check for RFC 8879 certificate compression
2021-08-05 16:51:03 +02:00
David Cooper
526d25bc1d Don't test for certificate compression if --ssl-native
This commit changes run_server_defaults() so that the test for certificate compression is not run in --ssl-native mode. This fixes an issue that was caught by 21_baseline_starttls.t.
2021-08-05 10:37:37 -04:00
David Cooper
fa1ccdb565 Check for RFC 8879 certificate compression
This commit adds a check for whether the server supports certificate compression (RFC 8879). If it does, then the list of supprted compression methods is output in the server's preference order.
2021-08-04 14:39:12 -04:00
Dirk Wetter
b603d57146
Merge pull request #1952 from drwetter/fix_1717
Look-ahead trick for -U --ids-friendly
2021-08-01 17:47:11 +02:00
Jauder Ho
91970a2214
Merge branch 'drwetter:3.1dev' into 3.1dev 2021-07-31 14:28:57 -07:00
Dirk Wetter
a3ab6cd887
Merge pull request #1950 from drwetter/digrc
Ignore $HOME/.digrc
2021-07-31 18:49:57 +02:00
Dirk
6cf7521184 Look-ahead trick for -U --ids-friendly
If the order of the cmdline is '-U --ids-friendly' then we need to make sure we catch --ids-friendly. Normally we do not,
 see #1717. The following statement makes sure. In the do-while + case-esac loop  the check for --ids-friendly will be
executed again, but it does not hurt
2021-07-31 18:27:03 +02:00
Dirk
439aad1f22 Ignore $HOME/.digrc
Newer dig versions have an option to ignore $HOME/.digrc, older don't.

This commit adds a patch checking for the availability of such an option and
uses it by default. See #1894 .

If this option doesn't exist then still dig is used and can still lead to
wrong output. Unfortunately Debian-based distros are not very
good at this. Debian 10, Ubuntu 18.04 still use dig 9.11, whereas
Opensuse 15.2 has 9.16. Debian 11 and Ubuntu 20.04 use that too.
2021-07-31 15:14:22 +02:00
Dirk Wetter
c40a3a7d02
Merge pull request #1946 from drwetter/noitalics4screen
Disable ANSI codes for italic when TERM == screen
2021-07-31 13:57:11 +02:00
Dirk
525a40a653 Disable ANSI codes for italic when TERM == screen
... otherwise it is being printed in reverse, see #1928.
2021-07-31 13:17:55 +02:00
Dirk Wetter
46862ecc84
Merge pull request #1945 from drwetter/alpine
Upgrade to alpine 3.13
2021-07-30 18:01:25 +02:00
Dirk Wetter
68c5acb556
Upgrade to alpine 3.13 2021-07-30 18:01:12 +02:00
Dirk Wetter
820b728bc4
Merge pull request #1943 from drwetter/email-contrib
E-Mail as a contribution possibility
2021-07-30 15:02:19 +02:00
Dirk Wetter
2b74e9f55d
E-Mail as a contribution possibility
As some people may have a problem with the owner of github.
2021-07-30 15:01:39 +02:00
Dirk Wetter
2935ecc2e1
Merge pull request #1938 from drwetter/nmap_portdetection_1931
Improved SSL/TLS portdetection in nmap greppable files
2021-07-30 09:48:50 +02:00
Dirk Wetter
70d40b416b
Merge pull request #1940 from dcooper16/print_spaces_faster
Print consecutive spaces faster
2021-07-30 09:21:50 +02:00
David Cooper
fc310301f1 Print consecutive spaces faster
This commit adds a new function, print_n_spaces(), which prints a sequence of (up to 80) space characters.

This new function is used to replace a few places in testssl.sh in which a sequence of space characters is printed by calling 'out " "' in a loop. The new function is much faster than the current code, so it will make testssl.sh run slightly faster.
2021-07-29 15:12:27 -04:00
Dirk
59c0b38140 see previous commit 2021-07-25 17:14:12 +02:00
Dirk
defed8705b Extend TLS/SSL port detection
As mentioned in #1931 the port detection for nmap greppable files
leaves space for improvements.

Ths PR adds a pattern detection of ssl and https in the forth or fifth
parameter of an open port, so those ports will be added to a scan when
a nmap greppable output file is as input to testssl.sh .

Also it does minor code adjustments to utils/gmap2testssl.sh .
2021-07-25 17:09:30 +02:00
Dirk Wetter
18dfa26e48
Merge pull request #1936 from drwetter/fix_1935
Fix problem when nmap file has .txt extension
2021-07-25 16:34:58 +02:00
Dirk
b1c1d250cf Redo utils/gmap2testssl.sh
.. mainly copied from testssl.sh. Also it adds a detection for the
strings ssl and https. If those run at non-stanadard ports but nmap
detected it, it'll show up in the output file.

That will be backported to the main program, see #1931 .
2021-07-25 16:28:50 +02:00
Dirk
5a7b7d8b8e Fix problem when nmap file has .txt extension
This addresses a bug filed in #1935 in 3.1dev when the supplied file
has a .txt extension. In this scenario the input file was nulled
as from the input file in nmap format an internal input file was
generated which has a .txt extension, in the same directory.
The idea was to persist the file for the user.

Now, this internal input file is ephemeral and only written to $TEMPDIR.
2021-07-25 13:05:40 +02:00
Dirk Wetter
05d087a564
Merge pull request #1933 from drwetter/drwetter-patch-1
Update bug_report.md
2021-07-21 09:22:38 +02:00
Dirk Wetter
8203049154
Update bug_report.md 2021-07-21 09:22:01 +02:00
Jauder Ho
ea4d939f8f
Create dependabot.yml 2021-07-01 19:32:33 -07:00