Commit Graph

3988 Commits

Author SHA1 Message Date
Dirk f3f3967bd1 - FIX $87 (2), finally
- feature: integrated TLS+HTTP time into server defaults
- NEW: option: -U/vulnerable
- moved explanation for BREACH into result
- FREAK and CCS are not labled experimental anymore
- unifying of get request headers
- readability of help
2015-05-02 15:01:02 +02:00
Dirk Wetter 2aa82e5164 - partly FIX for #87 (removed SNI helps. Doesn't make sense anyway)
- changed order of Secure Renegotiation/Secure Client-Initiated Renegotiation
- readability improvements in renego
2015-05-01 12:18:43 +02:00
Dirk d766a0b459 - fix additional \n in RC4 if no RC4 ciphers were detected 2015-04-28 08:04:09 +02:00
Dirk Wetter ae1abda571 Update Readme.md 2015-04-24 16:52:08 +02:00
Dirk 150fb671bb - more thourough what has been done 2015-04-23 09:25:28 +02:00
Dirk Wetter b492031b95 Update Readme.md 2015-04-23 08:48:28 +02:00
Dirk 1ea7a0947f - RC4 has now 2 CVEs and cipher per default are displayed short
- introducng a variable name LONG which for certain funcs shows broad output with hexc, cipher, KX, etc.
- FIX: regression not showing security headers
- introducing VULN_THRESHLD
2015-04-22 18:24:39 +02:00
Dirk 3891f5b13b - FIX #83
- emphasize also OS names in HTTP headers
2015-04-22 15:22:53 +02:00
Dirk 06bd8b2517 - FIX for complete bailing out 2015-04-22 11:56:13 +02:00
Dirk bafce6edce - reordering code so that all attacks are together
- RC4 is now really omitted in PFS test
- cleanup of some comments
2015-04-22 10:33:44 +02:00
Dirk c751e9f459 typo 2015-04-21 08:14:36 +02:00
Dirk 5bec0a16c9 - better compatibility with windows 2003 server
- all long options are advertised now as with dashes and not underscore
- cosmetic stuff
2015-04-20 10:05:01 +02:00
Dirk 7b6dba6369 FIX for #82 2015-04-18 23:03:16 +02:00
Dirk Wetter 3f0f489f50 Indicated freeze 2015-04-16 21:05:23 +02:00
Dirk 5625ee536e - BUGFIX: IIS server lead to false pisitive if SSLv3 was enabled
(timeout was faster then socket resply)
- FIX: CORS header not labeled as green
- NEW: Now also STARTTLS works with all cmd line options and is absolutely doing the same stuff!
  (integrated starttls() into parse_hn_port() )
- option --mx needed to be changed because of starttls
- regression fix: exec for socket doesn't play nice with stderr redirect
  (probably bash bug)
- added some env options to cmd line as long args (--assuming-http,--ssl_native,
  --color, debug, --sneaky, --warnings)
- threw away getent as it doesn't work under Linux && not network && localhost
  (replaced by grep)
- SSL-POODLE is not labeled anymore experimental
- HB+CCS are called while checking STARTTLS but given a hint that its not yet supported
- added more env vars to debug output
- cleanups
2015-04-16 20:36:17 +02:00
Dirk f682c5ceea - FIX regression: more_flags execution was missing
- FIX regression: capitalized/all lowercase headers weren't detected
- if socksend is blocked (IDS) output looks better and is reported as test didn't succeed
- no secure cookie or Httponly will be marked as brown
- tput color yellow is now brown
2015-04-14 13:16:43 +02:00
Dirk 9d5168dbb5 - more robust grep >=2.20, e.g Debian 8.0 (thx @stevenb18)
- FIX: false positive for breach while testing google.com (referer header was hardcoded to google.com)
2015-04-14 10:15:07 +02:00
Dirk 683e9dccab - FIX (regression): -V
- logic of some ENV variables changed (attention!)
- included some ENV as long options (not in the help yet)
- decentralized http check for breach
- if openssl is not executable it bails out better now
- help function now exits
2015-04-13 22:55:40 +02:00
Dirk 1043c40a60 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-04-10 15:16:20 +02:00
Dirk a12d39769f - underline CN, SAN and issuer deutschepost case (see sourceforge.net/p/ssllabs/mailman/message/33764851/) 2015-04-10 15:15:47 +02:00
Dirk Wetter bfcd684e19 Update Readme.md 2015-04-10 10:13:30 +02:00
Dirk Wetter 9ebf112858 Update Readme.md 2015-04-09 22:24:57 +02:00
Dirk 53e0955dfb FIX: missing server preferences, NEW: each cipher server preferences per protocol! 2015-04-09 22:08:48 +02:00
Dirk 7f984ea83f - 2015-04-09 21:45:22 +02:00
Dirk a98161acc9 - fixes to changes from Peter's better cmd line parsing
- cosmetc improvements (vulneraibilities)
2015-04-09 21:42:52 +02:00
Dirk Wetter eb73ffc053 Merge pull request #79 from PeterMosmans/refactoring
Refactored major parts of code
2015-04-09 21:38:29 +02:00
Peter Mosmans c8d169cc0f Removed GNU getopt
Minor fix to --poodle option
2015-04-07 18:05:52 +10:00
Peter Mosmans 9780e83895 Refactored major parts of code
Note that due to the refactoring of some status messages, the output will be slightly different (more verbose) than previous versions

Moved specific status messages to http_header()
Moved specific status messages to breach()
Moved specific status messages to ccs_injection()
Moved specific status messages to heartbleed()
Moved specific status messages to renego()
Moved specific status messages to crime()
Moved specific status messages to tls_poodle()
Moved specific status messages to freak()
Moved specific status messages to beast()

Added some more documentation for functions

Fixed typos in help

Created new function main:
This is the main function of testssl.sh
Refactored major part of the original main function

Created new function startup:
Parses the startup options

Created new function intialize_globals:
Initializes all used global variables

Created new function scanning_defaults:
Sets default scanning options when only one parameter (URI) is given

TODO: Refactor more/duplicate parts of functions

Note: For the new functions, fixed spaces (4) are used instead of tabs
2015-04-07 17:00:43 +10:00
Dirk 84aca9d9a3 FIX #80: show HTTP 401 2015-04-02 13:35:22 +02:00
Dirk 2cc56c4d1f NEW: added security headers 2015-04-02 13:04:57 +02:00
Dirk 8da96f78f2 - got rid of "strings" 2015-04-02 12:19:24 +02:00
Dirk 4bbd19ba03 - updated binaries from Peter. Necessary because handshake under rare circumstances
failed (routines:tls1_setup_key_block:cipher or hash unavailable:t1_enc.c:802.
  SLES 12 server, some ciphers under TLS 1.2
2015-04-02 11:46:12 +02:00
Dirk 940f51e74b protocol check via sockets now also for SSLv3 2015-03-31 10:34:30 +02:00
Dirk 9ed58b6202 cleanups / bsd date in tls time 2015-03-30 23:09:19 +02:00
Dirk 6c30386278 rechi 2015-03-30 15:03:29 +02:00
Dirk d9ae35fc7e open fixes from Rechi (pull request $67) 2015-03-30 14:59:44 +02:00
Dirk Wetter 7f4fc5902e Merge pull request #75 from feld/tr
Using square brackets in tr results in trying to match/replace them
2015-03-19 09:14:54 +01:00
Dirk Wetter f4c9f692d2 Merge pull request #76 from feld/printf
Fix variable directly referenced in printf
2015-03-19 09:14:32 +01:00
Mark Felder 819e6e6163 Fix variable directly referenced in printf 2015-03-18 15:43:06 -05:00
Mark Felder 63a1df1fe2 Using square brackets in tr results in trying to match/replace them 2015-03-18 15:42:21 -05:00
Dirk 0d3b7f343f Дилян 2015-03-17 22:14:05 +01:00
Dirk 2d0bfca343 - FIX for 3des cipher report (thx Дилян) 2015-03-17 22:12:25 +01:00
Dirk ca6ca5d47e - added two pairs of ciphers to server preference (thx Dilian) 2015-03-17 22:02:23 +01:00
Dirk 2faad9de9a - working tls handshake with bash sockets (not yet in production, hint: see option "-q" in the bottom) 2015-03-17 18:11:18 +01:00
Dirk c159af7f42 - check whether openssl is executable
- spaces to tabs
- adding hint to "aha" in help
2015-03-17 15:14:58 +01:00
Dirk 263535520f - FIX for date --> applied to other BSD systems too
- FIX for SNI output as it doensn';t make sense for non HTTP servives
- lines for RC4 and PFS shortenedA
- display all MX records to test before testing
- removed LOCERR, added CCS_MAX_WAITSOCK, HEARTBLEED_MAX_WAITSOCK
2015-03-17 12:22:21 +01:00
Dirk f8ba69f9fb - some internal code internal cleanups
- minor cosmetic output corrections
- preparation for bash sockets for SSLv3 to TLS 1.2
2015-03-16 00:22:51 +01:00
Dirk 4556108a72 further improvements through shellcheck 2015-03-15 16:59:29 +01:00
Dirk 68695bbad3 FIX #74 for sed BSD: doesn't like inline \n
headline for BEAST was missing
2015-03-15 16:10:14 +01:00
Dirk 655944bd4d - FIX: regression for wc -l w/o cat (3x)
- removal of unneccessary waitpid, inline
2015-03-15 14:41:34 +01:00