1
0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-07-20 20:51:45 +02:00
Commit Graph

1904 Commits

Author SHA1 Message Date
1d992f3620 preview from clientsim branch, important to add now 2017-04-20 17:24:07 +02:00
7c676dfc63 FIX -- doubel meaning fo '-h' 2017-04-19 19:46:54 +02:00
869ec9b9c3 Merge pull request from dcooper16/openssl_location
Populate OPENSSL_LOCATION in find_openssl_binary
2017-04-19 18:23:14 +02:00
219a07a620 Merge pull request from gniltaws/2.9dev
Use $TESTSSL_INSTALL_DIR instead of $RUN_DIR in find_openssl_binary() - Second Try
2017-04-19 18:05:03 +02:00
828dda79f3 Merge pull request from dcooper16/travis_check_for_html
Add Travis test for HTML output
2017-04-19 16:01:07 +02:00
ee4975ac8a modified find_openssl_binary() to use TESTSSL_INSTALL_DIR since get_install_dir() works very hard to determine the where testssl actually is 2017-04-19 09:40:56 -04:00
6d1aec736e Add Travis test for HTML output
It seems that I needed to escape the plus sign in the check for the HTTP clock skew.
2017-04-19 09:19:24 -04:00
f7540cae57 Merge branch '2.9dev' into openssl_location 2017-04-19 09:13:33 -04:00
c4a2ba8b49 vuln count adjusted 2017-04-19 01:21:13 +02:00
51497c9dfb Merge pull request from drwetter/revert-712-travis_check_for_html
Revert "Add Travis test for HTML output"
2017-04-19 00:55:35 +02:00
9164230186 Revert "Add Travis test for HTML output" 2017-04-19 00:53:38 +02:00
5285c26759 Merge pull request from dcooper16/travis_check_for_html
Add Travis test for HTML output
2017-04-19 00:38:27 +02:00
9ff868b083 fix travis 2017-04-19 00:35:55 +02:00
2469603a7f save also 1x connect for heartbleed() by reusing a previoulsy identified protocol 2017-04-19 00:30:09 +02:00
de79bd6b0e implemented ticketbleed (experimental). Renamed other vulnerabilty checks to easier memorize each check:
-H is now --heartbleed instead of --headers,
-B is now --breach instead of --heartbleed,
-T is now --ticketbleed (was previously --breach)

bugs fix for run_ccs_injection() where the tls protocols wa not properly passed to the ClientHello

Made use of already determined protocol ( this time only from determine_optimal_proto() ) ==> we shpould use this in run_protocols() too!)
for run_ccs_injection + run_ticketbleed(). For achieving this determine_optimal_proto() needed to be modified so that it adds a protocol
to PROTOS_OFFERED (all_failed is now boolean there)

added two easy functions for converting dec to hex

sockread_fast() is for testing which should make socket erads faster -- albeit it could potentially block the whole thing
2017-04-18 23:15:32 +02:00
ac5b9a8a78 minor polishing, correct handshake length 2017-04-18 23:06:12 +02:00
dd9b3919fc PoC uploaded 2017-04-16 20:38:47 +02:00
c76f6019e3 Fix typo
Missing "/" in second call to testssl.sh
2017-04-14 16:31:46 -04:00
6d55b2e6f3 Include banner in check
* Changed calls to testssl.sh to not include `--quiet` or `--append` flags. Modified perl script to remove HTML header and footer before comparing to terminal output.

* Changed `TERM_WIDTH` to 120 (doesn't affect test, but 80 created too much line wrapping).

* Replace date and time information with X's rather than removing entirely. This should not affect the comparison, but will make the output created displayed in an error message look closer to the actual output of testssl.sh
2017-04-14 16:25:49 -04:00
1249157afd Handle differing HTTP clock skew
Occasionally the HTTP clock skew will differ between the two runs of testssl.sh, so remove that text from the strings that are compared.
2017-04-14 11:39:28 -04:00
d82f809c6d Add Travis test for HTML output
I've never programmed in perl before, but this script seems to work. It includes two checks:

* I runs testssl.sh without the `--debug` flags and checks that the HTML file is the same as what is sent to the terminal.

* It runs testssl.sh with `--debug 4` and checks that the HTML file created is the same as the one created without the `--debug` flag.
2017-04-14 11:24:26 -04:00
7747d965d4 Merge branch '2.9dev' into openssl_location 2017-04-14 09:12:20 -04:00
4b833b7b6e code readability improvements 2017-04-14 11:26:01 +02:00
3d8c8769a9 Merge pull request from dcooper16/fix_616
Fix 
2017-04-14 11:04:54 +02:00
0b9c04350d Merge pull request from dcooper16/debug_output_in_html
No debugging text in HTML output
2017-04-14 11:03:48 +02:00
27124a404b Merge branch '2.9dev' into debug_output_in_html 2017-04-13 16:34:44 -04:00
2bfc0dc1d7 Merge branch '2.9dev' into fix_616 2017-04-13 16:33:57 -04:00
756e28d2dc Merge branch '2.9dev' into openssl_location 2017-04-13 16:31:30 -04:00
df953dca25 Merge pull request from dcooper16/color_in_headers
Use of color in emphasize_stuff_in_headers()
2017-04-13 22:22:59 +02:00
dcfee43b0d Use of color in emphasize_stuff_in_headers()
`emphasize_stuff_in_headers()` only adds color to the text being printed to the terminal if `$COLOR` is 2. So, the same should be the case for the HTML output.
2017-04-13 16:06:06 -04:00
5afee01797 No debugging text in HTML output
This PR fixes two places in which output is being included in the HTML output, but shouldn't be.
2017-04-13 14:28:39 -04:00
712c4ad30b Fix
This PR addresses issue , changing `run_cipher_match()` so that only those ciphers that are available are shown, unless the `--show-each` flag has been provided.

It also fixes a problem where the signature algorithm isn't being shown, even if `$SHOW_SIGALGO` is true.
2017-04-13 14:03:51 -04:00
c77cbc3043 Merge branch '2.9dev' into openssl_location 2017-04-13 11:05:28 -04:00
34a512a363 Merge pull request from dcooper16/use_get_cipher
Use get_cipher() helper function
2017-04-13 16:50:42 +02:00
e3e25ce1c3 Use get_cipher helper function
The new `get_cipher()` helper function was not being used in every place where it could be used.
2017-04-13 10:32:19 -04:00
ae1bd5c6bd Merge branch '2.9dev' into openssl_location
Conflicts:
	testssl.sh
2017-04-12 16:07:42 -04:00
5168fab693 minor polishing 2017-04-12 21:50:55 +02:00
59683927f8 Prevent word splitting 2017-04-12 15:39:37 -04:00
4d0bd4acb5 Merge branch '2.9dev' into openssl_location 2017-04-12 15:36:58 -04:00
d2b70f7289 Merge pull request from dcooper16/fix_702
Fix 
2017-04-12 21:33:36 +02:00
9f7ab1cef6 Merge pull request from dcooper16/more_702_fixes
More fixes for 
2017-04-12 21:19:17 +02:00
036bf2e53c revamped run_std_cipherlists(). There are now less catagories, less overlap and it's more modern:
NULL ciphers (no encryption)
 Anonymous NULL Ciphers (no authentication)
 Export ciphers (w/o ADH+NULL)
 LOW: 64 Bit + DES encryption (w/o export)
 Weak 128 Bit ciphers
 Triple DES Ciphers (Medium)
 High grade encryption
 Strong grade encryption (AEAD ciphers)
2017-04-12 21:00:08 +02:00
2ac14e879d More fixes for
This PR just addresses some places where quotes need to be used to avoid word splitting in case the referenced file, or path to the file, contains space characters.
2017-04-12 14:34:26 -04:00
fa736cf6d9 Fix typo in run_mass_testing_parallel() 2017-04-12 12:24:33 -04:00
513ba8ff2d Another fix to calling child process
The previous fix did not work if testssl.sh was found via `$PATH`. This seems to work in all cases. If testssl.sh is found via `$PATH` or if the command line includes a path, then `which` returns a non-empty response; otherwise, `$0` does not include any path, but one needs to be provided, so `$RUN_DIR/$PROG_NAME` is used.
2017-04-12 12:15:27 -04:00
f094013aeb Fix creation of child process
Using "$0" as the name of the executable seems to work as long as "$0" contains a directory name (e.g, "workingfiles/testssl.sh"), but not if it is just the name of the executable (e.g., "testssl.sh"). Specifying "$RUN_DIR/$PROG_NAME" seems to work in both cases, since if "$0" doesn't contain any path information, `$RUN_DIR` is `.`
2017-04-12 11:39:24 -04:00
6633d0e549 Improve pretty-printing of command line string
Use the suggestion "If you want to print the argument list as close as possible to what the user probably entered" from http://stackoverflow.com/questions/10835933/preserve-quotes-in-bash-arguments to create `$CMDLINE` and to print the command lines in `run_mass_testing()` and `run_mass_testing_parallel()`.
2017-04-12 10:00:40 -04:00
7cbce9cb55 Fix
This PR addresses issue . Rather than create the command line for each child process in `run_mass_testing()` as a string, it creates it as an array, with each argument being a separate element in the array. This was done based on http://mywiki.wooledge.org/BashFAQ/050.

The printing of each child's command line done based on http://stackoverflow.com/questions/10835933/preserve-quotes-in-bash-arguments.

The `$CMDLINE` string remains unchanged, even though it isn't entirely "correct," since http://jsonlint.com/ complains if the "Invocation:" string contains backslashes.
2017-04-11 17:05:27 -04:00
91695fe07e Merge branch '2.9dev' into openssl_location 2017-04-11 13:17:22 -04:00
ed2aa6698d comments added for 2017-04-11 18:48:23 +02:00