1
0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-07-18 03:31:58 +02:00
Commit Graph

3944 Commits

Author SHA1 Message Date
89de30c867 Merge pull request from jauderho/gha_build_status
Update build status to reflect use of GHA
2021-08-08 14:00:14 +02:00
6daa2956b9 Update Readme.md 2021-08-08 04:07:33 +00:00
fd9fac67aa Update Readme.md 2021-08-08 03:51:34 +00:00
77e47cadff Merge pull request from drwetter/fix_1956_3.1dev
Redirect debugme() outputs to stderr (3.1dev)
2021-08-07 16:18:43 +02:00
c1253f2cd0 Merge pull request from jauderho/3.1dev
Add Dependenbot checking for GitHub Actions
2021-08-07 16:17:33 +02:00
7b0947c290 Merge pull request from dcooper16/use_all+
Use all+ in calls to tls_sockets()
2021-08-07 16:04:07 +02:00
3f8c62dc41 Change debugme1 calls to include redirection from stderr back to stdout
The fact that debugme1() redirects to stderr and the calls to this functions
redo that is deliberately as in the future we might want to use debugme1
without redirection.
2021-08-07 15:26:51 +02:00
4e01f86c99 Redirect debugme() outputs to stderr (3.1dev)
... to address  and other places. Similar to ,
only for the 3.1dev rolling release branch.

Also it changes debugme1() back? to output debug
statements only when $DEBUG >= 1. Per default here
also stderr is used.
2021-08-07 15:20:09 +02:00
b4d11459a8 Use all+ in calls to tls_sockets()
get_server_certificate() includes a few calls to tls_sockets() in which the response will be TLS 1.3 and in which the response will be useless if it cannot be decrypted (since the goal is to obtain the server's certificate). So, these calls to tls_sockets() should specify "all+" rather than "all".
2021-08-05 11:36:32 -04:00
1739ae1400 Merge pull request from dcooper16/certificate_compression
Check for RFC 8879 certificate compression
2021-08-05 16:51:03 +02:00
526d25bc1d Don't test for certificate compression if --ssl-native
This commit changes run_server_defaults() so that the test for certificate compression is not run in --ssl-native mode. This fixes an issue that was caught by 21_baseline_starttls.t.
2021-08-05 10:37:37 -04:00
fa1ccdb565 Check for RFC 8879 certificate compression
This commit adds a check for whether the server supports certificate compression (RFC 8879). If it does, then the list of supprted compression methods is output in the server's preference order.
2021-08-04 14:39:12 -04:00
b603d57146 Merge pull request from drwetter/fix_1717
Look-ahead trick for -U --ids-friendly
2021-08-01 17:47:11 +02:00
91970a2214 Merge branch 'drwetter:3.1dev' into 3.1dev 2021-07-31 14:28:57 -07:00
a3ab6cd887 Merge pull request from drwetter/digrc
Ignore $HOME/.digrc
2021-07-31 18:49:57 +02:00
6cf7521184 Look-ahead trick for -U --ids-friendly
If the order of the cmdline is '-U --ids-friendly' then we need to make sure we catch --ids-friendly. Normally we do not,
 see . The following statement makes sure. In the do-while + case-esac loop  the check for --ids-friendly will be
executed again, but it does not hurt
2021-07-31 18:27:03 +02:00
439aad1f22 Ignore $HOME/.digrc
Newer dig versions have an option to ignore $HOME/.digrc, older don't.

This commit adds a patch checking for the availability of such an option and
uses it by default. See  .

If this option doesn't exist then still dig is used and can still lead to
wrong output. Unfortunately Debian-based distros are not very
good at this. Debian 10, Ubuntu 18.04 still use dig 9.11, whereas
Opensuse 15.2 has 9.16. Debian 11 and Ubuntu 20.04 use that too.
2021-07-31 15:14:22 +02:00
c40a3a7d02 Merge pull request from drwetter/noitalics4screen
Disable ANSI codes for italic when TERM == screen
2021-07-31 13:57:11 +02:00
525a40a653 Disable ANSI codes for italic when TERM == screen
... otherwise it is being printed in reverse, see .
2021-07-31 13:17:55 +02:00
46862ecc84 Merge pull request from drwetter/alpine
Upgrade to alpine 3.13
2021-07-30 18:01:25 +02:00
68c5acb556 Upgrade to alpine 3.13 2021-07-30 18:01:12 +02:00
820b728bc4 Merge pull request from drwetter/email-contrib
E-Mail as a contribution possibility
2021-07-30 15:02:19 +02:00
2b74e9f55d E-Mail as a contribution possibility
As some people may have a problem with the owner of github.
2021-07-30 15:01:39 +02:00
2935ecc2e1 Merge pull request from drwetter/nmap_portdetection_1931
Improved SSL/TLS portdetection in nmap greppable files
2021-07-30 09:48:50 +02:00
70d40b416b Merge pull request from dcooper16/print_spaces_faster
Print consecutive spaces faster
2021-07-30 09:21:50 +02:00
fc310301f1 Print consecutive spaces faster
This commit adds a new function, print_n_spaces(), which prints a sequence of (up to 80) space characters.

This new function is used to replace a few places in testssl.sh in which a sequence of space characters is printed by calling 'out " "' in a loop. The new function is much faster than the current code, so it will make testssl.sh run slightly faster.
2021-07-29 15:12:27 -04:00
59c0b38140 see previous commit 2021-07-25 17:14:12 +02:00
defed8705b Extend TLS/SSL port detection
As mentioned in  the port detection for nmap greppable files
leaves space for improvements.

Ths PR adds a pattern detection of ssl and https in the forth or fifth
parameter of an open port, so those ports will be added to a scan when
a nmap greppable output file is as input to testssl.sh .

Also it does minor code adjustments to utils/gmap2testssl.sh .
2021-07-25 17:09:30 +02:00
18dfa26e48 Merge pull request from drwetter/fix_1935
Fix problem when nmap file has .txt extension
2021-07-25 16:34:58 +02:00
b1c1d250cf Redo utils/gmap2testssl.sh
.. mainly copied from testssl.sh. Also it adds a detection for the
strings ssl and https. If those run at non-stanadard ports but nmap
detected it, it'll show up in the output file.

That will be backported to the main program, see  .
2021-07-25 16:28:50 +02:00
5a7b7d8b8e Fix problem when nmap file has .txt extension
This addresses a bug filed in  in 3.1dev when the supplied file
has a .txt extension. In this scenario the input file was nulled
as from the input file in nmap format an internal input file was
generated which has a .txt extension, in the same directory.
The idea was to persist the file for the user.

Now, this internal input file is ephemeral and only written to $TEMPDIR.
2021-07-25 13:05:40 +02:00
05d087a564 Merge pull request from drwetter/drwetter-patch-1
Update bug_report.md
2021-07-21 09:22:38 +02:00
8203049154 Update bug_report.md 2021-07-21 09:22:01 +02:00
ea4d939f8f Create dependabot.yml 2021-07-01 19:32:33 -07:00
56dcbcdc15 Merge pull request from drwetter/fix_1915
Fix redundant message (BREACH) when client certificate required
2021-06-22 08:25:29 +02:00
f4bb1a20e2 Merge pull request from PeterDaveHello/Add.dockerignore
Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
2021-06-19 18:17:51 +02:00
f0970aff90 Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
There is no need to add non-Linux binary in the Dockerfile here.
2021-06-19 22:22:59 +08:00
28d9bc483d Fix redundant message (BREACH) when client certificate required
same as .

Fixes 
2021-06-19 15:27:03 +02:00
9f0d0c0062 Merge pull request from drwetter/gha_denylist
Github actions modifications
2021-06-19 12:30:00 +02:00
2af7860a3c Remove mac osx
... apt is probably not the right thing ;-)
2021-06-19 11:17:52 +02:00
247d08882e GHA: Fix push + PR
see https://github.community/t/how-to-factor-paths-in-common-for-push-and-pull-request/115967/2

TL;DR:  There is no way to specify the common paths for two events
2021-06-19 11:12:00 +02:00
5cd97ddcb9 Correct YAML error in GHA + add macOS
- yamllint to the rescue. Still shows an error though:
  4:3       error    syntax error: expected <block end>, but found '<block mapping start>' (syntax)

- added macos, see https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
2021-06-19 10:45:08 +02:00
b8a9b9c6db Github actions modifications
- define deny list of files when modified not to run GHA
- specRitfy OS to be ubuntu-20.04 (is there a debian at all?)
- only use perl 5.26

While researching I stumbled over mac.osx as an OS one can specify. If anybody
knows whether this is really macosx (license?) please let me know. That
would be a great addition for CI. (Couldn't find BSD yet...)

See 
2021-06-19 09:20:48 +02:00
2d3bd724fc Merge pull request from PeterDaveHello/MakeShellScriptShebangConsistent
Make Shell Scripts' Shebang more consistent
2021-06-18 08:59:22 +02:00
cb844557f8 Merge pull request from PeterDaveHello/CorrectExitUsage
Correct `exit` using, the exit status should be 0~255
2021-06-18 08:55:22 +02:00
35c43719dd Merge pull request from drwetter/rm_travisCIhook
Remove travis CI hook
2021-06-18 08:47:52 +02:00
f91c0251be Rmeove travis CI hook
.. as we're using GHA now
2021-06-18 08:44:36 +02:00
ce634f7deb Correct exit using, the exit status should be 0~255
According to the POSIX Programmer's Manual, the exit status specified by
the unsigned decimal integer. If n is specified, but its value is not
between 0 and 255 inclusively, the exit status is undefined.

By cross reference the usage between different scripts in this project,
it looks like we could simply remove the `-` before the number.
2021-06-15 16:04:23 +08:00
4de952a4dd Make Shell Scripts' Shebang more consistent
Consider most of the scripts use bash in the project, should maybe just
use it, instead of /bin/sh in all the scripts.
2021-06-15 15:52:49 +08:00
17b172229d Merge pull request from mikelolasagasti/gha
Add GitHub Actions testing
2021-06-07 09:16:31 +02:00