Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-10 12:42:53 +02:00
Code Issues Packages Projects Releases Wiki Activity
5,161 Commits 17 Branches 35 Tags
36bc08ce184b568a0482b6469577188dd5e5169f
Commit Graph

2844 Commits

Author SHA1 Message Date
Dirk
dc60d9360a reverse proxy banner alignment 2015-08-08 13:37:05 +02:00
Dirk
56e6f90308 FIX #158 (pagesspeed header was identified as IPv4 addr) 2015-08-08 10:20:13 +02:00
Dirk Wetter
70ff293fb7 - fix for #156 
- reverting #27. Catch is the functions are being initiated at a fixed time instead of while calling. This conflicts with the --color option which is done late. Other solution?
 2015-08-05 11:31:55 +02:00
Dirk
f1fe2c3286 just renaming as rc1 for 2.6 2015-08-02 01:25:39 +02:00
Dirk
fcb8c5d0bc - FIX for multiple ip addresses for one mx host (didn't expect a matroshka ;-)) 
- make dotted lines smaller
 2015-08-02 01:16:27 +02:00
Dirk
ea1ab3b911 help for mass testing option in #153 2015-08-02 00:26:34 +02:00
Dirk
325abcfc06 - first shot for szepeviktor's color function maker #27 2015-08-02 00:03:30 +02:00
Dirk
9006234c34 - NEW: mass testing via --file 
- FIX: ipv6 address in rDNS was ..umm err ....missing some chars
- rough ipv6 address detection (fixes single colon in "further ip addresses")
- FIX: facebook has EC certificate but signing algo is not EC
- FIX for wrong openssl location in banner
 2015-08-01 23:11:27 +02:00
Peter Mosmans
c04497f2f6 Another fix for #140 
Suppress awk warnings
Don't try to retrieve header information from openssl stderr output
 2015-07-27 12:16:03 +02:00
Dirk
f45f91a07e - quiet mode for mass testing (see #148) w/o banner 
- -q is now --devel
 2015-07-25 14:33:08 +02:00
Dirk
d4f7dd0f91 * squash dirname err msg on FreeBSD 
* numerous DNS related internal improvements
* FIX #137
* FIX #147
 2015-07-23 17:11:33 +02:00
Dirk
013a24caea * - improved DNS parser again, see #141 #140 
* at least exit with -250 or worse if a problem occurs (rest still undefined, needs to be fixed, see #145/#100)
* renamed all top level tests in "run_" for better code
 2015-07-22 13:11:20 +02:00
Dirk
c66a2c8f2e FIX #144: reverse screw up of hpkp function for BSD/Darwin 2015-07-21 20:35:49 +02:00
Dirk
784294b52d awk fixes for MSYS2 FIX #141, #FIX 140 2015-07-21 14:20:15 +02:00
Jonathon Rossi
298a91d743 Fix bash 3 support 
Mac OS X ships with bash 3, not 4. The case statement fallthrough and
continue operators were added in bash 4.
 2015-07-21 15:11:20 +10:00
Dirk Wetter
f81b3a5c25 * GOST ciphers sometimes missing during scan 
* help was not precise wrt some arg w no params
 2015-07-20 14:05:35 +02:00
Dirk Wetter
66f0b22adb word match for -V / -x now only for non-numbers: testssh.sh -x cc google.com tests for chaha ciphers 
(before only word matching was done e.g.: testssl.sh -x ECDH chase.com
 2015-07-17 15:58:07 +02:00
Dirk Wetter
d9b9d2c2fb * path display error in banner fixed 2015-07-17 14:58:12 +02:00
Dirk Wetter
cda5eff12e * STARTTLS_SLEEP 
* resolved misleading output STARTTLS + socket
* fixed poodle ciphers in code (but not used yet)
 2015-07-17 14:33:23 +02:00
Dirk Wetter
f04ee57e79 * display shortend path to $OPENSSL in banner 2015-07-17 13:25:39 +02:00
Harald Wagener
4df61eed14 Update testssl.sh 
Fix typo.
 2015-07-17 11:05:07 +02:00
Dirk Wetter
54290b220a - Provide Darwin binaries and paths thereto 
- provide also other static bins in $PWD/bin
 2015-07-16 23:01:10 +02:00
Dirk Wetter
b157a26632 * EV certificate detection 
* SSLv2 + STARTTLS protocol check always uses sockets now
* STARTTLS protocol now returns over sockets the TLS time (if available)
* few LibreSSL output oddities fixes
* output corrections for STARTTLS
* additional path for binaries (we change the path soon but leave both in the code for now)
 2015-07-16 17:58:03 +02:00
Dirk
4c033bc0cc * header flags added 2015-07-14 20:44:04 +02:00
Dirk
2e40c2bde6 * misleading warning for DH bits for Negotiated cipher omitted if no DH or EC and OPENSSL <= 1.0.1 2015-07-14 19:58:04 +02:00
Dirk
32325d0643 * fix for scanning an IP address only 
* server_preference: cipher adjusted
* some [[ and ]] in loops, hoping to speed up processing a bit
* cosmetic stuff
 2015-07-14 17:13:58 +02:00
Dirk
2ae8f2d6e3 fix regression: port 25 is the one for --mx 2015-07-14 12:35:26 +02:00
Dirk
0b1c0dca46 FIX #132 (see also discussions in #133 2015-07-13 23:41:49 +02:00
Dirk
dfc37bc892 workaround / FIX #134 (OPENSSL_CONF destroyed lookup via host/dig/nslookup 2015-07-13 23:24:23 +02:00
Dirk
f95326cf21 * Liferay in header will be marked in yellow 
* more tries to find openssl binaries (also those in git)
 2015-07-12 18:46:27 +02:00
Dirk
3cf891bd5e * FIX #131 (EC certificate key size was critized) 
* FIX: if request w/o SNI didn't succeed it resulted in an ugly openssl error message
* FIX #51 (we try to initialize GOST engine before showing the banner)
 2015-07-10 10:23:10 +02:00
Dirk Wetter
f1d8471a3d * heartbleed and ccs check enabled per default for STARTTLS 
* performance improvements for sockets+STARTTLS (still only enabled via EXPERIMENTAL=yes)
 2015-07-08 21:30:31 +02:00
Dirk Wetter
d3b8f8e0a2 cosmetic corrections (output) 2015-07-08 11:34:45 +02:00
Dirk Wetter
5944c35075 * EXPERIMETAL=yes is used, testssl.sh uses for protocols, heartbleed, ccs sockets also for STARTTLS! 
* it's slow though (to be improved)
* renamed vars for proxy
* cleanups
 2015-07-07 22:59:31 +02:00
Dirk Wetter
179d8700d1 * NEW: xmpphost support 
* FIX for regression (80e26a75ef), config file GOST
 2015-07-06 20:42:43 +02:00
Dirk Wetter
c08baa94b3 * CHANGE: some tuning variable are now booleans (see help) 
* help() to reflect this
* cleanups
 2015-07-06 10:10:46 +02:00
Dirk
80e26a75ef * Warning if LibreSSL is used #126 
* FIX for screwed up output for fixed ciphers (FREAK, LOGJAM), see also #126
* GOST support now doesn't complain if MY confif file aleady exists (minor fix)
 2015-07-02 16:39:41 +02:00
Dirk
5acfc93d79 * couple of checks for new proxy option from John Newbigin #124 
* minor cleanups for #124
 2015-06-29 23:28:37 +02:00
Dirk
ddd680ac93 * merge #124 from jnewbigin 
* fix my run time error
 2015-06-29 22:29:15 +02:00
Dirk
15a672b521 * assertion vs. condition fixed 2015-06-29 10:41:56 +02:00
Dirk
93f5b8216d * FIX #125 
* beautified some code / function names
 2015-06-28 13:52:42 +02:00
Dirk
5d78c9421f * first tls_low_byte is now always 01 in TLS 1.0 --> TLS 1.2 (see openssl) 
* removing TLS 1.2 check from sockets as IIS has a problem with it
 2015-06-24 11:08:09 +02:00
Dirk
e121f944e9 * FIX: added missed downgrade (ret=2) in socket protcol check 
* resorted helper functions to top
* cleanups (ok, renamed some functions)
 2015-06-23 21:54:47 +02:00
Dirk
b575710634 * FIX in --ip=one 
* straighthen help()
* FIX ret value for no response in parse_tls_serverhello
 2015-06-23 12:58:40 +02:00
Dirk
ae8f998f8f * help corrected, -e is standard 2015-06-23 07:56:56 +02:00
Dirk
a6c5a2af0d * handshake works now with SNI 2015-06-22 23:19:08 +02:00
Dirk
d3c793e6bc * help without <> now and | 
* socket SNI issue: As it turns out Apache 2.2/2.4 is not behaving according to https://tools.ietf.org/html/rfc6066#section-3
   .
 2015-06-22 18:32:40 +02:00
Dirk
58a6f501b5 - better addressed no clear fallback repsonses, see #121 2015-06-20 19:36:11 +02:00
Dirk
633cdc209b - NEW: IP address detection now in HTTP header 
- NEW: Varnish and Squid header detected
- NEW: option --ip=one is a shortcut and means just test the first ip
- CSP Report-Only in security headers
- New: Varnish and Squid header detected, OWA header
- all single tests in bold now
- no support for TLS 1.2 spits out "NOT ok" as it is not ok
- Medium ciphers and DES ciphers are not having aNULL and aDH ciphers anymore and have different colors --> ratings
- http-date is now in http header(), tls_time in server_defaults()
- http header reply is indented to same row as server defaults
- http status code is displayed clearly now
- BUGFIX: IPv6 address wasn't displayed
- cleanup
- application banner now in two lines if needed
- try a second time to get a http header if first one fails
- fix: case where % sign in ip address made prinf hiccup (sanitized)
- fix: $url was in some functions empty
- fixed bug where some headers were displayed twice
 2015-06-19 20:36:32 +02:00
Dirk
59299ce9e1 - FIX #119 (sed -E fails for old sed versions) 
- std_cipherlists tuned
- fix for selfsigned certs (missed sometimes because of trailing space)
 2015-06-17 11:33:29 +02:00