Commit Graph

4029 Commits

Author SHA1 Message Date
Dirk Wetter c573984340 Add +search to dig
... for all forward + non-mdns lookups.

This might help to avoid supplying domain names to local hosts (they would need
to have a valid certificate for the short DNS name then).

Fixes #2077
2022-01-03 16:44:09 +01:00
Dirk Wetter 3827521698
Merge pull request #2075 from drwetter/drwetter-patch-1
again wide screen mode for HTML
2021-12-27 17:11:36 +01:00
Dirk Wetter 1012a28958
again wide screen mode for HTML
see discussion on #2072
2021-12-27 17:09:59 +01:00
Dirk Wetter 9d37365a0d
Merge pull request #2072 from k0lter/3.1dev
Add sieve protocol support when using STARTTLS
2021-12-27 17:07:10 +01:00
Dirk Wetter 35ddd91813
Merge pull request #2073 from drwetter/dependabot/github_actions/docker/login-action-1.12.0
Bump docker/login-action from 1.10.0 to 1.12.0
2021-12-21 10:54:58 +01:00
dependabot[bot] c041e27ecf
Bump docker/login-action from 1.10.0 to 1.12.0
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.10.0 to 1.12.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v1.10.0...v1.12.0)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2021-12-21 00:24:46 +00:00
Emmanuel Bouthenot 6e050a780d Update doc for (manage)sieve protocol when used with STARTTLS 2021-12-20 17:20:01 +01:00
Emmanuel Bouthenot 4c2a1296a7 Add unit testing (manage)sieve protocol while using STARTTLS 2021-12-20 17:18:07 +01:00
Emmanuel Bouthenot bddf3a8189 Fix ports2starttls() to support (manage)sieve protocol while using STARTTLS 2021-12-20 17:16:16 +01:00
Emmanuel Bouthenot 155b380509 Add (manage)sieve protocol support when using STARTTLS 2021-12-17 12:44:39 +01:00
Dirk Wetter 2201a28070
Merge pull request #2069 from h3xx/refactor-strip_quote
Refactor strip_quote to use bash replacements instead of sed
2021-12-13 18:24:34 +01:00
Dirk Wetter c1e5ad82c1
Merge pull request #2070 from drwetter/gha_actions_improve
Also run GHA for PRs
2021-12-13 18:19:49 +01:00
Dan Church 1944eb8787
Refactor strip_quote to use bash replacements instead of sed 2021-12-11 12:43:46 -06:00
Dirk Wetter fbe04164d3 Also run GHA for PRs
(don't know whether this works.)
2021-12-11 19:40:29 +01:00
Dirk Wetter 6da72bcfd7
Merge pull request #2067 from drwetter/polish_fixhttpclockskew
Consider HTTP 'Age' header field when calculating HTTP clock skew
2021-12-10 20:16:28 +01:00
Dirk Wetter fc06fcee56 fix travis 2021-12-10 18:26:03 +01:00
Dirk Wetter 7974e57688 add extra line for Age 2021-12-10 16:06:26 +01:00
Dirk Wetter 18f3ad7c31 fix travis 2021-12-10 15:58:10 +01:00
Dirk Wetter e871bd0911 Polish PR #2032 + Additions
* address my comments
* add json fields HTTP_headerTime + HTTP_headerAge if they exists
* output HTTP_AGE if it was detected
* do stripping of line feeds closer to where variables were set
2021-12-10 14:27:30 +01:00
Dirk Wetter d6398c3167 Merge branch 'fixhttpclockskew' of https://github.com/Wahnes/testssl.sh into Wahnes-fixhttpclockskew 2021-12-10 12:06:19 +01:00
Dirk Wetter 2dce751bfa
Merge pull request #2055 from dcooper16/fix2053
Fix #2053
2021-12-09 17:03:57 +01:00
David Cooper ff8e9f49cc Fix #2053
This commit fixes #2053 by setting $FIRST_FINDING to false after a section footer is output.
2021-12-09 10:13:24 -05:00
Dirk Wetter 0118603401
Merge pull request #2064 from dcooper16/fix_json_headers
Fix JSON section headers
2021-12-09 13:16:50 +01:00
David Cooper e1600e3f62 Fix JSON section headers
This commit fixes two issues with the headers in the structured JSON output. First, if run_cipher_match() is performed the header this is used is "pretest" rather than "singleCipher". Second, the headers for "serverPreferences" and "fs" are swapped.
2021-12-08 14:13:10 -05:00
Dirk Wetter beac382673
Merge pull request #2063 from dcooper16/keyopts
Document $keyopts
2021-12-08 19:29:40 +01:00
David Cooper f2a4ee1090 Document $keyopts
Shellcheck complains on line 2234 that keyopts is referenced but not assigned and there is no explanation in the code (or in the documentation) why "$keyopts" is there. This commit adds a comment so that "$keyopts" isn't deleted as part of a code cleanup.
2021-12-08 11:50:35 -05:00
Dirk Wetter dc782a895c
Merge pull request #2059 from dcooper16/simplify_git_rel
Simplify extracting Git information
2021-12-08 11:50:55 +01:00
Dirk Wetter 187854bd60
Merge pull request #2061 from dcooper16/update_reset_hostdepended_vars
Update reset_hostdepended_vars()
2021-12-08 11:49:10 +01:00
David Cooper edbc66c78d Update reset_hostdepended_vars()
This commit adds several variables to reset_hostdepended_vars() that are not currently being reset for each host being tested, but that should be reset.
2021-12-07 14:45:19 -05:00
David Cooper 019c7fa57a Simplify extracting Git information
testssl.sh currently calls "git log --format='%h %ci' -1 2>/dev/null" three times. This commits changes testssl.sh to make this call just once and then use Bash string manipulation to extract the necessary information from the result.
2021-12-07 14:38:14 -05:00
Dirk Wetter 04b7e1e7c3
Merge pull request #2060 from dcooper16/shellcheck
Fix some Shellcheck issues
2021-12-07 20:26:00 +01:00
David Cooper d701e69e20 Fix some Shellcheck issues
This commit fixes a number of issues raised by Shellcheck and removes unnecessary quotation marks in a number of places.
2021-12-07 09:22:34 -05:00
Dirk Wetter 0eb73d949a
Merge pull request #2056 from drwetter/update_ua_sneaky
Update Firefox UA used in sneaky mode
2021-12-07 08:55:54 +01:00
Dirk Wetter 22272105c4
Merge pull request #2057 from mspncp/git-simplify-worktree-check
Simplify check for git working tree
2021-12-06 18:35:24 +01:00
Dr. Matthias St. Pierre 1e3f932932 Simplify check for git working tree
Sending the entire log to /dev/null is a rather expensive way of checking whether
we are inside a git working tree. Use `git rev-parse --is-inside-work-tree` instead.
2021-12-06 17:35:54 +01:00
Dirk Wetter 914dde501a Update Firefox UA used in sneaky mode
From FF 52 to FF 94.

Also one double quote was removed
2021-12-03 13:15:13 +01:00
Dirk Wetter f6571c7c76
Merge pull request #2050 from dcooper16/fix2049
Fix #2049
2021-11-30 11:19:44 +01:00
David Cooper 708cc672a2 Fix #2049
This commit fixes #2049 by converting newline characters to spaces in JSON and CSV findings.

fileout() calls newline_to_spaces() on the $findings that are to be written to JSON and CSV files. However, this only affects actual newline characters in the string, not escaped newline characters (i.e., "\n"). Escaped newline characters pass through this function unchanged, but then get converted to newline characters when they are written to the JSON and/or CSV files. This commit fixes the problem by also converting escaped newline characters ("\n") to spaces.
2021-11-29 14:36:29 -05:00
Dirk Wetter b40d38fc37
Merge pull request #2047 from drwetter/fix_badFileDescriptor
Fix for "Bad file descriptor" with --connect-timeout option
2021-11-28 18:11:36 +01:00
Dirk aca75822c1 Fix for "Bad file descriptor" with --connect-timeout option
This fixes #1834 and #1435.

The --connect-timeout option had the problem that under certain circumstances
like parallel mass scanning it didn't work. The culprit was that a subshell command
was used to connect to the target but the file descriptor wasn't exported.

The commit changes tha logic so that this connect is still done in a subshell
as a pre-check if it's possible to connect. If this fails it proceeds with
error handling if NR_SOCKET_FAIL is above threshold. Otherwsie it just connects
again.

When testing of the alexa 500 it worked for me(tm). It would be great if others
can give it a try.
2021-11-26 17:24:02 +01:00
Dirk Wetter f253920e92
Merge pull request #2044 from dcooper16/fix_sub_cipherlists
Fix sub_cipherlists()
2021-11-23 09:59:41 +01:00
David Cooper 6b7836d350 Fix sub_cipherlists()
This commit fixes a bug in sub_cipherlists() when using sockets to test whether a server supports a set of ciphers with SSLv2. Code that is supposed to extract the list of SSLv2 ciphers to test for is incorrectly reading from the list of non-SSLv2 ciphers.
2021-11-22 12:25:20 -05:00
Dirk Wetter 7e7458bff0
Merge pull request #2043 from dcooper16/shellcheck
Fix some Shellcheck issues
2021-11-16 17:28:14 +01:00
Dirk Wetter 92a0da1d75
Merge pull request #2042 from dcooper16/check_file_permissions
Check file permissions on ./testssl.sh
2021-11-16 17:25:38 +01:00
David Cooper 64d110f19d
Check file permissions on ./testssl.sh
This commit adds a check that ./testssl.sh has both read and execute permission. If ./testssl.sh is lacking execute permission, it will pass the tests in 00_testssl_help.t and 01_testssl_banner.t that run the program as `bash ./testssl.sh`, but will fail the subsequent tests that run the program as `./testssl.sh`, but the reason for the failure will not be clear.
2021-11-15 07:25:08 -05:00
David Cooper 80934c85e8 Fix some Shellcheck issues
This commit fixes a few issues found by Shellcheck.
2021-11-12 16:20:41 -05:00
Dirk Wetter 1b11575c28
Merge pull request #2040 from dcooper16/ossl31
Support OpenSSL 3.0.1-dev and 3.1.0-dev
2021-11-10 08:12:30 +01:00
Dirk Wetter 883d7bd237
Merge pull request #2039 from dcooper16/fix_debugme1_redirect
Fix calls to debugme1() with redirects
2021-11-10 08:09:22 +01:00
David Cooper f1df111a32 Fix calls to debugme1() with redirects
As noted in https://github.com/drwetter/testssl.sh/pull/1963#issuecomment-954935175, there are two places in which debugme1() is called in which the command to be run prints something to stdout, which is then redirected to a file. Now that debugme1() includes a redirect from stdout to stderr, these two lines do not work as expected. The output appears in the terminal and an empty file is created.

This commit fixes the issue by not using the debugme1() function in these two places.
2021-11-09 15:36:30 -05:00
David Cooper 095433774d Support OpenSSL 3.0.1-dev and 3.1.0-dev
This commit changes a few lines of code that checks OpenSSL version numbers to recognize 3.0.1 and 3.1.0 in addtion to 3.0.0.

According to https://www.openssl.org/blog/blog/2018/11/28/version, API/ABI compatibility is guaranteed for the same MAJOR version number (starting with version 3), so it should be sufficient to just check that $OSSL_VER_MAJOR is 3.
2021-11-08 08:04:34 -05:00