Dirk
69fa8ca378
several improvements
...
timeout: the TLS ticket check has a timeout, so that early on non-reachable hosts
are determined. If it is running into the timeout, it quits early. The
timeout is configurable via environment e.g. TIMEOUT=16 ./ticketbleed.bash <host>
Also other ports are allowed albeit it probably it is of limited use
Supplying no arg is now more user-friendly
2017-06-09 12:45:22 +02:00
Dirk
15219475e9
strip supplied port automatically
2017-06-09 11:27:59 +02:00
Dirk
b69505223a
added "gmap2testssl.sh": utility which converts grepable nmap output to testssl's file input
2017-06-09 11:22:11 +02:00
Dirk
53b6e2cfe8
changed PoC to a 3 rounder test (like testssl.sh) to increase reliability.
...
If different memory is returned each try it is for sure vulnerable. This
helps getting weird servers properly tested and weeds out false positives.
2017-06-07 18:16:18 +02:00
Dirk
91b9236055
PoC for unit test in bash
2017-05-31 10:30:02 +02:00
Dirk
59a175cba3
changed to Linux
2017-05-15 20:53:09 +02:00
Dirk
2aa68827b9
don't do double work, reordering stuff
2017-05-12 17:58:20 +02:00
Dirk
f70bc4e08f
better platform support, revert to pure /bin/sh, better verbosity...
2017-05-12 17:21:45 +02:00
Dirk
ebd9e6ae65
manually merged #728 (see #423 ), credits also to @seccubus. Unfortunately the unit tests don't make so much sense atm
2017-05-08 23:51:37 +02:00
Dirk
f8e1ad0b7f
add missing #
2017-04-22 15:19:39 +02:00
Dirk
7de5e0113b
check in
2017-04-21 11:29:20 +02:00
Dirk
ac5b9a8a78
minor polishing, correct handshake length
2017-04-18 23:06:12 +02:00
Dirk
dd9b3919fc
PoC uploaded
2017-04-16 20:38:47 +02:00
David Cooper
e18f5821d2
Merge branch '2.9dev' into rename_ephemeral_DH_ciphers
2017-02-03 13:42:04 -05:00
Dirk
cb1d133528
preparing for lucky13
2017-02-03 17:40:35 +01:00
David Cooper
c09a77006e
Rename cipher lists for run_logjam()
...
This PR renames the cipher lists for `run_logjam()` in generate_static_cipher_lists.sh to align with their names in testssl.sh, as requested in #590 .
I think these names are still open for misinterpretation, however, since its not clear whether "dh_cipher" refers to ciphers that use static DH keys, ephemeral DH keys, or both.
2017-01-24 10:49:59 -05:00
David Cooper
dcd37729f4
Generate list of all DHE ciphers
...
This PR adds a function that generates a list of all DHE ciphers for `run_logjam()`.
2017-01-18 15:16:13 -05:00
David Cooper
0bc2b1c4bb
Create static cipher lists for testssl.sh
...
This PR adds a new utility that generates the various static cipher lists that appear in testssl.sh.
This utility serves two purposes:
* It can be run whenever new ciphers are added to cipher-mapping.txt to see if any of the lists in testssl.sh need to be updated. (This includes if cipher-mapping.txt is modified to add OpenSSL-style names for ciphers that are currently listed, but that have not yet been assigned such names.)
* It can be used as a reference in order to understand how each of the lists is defined.
2017-01-12 13:17:04 -05:00
Dirk
1613bb214e
Merge branch 'master' into CA_pinning
...
Conflicts:
testssl.sh
2016-10-27 21:59:10 +02:00
Frank Breedijk
5d7367a68d
Shell script to generate ca_hashes.txt (OSX only)
2016-07-25 09:47:24 +02:00
Dirk Wetter
018468a670
more user friendly...
2016-07-09 14:24:38 +02:00
Dirk
eb58598ca5
make it public, see #122
2016-07-08 11:40:17 +02:00
Dirk
6eedd5747f
wrong language fix ;-)
2016-06-23 11:13:11 +02:00
Dirk
6efc3e90f5
includes IPv6 check and is ready for other uname's
2016-06-23 11:04:58 +02:00
Dirk
7b0fabdbc4
- making the read buffer for server hello bigger+variable
2016-03-08 10:38:21 +01:00
Frank Breedijk
ab47f8ada9
Added client simulations based on @ivanr s list on ssllabs
2016-01-13 10:21:01 +01:00
Dirk
8d65c67d50
- cleanup bin mess ;-), part 1
2015-09-03 12:39:03 +02:00
Dirk Wetter
fef9afe288
* protocol checks work now!
...
* generic jabber support now!
* jabber domain support
2015-07-06 22:04:07 +02:00
Dirk Wetter
d1442d8ca9
don't need it
2015-07-06 22:03:41 +02:00
Dirk
1186bf4229
- try to interpret server protocol (SMTP, FTP,...) handshake
2015-07-01 19:50:38 +02:00
Dirk
39a0da31e5
- echo host:port
2015-07-01 19:48:33 +02:00
Dirk
d44cff9a81
Merge branch 'master' of github.com:drwetter/testssl.sh
2015-07-01 18:51:18 +02:00
Dirk Wetter
c2f8e23441
Rename ccs-injection.sh to ccs-injection.bash
2015-07-01 18:50:45 +02:00
Dirk
21119d6d01
works also for nntp,ftp,imap,pop,xmpp +starttls now
2015-07-01 13:01:16 +02:00
Dirk
83dc3f707f
- works now also for SMTP+STARTTLS
2015-07-01 10:16:01 +02:00
Dirk Wetter
bfdc95f3dc
Rename bash-heartbleed.changelog.txt to heartbleed.bash.changelog.txt
2015-07-01 10:12:03 +02:00
Dirk Wetter
4363229a01
Rename bash-heartbleed.sh to heartbleed.bash
2015-07-01 10:11:20 +02:00
Dirk
bbec58bb02
Merge branch 'master' of github.com:drwetter/testssl.sh
...
Conflicts:
openssl-bins/openssl-1.0.2-chacha.pm/openssl32-1.0.2pm-krb5.chacha+poly.asc
openssl-bins/openssl-1.0.2-chacha.pm/openssl64-1.0.2pm-krb5.chacha+poly.asc
2015-02-05 09:54:24 +01:00
Dirk
44d8f67998
SNI is not anymore 2do (removed misleading comment)
2015-01-12 23:28:38 +01:00
Dirk
84204a80a3
debugging more fine grained
2015-01-12 23:15:26 +01:00
Dirk
ac6a67a299
now with SNI!
2015-01-12 22:56:15 +01:00
Dirk
f0747dd2fc
now checker fo SSLv3 to TLSV1.2
...
(SNI missing for now)
2015-01-10 22:08:11 +01:00
Dirk
446f7bf152
working prototype for SSLv2 client hello + parsing server hello in bash
2015-01-07 23:57:16 +01:00
Dirk
5044412f39
- moved utils to separate dir
2015-01-07 23:29:05 +01:00