Commit Graph

44 Commits

Author SHA1 Message Date
Dirk 69fa8ca378 several improvements
timeout: the TLS ticket check has a timeout, so that early on non-reachable hosts
are determined. If it is running into the timeout, it quits early. The
timeout is configurable via environment e.g. TIMEOUT=16 ./ticketbleed.bash <host>

Also other ports are allowed albeit it probably it is of limited use

Supplying no arg is now more user-friendly
2017-06-09 12:45:22 +02:00
Dirk 15219475e9 strip supplied port automatically 2017-06-09 11:27:59 +02:00
Dirk b69505223a added "gmap2testssl.sh": utility which converts grepable nmap output to testssl's file input 2017-06-09 11:22:11 +02:00
Dirk 53b6e2cfe8 changed PoC to a 3 rounder test (like testssl.sh) to increase reliability.
If different memory is returned each try it is for sure vulnerable. This
helps getting weird servers properly tested and weeds out false positives.
2017-06-07 18:16:18 +02:00
Dirk 91b9236055 PoC for unit test in bash 2017-05-31 10:30:02 +02:00
Dirk 59a175cba3 changed to Linux 2017-05-15 20:53:09 +02:00
Dirk 2aa68827b9 don't do double work, reordering stuff 2017-05-12 17:58:20 +02:00
Dirk f70bc4e08f better platform support, revert to pure /bin/sh, better verbosity... 2017-05-12 17:21:45 +02:00
Dirk ebd9e6ae65 manually merged #728 (see #423), credits also to @seccubus. Unfortunately the unit tests don't make so much sense atm 2017-05-08 23:51:37 +02:00
Dirk f8e1ad0b7f add missing # 2017-04-22 15:19:39 +02:00
Dirk 7de5e0113b check in 2017-04-21 11:29:20 +02:00
Dirk ac5b9a8a78 minor polishing, correct handshake length 2017-04-18 23:06:12 +02:00
Dirk dd9b3919fc PoC uploaded 2017-04-16 20:38:47 +02:00
David Cooper e18f5821d2 Merge branch '2.9dev' into rename_ephemeral_DH_ciphers 2017-02-03 13:42:04 -05:00
Dirk cb1d133528 preparing for lucky13 2017-02-03 17:40:35 +01:00
David Cooper c09a77006e Rename cipher lists for run_logjam()
This PR renames the cipher lists for `run_logjam()` in generate_static_cipher_lists.sh to align with their names in testssl.sh, as requested in #590.

I think these names are still open for misinterpretation, however, since its not clear whether "dh_cipher" refers to ciphers that use static DH keys, ephemeral DH keys, or both.
2017-01-24 10:49:59 -05:00
David Cooper dcd37729f4 Generate list of all DHE ciphers
This PR adds a function that generates a list of all DHE ciphers for `run_logjam()`.
2017-01-18 15:16:13 -05:00
David Cooper 0bc2b1c4bb Create static cipher lists for testssl.sh
This PR adds a new utility that generates the various static cipher lists that appear in testssl.sh.

This utility serves two purposes:
* It can be run whenever new ciphers are added to cipher-mapping.txt to see if any of the lists in testssl.sh need to be updated. (This includes if cipher-mapping.txt is modified to add OpenSSL-style names for ciphers that are currently listed, but that have not yet been assigned such names.)
* It can be used as a reference in order to understand how each of the lists is defined.
2017-01-12 13:17:04 -05:00
Dirk 1613bb214e Merge branch 'master' into CA_pinning
Conflicts:
	testssl.sh
2016-10-27 21:59:10 +02:00
Frank Breedijk 5d7367a68d Shell script to generate ca_hashes.txt (OSX only) 2016-07-25 09:47:24 +02:00
Dirk Wetter 018468a670 more user friendly... 2016-07-09 14:24:38 +02:00
Dirk eb58598ca5 make it public, see #122 2016-07-08 11:40:17 +02:00
Dirk 6eedd5747f wrong language fix ;-) 2016-06-23 11:13:11 +02:00
Dirk 6efc3e90f5 includes IPv6 check and is ready for other uname's 2016-06-23 11:04:58 +02:00
Dirk 7b0fabdbc4 - making the read buffer for server hello bigger+variable 2016-03-08 10:38:21 +01:00
Frank Breedijk ab47f8ada9 Added client simulations based on @ivanr s list on ssllabs 2016-01-13 10:21:01 +01:00
Dirk 8d65c67d50 - cleanup bin mess ;-), part 1 2015-09-03 12:39:03 +02:00
Dirk Wetter fef9afe288 * protocol checks work now!
* generic jabber support now!
* jabber domain support
2015-07-06 22:04:07 +02:00
Dirk Wetter d1442d8ca9 don't need it 2015-07-06 22:03:41 +02:00
Dirk 1186bf4229 - try to interpret server protocol (SMTP, FTP,...) handshake 2015-07-01 19:50:38 +02:00
Dirk 39a0da31e5 - echo host:port 2015-07-01 19:48:33 +02:00
Dirk d44cff9a81 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-07-01 18:51:18 +02:00
Dirk Wetter c2f8e23441 Rename ccs-injection.sh to ccs-injection.bash 2015-07-01 18:50:45 +02:00
Dirk 21119d6d01 works also for nntp,ftp,imap,pop,xmpp +starttls now 2015-07-01 13:01:16 +02:00
Dirk 83dc3f707f - works now also for SMTP+STARTTLS 2015-07-01 10:16:01 +02:00
Dirk Wetter bfdc95f3dc Rename bash-heartbleed.changelog.txt to heartbleed.bash.changelog.txt 2015-07-01 10:12:03 +02:00
Dirk Wetter 4363229a01 Rename bash-heartbleed.sh to heartbleed.bash 2015-07-01 10:11:20 +02:00
Dirk bbec58bb02 Merge branch 'master' of github.com:drwetter/testssl.sh
Conflicts:
	openssl-bins/openssl-1.0.2-chacha.pm/openssl32-1.0.2pm-krb5.chacha+poly.asc
	openssl-bins/openssl-1.0.2-chacha.pm/openssl64-1.0.2pm-krb5.chacha+poly.asc
2015-02-05 09:54:24 +01:00
Dirk 44d8f67998 SNI is not anymore 2do (removed misleading comment) 2015-01-12 23:28:38 +01:00
Dirk 84204a80a3 debugging more fine grained 2015-01-12 23:15:26 +01:00
Dirk ac6a67a299 now with SNI! 2015-01-12 22:56:15 +01:00
Dirk f0747dd2fc now checker fo SSLv3 to TLSV1.2
(SNI missing for now)
2015-01-10 22:08:11 +01:00
Dirk 446f7bf152 working prototype for SSLv2 client hello + parsing server hello in bash 2015-01-07 23:57:16 +01:00
Dirk 5044412f39 - moved utils to separate dir 2015-01-07 23:29:05 +01:00