Git
/
testssl.sh
mirror of https://github.com/drwetter/testssl.sh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,592 Commits 14 Branches 30 Tags 204 MiB
Commit Graph

1592 Commits

Author SHA1 Message Date
Dirk Wetter dedb95b122 Update Readme.md 2015-01-26 12:37:00 +01:00
Dirk d35e2f95b8 fix for wrong # of HttpOnly cookie 2015-01-23 15:09:35 +01:00
Dirk 84caf9ffd1 fix for double line and double application banner 2015-01-23 12:17:27 +01:00
Dirk f3eb84c078 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-01-23 12:02:12 +01:00
Dirk baadfd0492 BREACH is not labeled as experimental anymore as it works reliably 
- so is heartbleed
 - FIX: shopt is removed in rc4 as most of the bash shells segfault here (bug!)
 - not tested anymore for HTTP within starttls, instead displaying here a line
 2015-01-23 12:01:32 +01:00
Dirk 6c6511ddb2 - VERBOSE -eq 1 is now DEBUG -eq 2 (VERBOSE completely removed) 
- DEBUG has now four modes 1: just keep files 2: VERBOSE -eq 1 3: head hexdumps and other stuff, 4: full debugging
- env and internal stuff $TEMPDIR
 2015-01-21 12:53:00 +01:00
Dirk Wetter d825bd85f7 Update Readme.md 2015-01-20 22:13:15 +01:00
Dirk 82764845f2 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-01-20 22:10:22 +01:00
Dirk d5924eedc4 - BEAST finally works 
- handling of spaces in output
- different ciphers
- FIX: setopt also for RC4 (proper handling of ret value)
 2015-01-20 21:59:21 +01:00
Dirk 28330dc6fc first prototype BEAST | FIX: maketempf in initialize_engine | FIX: exit statements in main w/ more meaning/shorter 2015-01-20 21:51:49 +01:00
Dirk Wetter 1032c3756a Update Readme.md 2015-01-16 17:18:38 +01:00
Dirk Wetter b0c6062cb7 Update Readme.md 2015-01-16 17:16:22 +01:00
Dirk 5853202efd fine tuning on banner 2015-01-15 20:29:46 +01:00
Dirk 4c6f0d9a50 - FIX: grep -a if we hit binary content with http_header (also if otherwise specified) 
- NEW: can specify URL (used for header matters and breach)
- FIX: better handling of >1 cookies
 2015-01-14 12:23:53 +01:00
Dirk 3d81a7b5ec * NEW: cookie flags (experimental) [URL is missing] 
* FIX: 30x handling for http_header (hint for final URL if stalled)
* FIX: proper display of app-banners if >1
 2015-01-14 09:48:44 +01:00
Dirk 44d8f67998 SNI is not anymore 2do (removed misleading comment) 2015-01-12 23:28:38 +01:00
Dirk 84204a80a3 debugging more fine grained 2015-01-12 23:15:26 +01:00
Dirk ac6a67a299 now with SNI! 2015-01-12 22:56:15 +01:00
Dirk f0747dd2fc now checker fo SSLv3 to TLSV1.2 
(SNI missing for now)
 2015-01-10 22:08:11 +01:00
Dirk cedeff2b42 typo in tempdir led to missing gost cipher 2015-01-08 14:16:22 +01:00
Dirk 446f7bf152 working prototype for SSLv2 client hello + parsing server hello in bash 2015-01-07 23:57:16 +01:00
Dirk 62f20a6cd2 Merge branch 'master' of https://github.com/drwetter/testssl.sh 2015-01-07 23:30:24 +01:00
Dirk 5044412f39 - moved utils to separate dir 2015-01-07 23:29:05 +01:00
Dirk decade9986 safer batch processing if port isn't available 2015-01-07 23:16:45 +01:00
Dirk aa546b520e Merge remote-tracking branch 'origin/revert-48-master' 2015-01-07 23:09:57 +01:00
Dirk 8a3e0267ba safer bacth processing if port isn't available 2015-01-06 16:25:19 +01:00
Dirk Wetter 2556377398 Revert "Change question logic on non-SSL port" 2015-01-06 16:10:21 +01:00
Dirk Wetter e816e4877a Merge pull request #48 from lwindolf/master 
Change question logic on non-SSL port
 2015-01-06 16:01:07 +01:00
Lars Windolf d1ab23c146 Change question logic on non-SSL port 
Idea is to bail out per default (with WARNINGS=off) this makes batch processing possible
as often testssl.sh hangs for minutes or endless on non-SSL ports.
 2015-01-03 11:41:35 +01:00
Dirk eae1b2810f - check for CN wrt SNI / no SNI 
- fix different responses for CACert
 2014-12-23 09:59:03 +01:00
Dirk 4aa674d138 - Negotiated cipher per proto 
- nr_ciphers of used openssl version in banner
- spdy_pre check
- -testversion_new --> -testversion
 2014-12-21 23:22:50 +01:00
Dirk a570d907e9 - Cipher order check! (also for starttls) 
- includes a remark 4 default_cipher (limited sense as client will pick)
- selfsigned certs: error!
- number of local ciphers in check with allciphers
 2014-12-21 00:47:23 +01:00
Dirk 04b6795f94 Merge branch 'master' of github.com:drwetter/testssl.sh 2014-12-19 17:06:37 +01:00
Dirk 21493fb788 - tempfile handling: every function leaves one, if DEBUG is set 
- FIX*2: OPENSSL_CONF/GOST_CONF
 2014-12-19 17:02:26 +01:00
Dirk Wetter 9e53070598 Update Readme.md 2014-12-19 15:52:05 +01:00
Dirk Wetter c2ef5d1da8 Update Readme.md 2014-12-19 15:51:32 +01:00
Dirk 8635012cf5 - subjectAltName 2014-12-19 07:12:20 +01:00
Dirk 521a7160a9 - NEW: certificate info, details: 
- NEW: CN, SAN
- NEW: OCSP URI
- NEW: CRL distr point
- NEW: Issuer
- NEW: expiration
- NEW: signature algo
- renamed cmdline --simple_preference to --server_defaults
- now we have a TEMPDIR where all files are written toA
- function or handling/removing TMPFILE
 2014-12-18 09:33:24 +01:00
Dirk Wetter 5d66eeef05 Update Readme.md 2014-12-09 14:25:38 +01:00
Dirk b40c0b7178 - RELEASE: final 2.2 
- change of cmd line order for STARTTLS
- help more clear
 2014-12-08 10:32:51 +01:00
Dirk b3efb3c4b0 - BUGFIX: potential stalling in HTTP Header query 
- BUGFIX: HTTP specific vuln. won't be checked if service is not http (we still
check crime and also spdy => gmail has spdy for pop and imap)
- Feature: service detection: HTTP, IMAP, POP, SMTP
- alignment in rDNS output corrected
- minor cleanup / improvements
 2014-11-30 01:30:20 +01:00
Dirk 27f06f8d50 - BUGFIX: BSD now has proper heartbleed and ccs injection detection 
- significant code improvement of hex-byte parser <-> socket sender
- BUGFIX: BSD now doesn't put an extra \n if rfc map file is missing
- bumped to 2.1rc3, hoping that'll be the last
 2014-11-27 21:33:33 +01:00
Dirk c034cd8a95 - for colors: double square brackets (might save a fork to "[ or "test" 
- in terms of debugging cleaned up listciphers/std_cipherlists
- in other terms too
 2014-11-25 13:12:24 +01:00
Dirk Wetter 5228986b25 Update Readme.md 2014-11-24 16:43:11 +01:00
Dirk Wetter b242876597 Merge pull request #37 from yurivict/master 
Fixed errors when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options
 2014-11-24 15:16:42 +01:00
Yuri 19f936bece Fixed the problem when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options. 2014-11-22 12:15:47 -08:00
Dirk Wetter 7cf2030c20 Merge pull request #36 from PeterMosmans/bugfix 
Fixed minor redirection typo for 'which' command
 2014-11-22 18:31:09 +01:00
Peter Mosmans c3ab016164 Fixed minor redirection typo for 'which' command 2014-11-22 12:57:36 +10:00
Dirk 4c3cc0df8e - increase first read buffer -- otherwise it's how up at hb reply and lead to false positives 2014-11-20 18:55:51 +01:00
Dirk d4265742b1 color codes for protocols and default ciphers reflect better a rating 
- fix: heartbleed function needed a $TMPFILE for determining the TLS protocol
 - version bumped to 2.1rc2
 2014-11-20 10:46:55 +01:00