Commit Graph

2972 Commits

Author SHA1 Message Date
David Cooper 7037bd8e4b Handle server returning unsupported cipher
As reported in #782, some servers will return a ServerHello with a cipher not listed in the ClientHello rather than than return an Alert, if the server does not support any of the ciphers listed in the ClientHello.

This commit modifies `tls_sockets()` to check whether the cipher in the ServerHello was one included in the ClientHello and to fail if it wasn't.
2017-07-11 15:10:40 -04:00
Steven Danneman 8be69e9789 Add sockets implementation of mysql starttls
This is the simplest direct socket implementation of the MySQL STARTTLS
protocol.

This is a binary protocol, so it requires a new stream based send
(instead of the current line based send).
2017-07-11 11:11:44 -07:00
Steven Danneman a8ae90137d fd_socket now also modifies NW_STR
Assign to local variable sooner.
2017-07-11 11:05:24 -07:00
David Cooper 0bd8eca2a2 Merge branch '2.9dev' into hpkp_bugfix 2017-07-11 08:52:55 -04:00
Dirk deb7fd52a9 making some socket timeouts configurable through ENV, thus synching it with the documentation 2017-07-11 10:03:33 +02:00
David Cooper 05c8e1e595 Merge branch '2.9dev' into hpkp_bugfix 2017-07-10 08:49:30 -04:00
Dirk 637812a022 bali out if both flat and pretty JSON outout was specified 2017-07-10 10:57:48 +02:00
David Cooper 1f76c4d144 Merge branch '2.9dev' into hpkp_bugfix 2017-07-06 08:59:00 -04:00
Dirk bc0c1dc553 FIX #779 2017-07-06 13:02:27 +02:00
David Cooper 26ec80e764 run_hpkp() bug fix
In `run_hpkp()` there is a call to `$OPENSSL s_client` that uses `${sni[i]}` as one of the command line options, but `sni` is not defined. My guess is that this was a copy/paste error from `run_client_simulation()`, which is the only function where an `sni` array is defined.

I am guessing that the intention was to use `$SNI` in `run_hpkp()`.
2017-07-03 14:28:21 -04:00
Dirk Wetter 7aaadf731c Merge pull request #773 from sdann/postgres_cleanup
Postgres cleanup
2017-07-01 10:43:05 +02:00
Dirk Wetter 4cb48a1399 Merge branch '2.9dev' into postgres_cleanup 2017-07-01 10:25:28 +02:00
Dirk 02488884bb added experimental label for MySQL STARTTLS protocol 2017-07-01 10:11:34 +02:00
Dirk Wetter 152c5c225c Merge pull request #774 from sdann/mysql_starttls
Add mysql (openssl) starttls support
2017-07-01 10:05:05 +02:00
Steven Danneman 123db1d694 Add mysql (openssl) starttls support
openssl/master branch now supports mysql STARTTLS in s_client

This patch adds support to call and use that s_client support to run
most, but not all (pfs, client simulation) tests.

The socket implementation is stubbed, but not yet functional.
2017-06-30 16:12:03 -07:00
Steven Danneman 2a2e9ebc07 Rename variable as it is not a regex 2017-06-30 15:57:41 -07:00
Steven Danneman e4212f4fb3 Remove use of "postgress" with extra 's' for secure
Though it matches the pattern of the other protocol names in testssl, it
is not commonly used in practice.
2017-06-29 14:39:22 -07:00
Dirk 2d007e4c8b increased verbosity for some standard cipher lists 2017-06-29 17:58:58 +02:00
Dirk 62ce04adf0 remove redundant option "false" in --warnings 2017-06-28 20:28:23 +02:00
Dirk 9d699d1248 straighten server header markup 2017-06-22 13:39:37 +02:00
Dirk ff63700c6e add few more header flags, work on #765 2017-06-20 23:18:15 +02:00
Dirk 4cb435a549 added several insecurity headers 2017-06-20 11:31:22 +02:00
Dirk f53c3c1377 removed separate option for SPDY and HTTP/2 , addressing #767 2017-06-20 08:43:35 +02:00
Dirk 4c73afeef8 fix for nmap file parser (not properly assigned ip variable) 2017-06-14 09:24:20 +02:00
Dirk 7094c4436f also now honor different ports per host from nmap file.
testssl.sh is taking an educated guess which port makes sense to scan,
which one not and for which one to use which starttls handshake upfront.
This minimizes needless sscans and error messages.
2017-06-13 18:42:07 +02:00
Dirk 531b4453ef new function for guessing "port --> invoking" assignments 2017-06-13 15:19:28 +02:00
Dirk Wetter 18cbdcc272 Will Hunt 2017-06-13 08:41:32 +02:00
Dirk Wetter 0488ef1a5f Will Hunt 2017-06-13 08:40:31 +02:00
Dirk Wetter ff37bc3bef Create Readme.md 2017-06-13 00:29:44 +02:00
Dirk f7fdefcdc0 mass testing nmap grep(p)able prefers now hostname instead of ip address in nmap file
--serial is now a shortcut for --mode=serial
2017-06-12 22:56:36 +02:00
Dirk e0960c5379 --parallel is now shortcut for --mode=parallel 2017-06-12 19:07:58 +02:00
Dirk 241b6e4d2e parallel mass testing mode, Ticketbleed+client auth, parallel mode also for nmap
Parallel mass testing mode is now not anymore experimental. To
use it a separate flag ``--mode=parallel`` was introduced. Serial
is still the default for now to avoid unexpected conditions.
Both the mode arguement and the default is subject to change.

The parallel mass testing mode can now also make use of a
nmap file. Also the functional test for nmap file was put
into a separate function and made more user safe. Open point is
that we better should use the hostname if the forward DNS record matches.

Fixed logical inconsistency: Ticketbleed was not being tested against a server with client authentication

Some variables in the beginning reordered
2017-06-12 18:23:55 +02:00
Dirk 1b0ac5ffd6 first version of implicit parsing for nmap greppable files (-oG)
Currently for serial scanning only.
2017-06-12 17:09:52 +02:00
Dirk 30d3233cb4 Merge branch 'SAN_preferred' into 2.9dev 2017-06-09 13:48:28 +02:00
Dirk 69fa8ca378 several improvements
timeout: the TLS ticket check has a timeout, so that early on non-reachable hosts
are determined. If it is running into the timeout, it quits early. The
timeout is configurable via environment e.g. TIMEOUT=16 ./ticketbleed.bash <host>

Also other ports are allowed albeit it probably it is of limited use

Supplying no arg is now more user-friendly
2017-06-09 12:45:22 +02:00
Dirk 15219475e9 strip supplied port automatically 2017-06-09 11:27:59 +02:00
Dirk b69505223a added "gmap2testssl.sh": utility which converts grepable nmap output to testssl's file input 2017-06-09 11:22:11 +02:00
Dirk 53b6e2cfe8 changed PoC to a 3 rounder test (like testssl.sh) to increase reliability.
If different memory is returned each try it is for sure vulnerable. This
helps getting weird servers properly tested and weeds out false positives.
2017-06-07 18:16:18 +02:00
Dirk 5bb5c19e63 cleanup before addressing #592 2017-06-07 09:54:24 +02:00
Dirk Wetter 861b38bce5 Merge pull request #761 from dcooper16/SAN_preferred_update
SAN_preferred updates
2017-06-07 09:38:22 +02:00
David Cooper dd0fc73be0 SAN_preferred updates
This PR attempts to address the outstanding issues with respect to issue #733, mainly by addressing the rules for when a certificate is obtained without SNI.
2017-06-02 15:28:06 -04:00
Dirk a8ffa66cad output polishing for must staple 2017-06-01 18:15:44 +02:00
Dirk 63cb4ffc5e improved high level sections of DNS in determine_ip_addresses()
FIX #668

Polishing ``get_*_record()``

Simplfied ``main`` a bit
2017-06-01 18:08:13 +02:00
Dirk a90eb8c9be FIX #744 2017-06-01 16:24:45 +02:00
Dirk Wetter f3f29cd85c Merge pull request #760 from dcooper16/fix_757
Fix #757
2017-06-01 15:51:21 +02:00
Dirk e4f64463a4 FIX #758 2017-06-01 15:47:38 +02:00
David Cooper 5807b5e993 Fix #757
I believe I discovered the reason for issue #757: f2303a0d79.

This commit removed attempted to replace `$cbc_cipher_list_hex` (which was computed on the fly) with `$cbc_ciphers_hex` (which is static). However, the function was still using `$cbc_cipher_list_hex`, and since it wasn't being initialized to "" at the beginning of the function, the second call to `run_beast()` (to handle the second IP address) just appended to the value created by the first. Then, when the first two bytes were removed from the resulting string the result was a malformed cipher suite list, which caused `tls_sockets()` to fail.
2017-06-01 09:36:03 -04:00
Dirk a73a92b64d Merge branch 'SAN_preferred' of github.com:drwetter/testssl.sh into SAN_preferred 2017-06-01 15:20:36 +02:00
Dirk e035dabb13 Trying to address #733, not complete yet (see also #735).
Open issues: 1) The SNI logic 2) The fileout logic. 3) another section with ``trust_nosni -eq 4/8``

For 2): fileout is a general finding MEDIUM [1] which isn't in line now with the pr_*finding
in the section above anymore. It would make sense to punish HTTP services more than others.
Unfortunately he fileout statement cannot be moved below pr_svrty_medium/pr_svrty_high as
trustfinding_nosni hasn't been determined yet.

Fast solution would be probably to move the trustfinding_nosni section above the trustfinding
section.

Still 3) and a different trust over non-SNI makes it difficult -- e.g. Server has CN match only over
SNI but without SNI SAN matches. That's an edge case though which probably doesn't exist (like Bielefeld)

[1] That was WARN before. WARN should indicate a status of testssl that it cannot perform a check
2017-06-01 15:19:21 +02:00
Dirk 252cceb5dd Trying to address #735, not complete yet.
Open issues: 1) The SNI logic 2) The fileout logic. 3) another section with ``trust_nosni -eq 4/8``

For 2): fileout is a general finding MEDIUM [1] which isn't in line now with the pr_*finding
in the section above anymore. It would make sense to punish HTTP services more than others.
Unfortunately he fileout statement cannot be moved below pr_svrty_medium/pr_svrty_high as
trustfinding_nosni hasn't been determined yet.

Fast solution would be probably to move the trustfinding_nosni section above the trustfinding
section.

Still 3) and a different trust over non-SNI makes it difficult -- e.g. Server has CN match only over
SNI but without SNI SAN matches. That's an edge case though which probably doesn't exist (like Bielefeld)

[1] That was WARN before. WARN should indicate a status of testssl that it cannot perform a check
2017-06-01 14:52:19 +02:00