Commit Graph

3787 Commits

Author SHA1 Message Date
tosticated
45059ed769
Merge branch '3.1dev' into ssl_renego_mod 2020-10-20 19:40:58 +02:00
tosticated
3e2d1b943d Fixed whitespaces/tabs 2020-10-20 13:03:30 +02:00
Dirk Wetter
1049fe2330
Merge pull request #1749 from definity/3.1dev
Update man pages and CHANGELOG
2020-10-20 11:34:39 +02:00
j
a252eeb11d Updated changelog 2020-10-19 22:37:10 +02:00
j
e82d4e07ca Modified ssl renegotiation attempts to be variable, and default 6. 2020-10-19 22:12:59 +02:00
Chad Brigance
4d6dba79e6 Update man pages and CHANGELOG 2020-10-19 07:32:41 +00:00
Dirk Wetter
e51301d9ee
Merge pull request #1748 from definity/3.1dev
Added support for custom user agent
2020-10-17 17:04:49 +02:00
Chad Brigance
59c24e33b0 fixed missing <user agent> in help text 2020-10-16 19:29:54 +00:00
Chad Brigance
11b30b9335 Added support for custom user agent 2020-10-16 15:35:46 +00:00
Dirk Wetter
b873441238
Merge pull request #1746 from horazont/feature/xmpp-sni
Force SNI to be the --xmpphost if passed
2020-10-16 09:34:45 +02:00
Jonas Schäfer
769837bdaf Force SNI to be the --xmpphost if passed
XMPP can be used with SNI in two contexts:

- Standard RFC 6120 STARTTLS-based connections; in that case, SNI
  is most likely to be ignored, as XMPP uses another way to signal
  the target domain name (via the @to attribute on the stream
  header, which is already set correctly by testssl.sh). However,
  setting SNI to a different value than the @to attribute may
  lead to confusion.

- XEP-0368 (XMPP-over-TLS) connections which omit the STARTTLS
  phase and go right for TLS (and inside that, XMPP). In that case,
  SNI is obviously required to be correct. XEP-0368 specifies that
  the SNI name MUST be the domain name of the service (not
  necessarily the host name of the endpoint, thanks to SRV
  records).

Hence, this patch forces the SNI name to be the --xmpphost value,
if --xmpphost is given. Note that it blatantly ignores whether
XMPP is used otherwise.
2020-10-15 21:54:38 +02:00
Dirk Wetter
b4c9437e95
Merge pull request #1741 from drwetter/intermediate_cert_improvements
Intermediate cert improvements
2020-10-03 10:21:31 +02:00
Dirk
4ca4e075a2 Use test::diff so that errors are spotted better 2020-10-02 13:07:13 +02:00
Dirk
c3f8207d93 Fix Travis + mv issuer line down
Travis failure was due to debug output in function which return a string.
The debug statement was removed, (stderr would have been choice \#2).

Issuer is heading now the intermediate certificate section, not
sure whethe this is redundant info.
2020-10-02 13:00:21 +02:00
Dirk
d5a64ff4b6 Further improvements to intermediate certs
* reorder sequence of checks in certificate info so that the chain relevant points are closer
  together
* determine_cert_fingerprint_serial() doesn't need fil input anymore, thus removed that part
* cert_validityPeriod in JSON/CSV may lead to misunderstandings, thus renamed to cert_extlifeSpan
* reorganized loop for the intermediate certificate checks, so that also i is used and not the variable
  which defines the number of certificates, i.e. certificates_provided. In addition made the counting
  more hiuma friendly, which starts now at 1 instead of 0
2020-10-02 08:43:17 +02:00
Dirk
a7bcf9ec7f Further improvements to certificate_info()
* add cn and issuer_CN to the output both on screen and file
* the severity rating for intermediates are just a shot (20/40 days) and
  deserve a second thought
* replace the expiry check by one test statement and make grep futile
* replace at some places "$openssl x509 -in $filename"  by  "$openssl x509 <<< $var"
* the thing with 25*60*60 was fie readability. When it's used >20 times it maybe is not
  (and maybe costs to much time) --> replaced by $secsaday
* adjusted the loop for bad ocsp check for readability
2020-10-01 17:49:14 +02:00
Dirk
67afa6c372 MOre points added to complete intermediate cert section
* UI feed back for expiration date of intermediates: 20 days: HIGH, 40 days: MEDIUM
* also in JSON/CSV
* list the end date of validity
* works for >1 intermediates too
* section moved to the end of certificate_info()
* renamed  <cert#${certificate_number}> --> <hostCert#${certificate_number}> to avoid coinfusion with intermediate certs
* removed blanks in return values of determine_dates_certificate
2020-10-01 00:13:31 +02:00
Dirk
5eee67291e Outsourcing of certificate date properties determination
determine_dates_certificate() is now determining the important dates
of a certificate passed via argument. It works of course for host and
any other certificates.
   Returning multiple parameters is being done via CSV and passed to a
read statement which seemed the best choice for bash.

ToDo:

* $expok is not set properly for intermediate certificates
* check if expired at least in the UI (JSON+CSV: echo the dates so far)
* for multiple host certificates the naming scheme (jsonID + intermediate
certnumnber kind of sucks:

          "id"           : "intermediate_cert_fingerprintSHA256 <cert#1> 1",
	  "id"           : "intermediate_cert_notAfter <cert#2> 1",

The whole thing is kind of hackish as the code has been historically grown.
At some certian point we may want to reconsider how we determine properties of
certificates in certificate_info()
2020-09-30 15:44:23 +02:00
Dirk
b625df87c1 Move determination of fingerprint and serial to determine_cert_fingerprint_serial()
.. so that it can be used for other certificates than the host certificate
2020-09-28 20:38:37 +02:00
Dirk
9094665768 Start for improving handling of intermediate certs
See #1683, #1653,  #1004, #1264

* separate code for bad ocsp a bit
* output intermediate cert in json/csv
* replace sed statements from cert_fingerprint* and -serial by bash funcs
2020-09-28 20:17:11 +02:00
Dirk Wetter
3d07f55f56
Merge pull request #1731 from drwetter/winshock_cipher_improvements
Further robustness checks for winshock (#1719)
2020-09-22 17:35:31 +02:00
Dirk
3d22115d92 Fix travis
and remove some not needed quotes in RHS at double square brackets
2020-09-22 16:40:59 +02:00
Dirk
721d046a7f Add the $EXPERIMENTAL part to winshock
... when checking other services as HTTP or RDP
2020-09-22 15:24:41 +02:00
Dirk
7d8cf71a94 Further robustness check to winshock (#1719)
This commit adds

* a check for the elliptical curves
* and a check for TLS extensions

which will again reduces false positives.

Background:
* https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Supported_elliptic_curves
* https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Extensions

Also:

* Docu phrased more precise (we're not checking ciphers and
  HTTP Server banner only
* As a last resort we also take 'Microsoft-HTTPAPI/2.0' as a server header on the HTTPS branch
  and query the HTTP branch for Microsoft-IIS/8.x.
* $EXPERIMENTAL overrides some banner and service related checks. So that e.g. SMTP servers can also
  be checked. Last but bot least ist's a vulnerability of the TLS stack.

For better debugging we'll keep the TLS extensions and offered curves in a file.
Also it adds a debug1() function which may be needed on other occasions.

Also the output is better coded as we put "check patches locally to confirm"
into a variable.

There's still room for improvement:

* More extensions (see https://raw.githubusercontent.com/cisco/joy/master/doc/using-joy-fingerprinting-00.pdf)
* We could need a separate determine_curves() function, see #1730 as otherwise
  we can't use the curves in a non-default run.
2020-09-22 13:04:18 +02:00
Dirk Wetter
8d4042c6b6
Merge pull request #1726 from drwetter/fix_1725_SCIR
Fix Secure Client-Initiated Renegotiation false positive (3.1dev)
2020-09-16 20:13:10 +02:00
Dirk
ade010d4e7 Fix Secure Client-Initiated Renegotiation false positive
Server side closed the connection but openssl retrieved
a zero exit code. In addition now we look for "closed"
and if that was returned from the server we label it
as not vulnerable.

This fixes #1725
2020-09-16 18:06:21 +02:00
Dirk Wetter
d4a3a67f70
Merge pull request #1723 from drwetter/winshock_cipher_improvements
Add two ECDHE_RSA GCM ciphersuites to prevent FPs for winshock
2020-09-14 20:59:17 +02:00
Dirk
53bef583c6 add GCM in cipher description (debug info) 2020-09-14 19:33:07 +02:00
Dirk
772420cb42 Add two ECDHE_RSA GCM ciphersuites to prevent FPs for winshock
... they appeared later in SChannel, see

https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel
https://notsomany.com/2016/08/26/achieve-a-on-sslabs-iis-8-5-windows-2012-r2/

On famous false positive I discovered by accident was nvd.nist.gov (sigh).
2020-09-14 19:26:18 +02:00
Vitalii Tverdokhlib
6fe8764f8d
upd alpine to 3.12
because error with libuv required for other packages. For example: 
Error relocating /usr/bin/node: uv_fs_lutime
2020-09-12 18:04:33 +03:00
Dirk Wetter
e62a9b8446
Merge pull request #1721 from drwetter/run_ws_default_fix
Winshock should now run also per default
2020-09-09 15:30:05 +02:00
Dirk Wetter
2bdcdd5371 Winshock should now run also per default 2020-09-09 15:29:12 +02:00
Dirk Wetter
4a120d9a45
Merge pull request #1720 from drwetter/winshock_fingerprint_improvements
Remove false positive for winshock bc of wrong protocol
2020-09-09 13:22:07 +02:00
Dirk Wetter
023005f011 remove false positive for winshock bc of wrong protocol
Also a cipher exclusion list was added, see #1719
2020-09-09 12:15:23 +02:00
Dirk Wetter
edf669711f
Merge pull request #1718 from drwetter/winshock
New feature: winshock
2020-09-08 22:11:36 +02:00
Dirk Wetter
0e54075a6a Reverse double dash option for vulnerabilities (cmd line) 2020-09-08 22:09:57 +02:00
Dirk Wetter
1f8e65104c Add winshock to documentation 2020-09-08 22:08:05 +02:00
Dirk Wetter
794bbe30af
Merge pull request #1710 from tosticated/3.1dev
Added check for certificate validity longer than 398 days
2020-09-08 15:37:07 +02:00
tosticated
ad8a52ec4f Updated changelog and credits 2020-09-08 15:34:30 +02:00
Dirk Wetter
fe7b51a3e2 remove hint in winshock 2020-09-08 13:42:50 +02:00
Dirk Wetter
a1a0605082 add winshock 2020-09-08 13:42:33 +02:00
Dirk Wetter
a511da4ce8 New feature: winshock
This commit implements a detection of Winshock from 2014 (aka MS14-066, CVE-2014-6321).

It does that by analyzing
* the ciphers supported -- MS' rollup patch introduced new GCM ciphers
* AND grabbing the server banner which should match IIS 8.0 oder IIS 8.5

Admittedly this is not a strong detection. But it worked in the cases I tested
(no RDP  yet). The other known method remotely testing for it against IIS is
using a patched openssl binary (see https://github.com/drwetter/testssl.sh/issues/331#issuecomment-211534954)
-- the diff "jules" (hi) provided a while back. That seems to stem from securitysift
albeit his decription was not complete and he didn't provide a PoC (I've
seen also polarssl +  a little bit of python here: https://vimeo.com/112089813

The catch is securitysift's method, is not as trivial to implement and it dosses the
sass.exe process, see: http://www.securitysift.com/exploiting-ms14-066-cve-2014-6321-aka-winshock/.

* Todo: man page

This commit also removes -BB from the help. We haven't settled yet finally
where we go with short options for the cmd line for vulnerabilities. One
is for sure though: Using one letter uppercase doesn't scale. As winshock
can be executed with --WS and --winshock --BB brings that in line. For now
also -BB works (as -WS) but it isn't advertised anymore.
2020-09-08 12:37:50 +02:00
Dirk Wetter
b6bab1e1b5
Merge pull request #1715 from drwetter/not_run_allciphers_et_al
Modify default for full 9 yrds run
2020-09-07 21:17:01 +02:00
Dirk Wetter
e5d0b3eeac Modify default for full 9 yrds run
We don't need to execute run_cipher_per_proto() in addition here
2020-09-07 09:54:34 +02:00
Dirk Wetter
eafeb904f4 Fix emptying of SERVICE variable in determine_service()
SERVICE global was previously set to $protocol which was
meant to set this for STARTTLS services. However it
was executes outside the corresponding if-statement.

This commit moves the statement where it belongs.
2020-09-03 14:22:53 +02:00
Dirk Wetter
35b79f65ee Add documentation for STARTTLS injection's cmd line flag
and also the modified one for ROBOT
2020-09-02 18:23:11 +02:00
Dirk Wetter
4a167f6ac5 Add openssl 1.1.1g into alpine docker image for STARTTLS injection 2020-09-02 17:44:11 +02:00
Dirk Wetter
3e6b1b971a Make Travis work again (STARTTLS injection)
For not vulnerable hosts the low level starttls_* functions
returned an error when the STARTTLS injection was tested which
confused Travis/CI ( "Oops: STARTTLS handshake failed (code: 2)" )
2020-09-02 17:35:42 +02:00
Dirk Wetter
1912230173 Show that we need socat for this check
but still do a soft fail here, also no warning, as we do not expect
to have everybody have socat installed
2020-08-31 18:29:59 +02:00
Dirk Wetter
7f4cf42ff4 Works now also for POP3 / IMAP
* Ensured the random char generation worked under every OS supported
* Got POP3 and IMAP working
* always define SERVICE so that we can us it also for SMTP starttls injection
* fixed error in starttls_smtp_dialog where arg1 was taken as payload instead of arg2
* squashed error msg when killed socat or openssl process to avoid mess on screen
  when processes already terminated
(* removed some redundant quotes at RHS if [[]] expressions)

todo:
* more tests for positives
* are tests for negatives sufficent? ("prove" is happy except one issue which
  is probably not related but still need to understand)
  For the record: t/25_baseline_starttls.t line 50 and 67:
   "Oops: STARTTLS handshake failed (code: 2)"
2020-08-31 17:14:56 +02:00