Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-09 10:10:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
289 Commits 15 Branches 30 Tags 212 MiB
7e1ffa2fb5
Commit Graph

289 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
31b31623a5 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-01-23 12:02:12 +01:00
Dirk
bf920ca37a BREACH is not labeled as experimental anymore as it works reliably 
- so is heartbleed
 - FIX: shopt is removed in rc4 as most of the bash shells segfault here (bug!)
 - not tested anymore for HTTP within starttls, instead displaying here a line
 2015-01-23 12:01:32 +01:00
Dirk
fccc24e232 - VERBOSE -eq 1 is now DEBUG -eq 2 (VERBOSE completely removed) 
- DEBUG has now four modes 1: just keep files 2: VERBOSE -eq 1 3: head hexdumps and other stuff, 4: full debugging
- env and internal stuff $TEMPDIR
 2015-01-21 12:53:00 +01:00
Dirk Wetter
a07fd55bb1 Update Readme.md 2015-01-20 22:13:15 +01:00
Dirk
d9075f198a Merge branch 'master' of github.com:drwetter/testssl.sh 2015-01-20 22:10:22 +01:00
Dirk
f0bd69ca40 - BEAST finally works 
- handling of spaces in output
- different ciphers
- FIX: setopt also for RC4 (proper handling of ret value)
 2015-01-20 21:59:21 +01:00
Dirk
10ea361b9c first prototype BEAST | FIX: maketempf in initialize_engine | FIX: exit statements in main w/ more meaning/shorter 2015-01-20 21:51:49 +01:00
Dirk Wetter
c280d9a528 Update Readme.md 2015-01-16 17:18:38 +01:00
Dirk Wetter
cc9046064c Update Readme.md 2015-01-16 17:16:22 +01:00
Dirk
d129531371 fine tuning on banner 2015-01-15 20:29:46 +01:00
Dirk
4c72e059b8 - FIX: grep -a if we hit binary content with http_header (also if otherwise specified) 
- NEW: can specify URL (used for header matters and breach)
- FIX: better handling of >1 cookies
 2015-01-14 12:23:53 +01:00
Dirk
549d523728 * NEW: cookie flags (experimental) [URL is missing] 
* FIX: 30x handling for http_header (hint for final URL if stalled)
* FIX: proper display of app-banners if >1
 2015-01-14 09:48:44 +01:00
Dirk
400f06b64f SNI is not anymore 2do (removed misleading comment) 2015-01-12 23:28:38 +01:00
Dirk
c8e4db1a39 debugging more fine grained 2015-01-12 23:15:26 +01:00
Dirk
16c14de324 now with SNI! 2015-01-12 22:56:15 +01:00
Dirk
d5ed01a3ab now checker fo SSLv3 to TLSV1.2 
(SNI missing for now)
 2015-01-10 22:08:11 +01:00
Dirk
0fd4e06f21 typo in tempdir led to missing gost cipher 2015-01-08 14:16:22 +01:00
Dirk
bcda178bd7 working prototype for SSLv2 client hello + parsing server hello in bash 2015-01-07 23:57:16 +01:00
Dirk
64cafd40f0 Merge branch 'master' of https://github.com/drwetter/testssl.sh 2015-01-07 23:30:24 +01:00
Dirk
c01ec13e2e - moved utils to separate dir 2015-01-07 23:29:05 +01:00
Dirk
1ad9251e5e safer batch processing if port isn't available 2015-01-07 23:16:45 +01:00
Dirk
37fea08022 Merge remote-tracking branch 'origin/revert-48-master' 2015-01-07 23:09:57 +01:00
Dirk
b78362e41f safer bacth processing if port isn't available 2015-01-06 16:25:19 +01:00
Dirk Wetter
afa5669c89 Revert "Change question logic on non-SSL port" 2015-01-06 16:10:21 +01:00
Dirk Wetter
d7d884c16e Merge pull request #48 from lwindolf/master 
Change question logic on non-SSL port
 2015-01-06 16:01:07 +01:00
Lars Windolf
21db6b4eba Change question logic on non-SSL port 
Idea is to bail out per default (with WARNINGS=off) this makes batch processing possible
as often testssl.sh hangs for minutes or endless on non-SSL ports.
 2015-01-03 11:41:35 +01:00
Dirk
c48944c5fb - check for CN wrt SNI / no SNI 
- fix different responses for CACert
 2014-12-23 09:59:03 +01:00
Dirk
a8ef2dfa42 - Negotiated cipher per proto 
- nr_ciphers of used openssl version in banner
- spdy_pre check
- -testversion_new --> -testversion
 2014-12-21 23:22:50 +01:00
Dirk
496cf11774 - Cipher order check! (also for starttls) 
- includes a remark 4 default_cipher (limited sense as client will pick)
- selfsigned certs: error!
- number of local ciphers in check with allciphers
 2014-12-21 00:47:23 +01:00
Dirk
f2ce663f4e Merge branch 'master' of github.com:drwetter/testssl.sh 2014-12-19 17:06:37 +01:00
Dirk
95f9e844c0 - tempfile handling: every function leaves one, if DEBUG is set 
- FIX*2: OPENSSL_CONF/GOST_CONF
 2014-12-19 17:02:26 +01:00
Dirk Wetter
70f0e3e4a4 Update Readme.md 2014-12-19 15:52:05 +01:00
Dirk Wetter
8eace3988c Update Readme.md 2014-12-19 15:51:32 +01:00
Dirk
1a699c7bbf - subjectAltName 2014-12-19 07:12:20 +01:00
Dirk
61c3541f8d - NEW: certificate info, details: 
- NEW: CN, SAN
- NEW: OCSP URI
- NEW: CRL distr point
- NEW: Issuer
- NEW: expiration
- NEW: signature algo
- renamed cmdline --simple_preference to --server_defaults
- now we have a TEMPDIR where all files are written toA
- function or handling/removing TMPFILE
 2014-12-18 09:33:24 +01:00
Dirk Wetter
489fbfce9e Update Readme.md 2014-12-09 14:25:38 +01:00
Dirk
8dd2425ada - RELEASE: final 2.2 
- change of cmd line order for STARTTLS
- help more clear
 2014-12-08 10:32:51 +01:00
Dirk
05d7047865 - BUGFIX: potential stalling in HTTP Header query 
- BUGFIX: HTTP specific vuln. won't be checked if service is not http (we still
check crime and also spdy => gmail has spdy for pop and imap)
- Feature: service detection: HTTP, IMAP, POP, SMTP
- alignment in rDNS output corrected
- minor cleanup / improvements
 2014-11-30 01:30:20 +01:00
Dirk
e2067d1663 - BUGFIX: BSD now has proper heartbleed and ccs injection detection 
- significant code improvement of hex-byte parser <-> socket sender
- BUGFIX: BSD now doesn't put an extra \n if rfc map file is missing
- bumped to 2.1rc3, hoping that'll be the last
 2014-11-27 21:33:33 +01:00
Dirk
ba76dad503 - for colors: double square brackets (might save a fork to "[ or "test" 
- in terms of debugging cleaned up listciphers/std_cipherlists
- in other terms too
 2014-11-25 13:12:24 +01:00
Dirk Wetter
d948039237 Update Readme.md 2014-11-24 16:43:11 +01:00
Dirk Wetter
18cd3a7a21 Merge pull request #37 from yurivict/master 
Fixed errors when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options
 2014-11-24 15:16:42 +01:00
Yuri
6829de54c5 Fixed the problem when COLOR=0 caused 'printf' to break due to leading dashes interpreted as command line options. 2014-11-22 12:15:47 -08:00
Dirk Wetter
7649b20a0d Merge pull request #36 from PeterMosmans/bugfix 
Fixed minor redirection typo for 'which' command
 2014-11-22 18:31:09 +01:00
Peter Mosmans
1a3bebeed8 Fixed minor redirection typo for 'which' command 2014-11-22 12:57:36 +10:00
Dirk
00ff1b57a0 - increase first read buffer -- otherwise it's how up at hb reply and lead to false positives 2014-11-20 18:55:51 +01:00
Dirk
80079edf41 color codes for protocols and default ciphers reflect better a rating 
- fix: heartbleed function needed a $TMPFILE for determining the TLS protocol
 - version bumped to 2.1rc2
 2014-11-20 10:46:55 +01:00
Dirk
db17669b99 - fix in cleanup (while debug) 
- wrong cmd line option --> help instread of error
 2014-11-19 22:23:13 +01:00
Dirk
9d5d77c813 - protocol check stream lined: similar now for every protocol 
- NPN/SPDY is not green anymore
 2014-11-19 18:04:43 +01:00
Dirk
ab7074aefd - protocol w/o cipher (only SSLv2 so far) 
- for EVERY protocol now check whether $openssl supports it
- better fail for PFS if there are no local ciphers
 2014-11-19 17:08:59 +01:00