Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-01-06 00:39:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
230 Commits 15 Branches 30 Tags 211 MiB
8cdd516ad1
Commit Graph

106 Commits

Author SHA1 Message Date
Mark Felder
8cdd516ad1 more ps >/dev/null fixes 
more useless cat
 2015-03-13 15:24:16 -05:00
Mark Felder
8d965f7c71 More useless cat 2015-03-13 15:19:47 -05:00
Mark Felder
4cdc89aa61 Revert to 2>&1 > /dev/null order because it isn't behaving correctly. 2015-03-13 14:56:30 -05:00
Mark Felder
59ed025f36 Replace expr with $(( )) 
https://github.com/koalaman/shellcheck/wiki/SC2003
 2015-03-13 14:54:36 -05:00
Mark Felder
73202da2fd Fix missing single quote 2015-03-13 14:26:02 -05:00
Mark Felder
b7b88a03e7 Fix order of the redirect 
https://github.com/koalaman/shellcheck/wiki/SC2069
 2015-03-13 10:00:14 -05:00
Mark Felder
305fcca2ae Replace backticks with $(..) 
https://github.com/koalaman/shellcheck/wiki/SC2006
 2015-03-13 09:52:39 -05:00
Dirk
c1ca5a641b - FIX garbled output for servers with a TLS reply on SSLv2 socket call 2015-03-13 12:20:19 +01:00
Mark Felder
f037a3f811 Minor optimizations to redunce unnecessary forking 2015-03-11 12:13:38 -05:00
Dirk
d8d8318f6d FIX for #71 (proper workaround for lastpipe in rc4, pfs, and cbc) 2015-03-09 08:07:45 +01:00
Dirk
77e28922c1 - NEW: proper check for freak CVE-2015-0204 
- NEW: check for number of keys for hpkp
- cleanup hsts+hpkp
 2015-03-07 09:51:55 +01:00
Dirk
f23904b35f - MX record: the lower the # the higher the priority (thx, rechi) 2015-03-03 07:21:30 +01:00
Dirk
55e8908234 - finalize mx records, FIX: #41 2015-03-02 14:42:28 +01:00
Dirk Wetter
2614c093d7 Merge pull request #66 from Rechi/master 
Check MX Records (#41)
 2015-03-02 14:13:33 +01:00
Dirk
37fa44cecf - remark about rc4 rfc 2015-03-02 14:09:34 +01:00
Rechi
81afa43755 Check MX Records (#41) 2015-02-28 14:12:58 +01:00
Dirk
29214c7a1f - better detection for ssl poodle 
- change of shorticut from zero to letter o
 2015-02-27 21:21:39 +01:00
Marc Schütz
274ee394e8 Don't let error message slip through when no certs have been downloaded 2015-02-24 18:10:28 +01:00
Dirk Wetter
868c813055 Merge pull request #64 from PeterMosmans/spellingfix 
FIX: minor spelling issue
 2015-02-24 10:03:32 +01:00
Peter Mosmans
5440b24b92 FIX: minor spelling issue 2015-02-24 14:57:43 +10:00
Dirk
8aa8254c2d - FIX #62 (CentOS 7/RHEL: engine failure), was not usable b4 2015-02-23 10:40:10 +01:00
Dirk
d0d7bb47e2 - FIXED: #47 ("double" linefeed if RFC mapping file is not present) 2015-02-22 23:05:40 +01:00
Dirk
e2448ea95d - NEW: tells how many certificates provides (and grabs them with DEBUG=1) 
- COLOR for no cipher order is red now
- "VULNERABLE" comes now always with "NOT ok"
 2015-02-21 11:47:12 +01:00
Dirk
bacb3b69ba - FIXED: #38, new openssl from peter mosmans makes the workaround unneccessary 2015-02-21 10:38:04 +01:00
Dirk
b261c1079a - Fix #55 (302 detection for URL) 2015-02-15 14:00:13 +01:00
Dirk
f203b8b299 - Fix #46 (preload lists HPKP and HSTS) 
- word match for includeSubDomains (useful if one specified the keyword wrong)
 2015-02-15 13:37:44 +01:00
Dirk
b0a40ae1e8 - FIX #60: mod_security CRS doesn't complain anymore 2015-02-15 13:14:11 +01:00
Dirk
ab48c66f74 - certificate sha2 fingerprint added (#59, @@kyhwana) 
- sha1 fp: removed colons as long serials after it look ugly (lf)
 2015-02-15 12:58:51 +01:00
Dirk
e5a015b842 - workaround for issue #58, same in http_header 
- FIX: if a web site returned IMAP e.g. in HTML code it may have led to the assumption IMAP is the service ;-/
 2015-02-13 16:01:46 +01:00
Dirk
d15d5b0c6f - FIX regression: CRIME check 
- FIX: port ended up sometimes as URL part
- also if it runs http a line is displayed as confirmation that HTTP was detected
 2015-02-12 13:40:53 +01:00
Dirk
d9e4873fda - WORKAROUND for bug in PeterMosmans OPENSSL chacha/poly version: not testing EXPORT40/EXPORT then 2015-02-12 09:32:47 +01:00
Dirk
d98aa626e7 - NEW: check for Secure Client-Initiated Renegotiation 
- debugging #1: PS4 and debugme
- debugging statement tmpfile_handle where missing #2
 2015-02-11 09:43:04 +01:00
Dirk
ed04b636da - starttls for ldap now also supported 2015-02-09 14:02:02 +01:00
Marc Schütz
4fc8111c0a Trivial typo fix 
noone => none
 2015-02-07 17:30:36 +01:00
Dirk
f30d7568e7 - checking protoype of tls sockets but not called/working yet 
- small fixes $DEBUG
 2015-02-04 09:48:34 +01:00
Dirk
1b8d96f1d8 - NEW: certificate fingerprints + serial 2015-02-03 23:46:47 +01:00
Dirk
d2b833b2fa - TLS 1.0/1.1 is not green anymore, only TLS 1.2 is the real one! 
- no bold for 3DES and medium
- nslookup for MSYS2 etc. having no hosts (and fixing error message if host doesn't exist)
 2015-02-03 23:20:59 +01:00
Dirk
4f1ca24bd2 FIX: experiration threshold < 30 days 2015-01-30 16:26:55 +01:00
Dirk
85bc14c946 - FIX: STARTTLS is the criteria for using bash sslv2 or not, not the service 2015-01-29 23:24:49 +01:00
Dirk
16c804d4ca FIX: BEAST (supports higher protocols only when CBC ciphers detected) 
- FIX: URL in app banner
 - cosmetic issue: display also if one cookie was issue the number 1
 2015-01-29 23:20:58 +01:00
Dirk
89012a7a42 * NEW: protocol check SSLv2 in bash sockets per default (HTTP) 
(fallback to openssl with SSL_NATIVE=1)
 2015-01-29 10:46:16 +01:00
Dirk
5e864c28b4 * NEW: emphasize any numbers in http header output 
* internal renaming of color functions ( --> pr_*)
* new color switches (tput)
* $COLOR is treated as integer not string
* for some issues color adjusted accordingly (red --> brown/yellow)
 2015-01-29 09:33:35 +01:00
Dirk
3abaad5eb1 Merge branch 'master' of github.com:drwetter/testssl.sh 2015-01-28 15:31:13 +01:00
NV
e3a66f5a70 Fix GOST handling in LibreSSL 2015-01-28 14:17:27 +09:00
Dirk
d35e2f95b8 fix for wrong # of HttpOnly cookie 2015-01-23 15:09:35 +01:00
Dirk
84caf9ffd1 fix for double line and double application banner 2015-01-23 12:17:27 +01:00
Dirk
baadfd0492 BREACH is not labeled as experimental anymore as it works reliably 
- so is heartbleed
 - FIX: shopt is removed in rc4 as most of the bash shells segfault here (bug!)
 - not tested anymore for HTTP within starttls, instead displaying here a line
 2015-01-23 12:01:32 +01:00
Dirk
6c6511ddb2 - VERBOSE -eq 1 is now DEBUG -eq 2 (VERBOSE completely removed) 
- DEBUG has now four modes 1: just keep files 2: VERBOSE -eq 1 3: head hexdumps and other stuff, 4: full debugging
- env and internal stuff $TEMPDIR
 2015-01-21 12:53:00 +01:00
Dirk
d5924eedc4 - BEAST finally works 
- handling of spaces in output
- different ciphers
- FIX: setopt also for RC4 (proper handling of ret value)
 2015-01-20 21:59:21 +01:00
Dirk
28330dc6fc first prototype BEAST | FIX: maketempf in initialize_engine | FIX: exit statements in main w/ more meaning/shorter 2015-01-20 21:51:49 +01:00