Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 13:55:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,945 Commits 17 Branches 35 Tags
9f73f782a125a6e05fa55e265a43d401ee6ab70e
Commit Graph

4945 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk Wetter
4b57f4c9f9 Merge pull request #2656 from dcooper16/ticketbleed 
Enhance ticketbleed testing
 2025-02-15 13:31:15 +01:00
David Cooper
96bd3072de Enable run_npn() to use tls_sockets() 
LibreSSL does not support the -nextprotoneg option. This commit enhances run_npn() to use tls_sockets() when $HAS_NPN is false, rather than reporting that the check can not be performed.
 2025-02-14 12:25:39 -08:00
David Cooper
acf48977c2 Fix pattern matches 
This commit fixes three lines of code that use Bash substring matching. In each case, a list of strings to match was enclosed in brackets. This resulted in a match if the string to test contained any character from any of the strings to match. This commit fixes the issue by removing the brackets.

(The bugs were introduced in b8e9b09ca7 and 8149c2d5cf)
 2025-02-13 14:21:26 -08:00
David Cooper
aa5d4917cf Enhance ticketbleed testing 
Some versions of OpenSSL/LibreSSL do not support TLS 1.1 and earlier, either because they do not support the protocol (e.g, `$OEPNSSL s_client -tls1` results in a "unknown option" error) or because the cryptography needed to support these protocol versions (e.g., MD5/SHA1) is not available.

Given the limitations of some versions of $OPENSSL, this commit enhances ticketbleed testing in two ways. First, it performs the testing using the newest (non-TLS 1.3) version supported by the server, so that TLS 1 and TLS 1.1 aren't used unless TLS 1.2 is not supported. Second, it adds tests for whether the protocol version to be used is supported by $OPENSSL and for whether connection attempts were successful, rather than assuming connection attempts succeed.
 2025-02-13 07:59:36 -08:00
Dirk Wetter
4b4260831e Merge pull request #2653 from testssl/address_addCA_issue 
Address CA file parsing problem (3.2)
 2025-02-07 14:18:51 +01:00
Dirk Wetter
ebc43ddafe Add previously added line from 3.0 in change log 
for consistency reasons
 2025-02-07 12:40:06 +01:00
Dirk Wetter
5e1db5f0a1 Address CA file parsing problem (3.2) 
.... by forbidding spaces in supplied CA files/directories

Also now we're sanitizing the cmd line parameter better using `safe_echo()`

See also #2647 .
 2025-02-07 12:30:41 +01:00
Dirk Wetter
21a89e40e8 Merge pull request #2650 from testssl/drwetter-patch-1 
Update Readme.md
 2025-02-07 10:01:31 +01:00
Dirk Wetter
72d9168389 add that pentest2xlsx is python 2025-02-07 10:00:50 +01:00
Dirk Wetter
d38e6ef6a7 Update Readme.md 2025-02-07 09:57:20 +01:00
Dirk Wetter
5b58771040 Merge pull request #2649 from testssl/dependabot/github_actions/docker/setup-qemu-action-3.4.0 
Bump docker/setup-qemu-action from 3.3.0 to 3.4.0
 2025-02-07 09:50:49 +01:00
dependabot[bot]
649608a868 Bump docker/setup-qemu-action from 3.3.0 to 3.4.0 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-07 00:03:26 +00:00
Dirk Wetter
6e72c9b81d Merge pull request #2646 from testssl/fix_feature2098 
Feature: Detection STARTTLS throtteling via code 421/SMTP
 2025-01-31 12:26:44 +01:00
Dirk
4b928108ec Add trotteling feature 
* reorder points
* add sieve also
 2025-01-31 11:39:45 +01:00
Dirk
e73a2a9d53 Feature: Detection STARTTLS throtteling via code 421/SMTP 
For this anotehr variable needed to be passed to starttls_full_read()
via starttls_smtp_dialog, where the variable is defined.

Handling of the connection problem will occur at the calling level, fd_socket(),
so that in the future this can be extended if another STARTTLS problem signals
that we're too fast.

Fixes #2098.
 2025-01-31 11:26:44 +01:00
Dirk Wetter
abd0170fc4 Merge pull request #2645 from teunvink/3.2 
fix missing semicolon in docs
 2025-01-30 10:59:06 +01:00
Teun Vink
42f20b59b1 fix missing semicolon in docs 2025-01-30 10:23:12 +01:00
Dirk Wetter
65c18bed99 Merge pull request #2644 from testssl/fix_2642 
Fix error when hostname w trailing dot supplied
 2025-01-29 22:51:35 +01:00
Dirk Wetter
61cf7fe0e7 Fix error when hostname w trailing dot supplied 2025-01-29 20:47:13 +01:00
Dirk Wetter
aa4e9a4d41 Merge pull request #2641 from testssl/sieve_fix 
two sieve fixes to make it work
 2025-01-29 16:29:38 +01:00
Dirk
b054b5d687 two sieve fixes 
* one logical error
* removing check for trailing space for OK
 2025-01-28 22:15:17 +01:00
Dirk Wetter
f95ff7ab3e Merge pull request #2640 from forced-request/3.2 
Readme: Misformatted Markdown
 2025-01-28 20:57:53 +01:00
John Poulin
b84dd06b36 broken markdown 2025-01-28 13:46:12 -05:00
Dirk Wetter
8339a730f5 Merge pull request #2638 from testssl/dependabot/github_actions/docker/build-push-action-6.13.0 
Bump docker/build-push-action from 6.12.0 to 6.13.0
 2025-01-27 21:15:22 +01:00
Dirk Wetter
e068c52e28 Merge pull request #2639 from testssl/fix_ci_runs 
Fix ci runs
 2025-01-27 20:54:29 +01:00
Dirk Wetter
e41b488172 Merge branch 'fix_ci_runs' into dependabot/github_actions/docker/build-push-action-6.13.0 2025-01-27 20:36:49 +01:00
Dirk Wetter
d93549e327 fix match expr 2025-01-27 20:08:11 +01:00
Dirk Wetter
cdf5cf7b97 remove + @ beginning of line 2025-01-27 17:20:39 +01:00
Dirk Wetter
e17bbfd8c6 Merge branch 'fix_ci_runs' into dependabot/github_actions/docker/build-push-action-6.13.0 2025-01-27 16:42:15 +01:00
Dirk Wetter
ef13122f4f fix typo 2025-01-27 16:39:02 +01:00
Dirk Wetter
b984ae5ea2 minor stuff 2025-01-27 16:37:04 +01:00
Dirk Wetter
8e39d161a8 cleaner code 2025-01-27 16:36:42 +01:00
Dirk Wetter
0640eb9004 Several CI fixes 
- don't output stdin on terminal
- adapt to different google.com ip addresses
- cleaner code
 2025-01-27 16:33:58 +01:00
dependabot[bot]
d06d50280d Bump docker/build-push-action from 6.12.0 to 6.13.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.12.0...v6.13.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-01-27 00:27:50 +00:00
Dirk Wetter
04c98d93ab Merge pull request #2628 from testssl/diffing_openssls 
Add unittest for different openssl versions
 2025-01-24 21:38:26 +01:00
Dirk
ce8984706e Finalize unit test 
* pattern search + replace for tls_sockets() vs. openssl
* better error handling for invocations with perl functions system + die
 2025-01-24 20:36:59 +01:00
Dirk
cbaa813a40 Merge branch '3.2' into diffing_openssls 2025-01-24 19:47:40 +01:00
Dirk Wetter
d115b2ebbf Merge pull request #2635 from testssl/fix_2633 
Fix bug when legacy NPN is tested against a TLS 1.3 host
 2025-01-24 19:44:49 +01:00
Dirk
d9b293f6c7 fix typo 2025-01-24 18:51:11 +01:00
Dirk
43a0099fbc Fix bug when legacy NPN is tested against a TLS 1.3 host 
When testing a TLS 1.3 host s_client_options used TLS 1.3 ciphers to test
for NPN. As that is not implemented we nee dto make sure any other version
is used.

This PR ensures that --after testing whether it's a TLS 1.3-only host
where this test doesn't make any sense in the first place.

Fix for #2633
 2025-01-24 18:46:07 +01:00
Dirk Wetter
5c1232b9dc Merge pull request #2566 from testssl/bump_version 
Bump version to 3.2rc4
v3.2rc4 		2025-01-24 15:47:11 +01:00
Dirk
76cdf3166a fix typo 2025-01-24 14:53:52 +01:00
Dirk
bf75a91bc7 Merge branch '3.2' into bump_version 2025-01-24 14:41:21 +01:00
Dirk Wetter
5eeab6484f Merge pull request #2632 from testssl/Tazmaniac-client-renego-refactoring 
Tazmaniac client renego refactoring
 2025-01-24 14:24:43 +01:00
Dirk
002b91192c fix spelling 2025-01-24 13:50:35 +01:00
Dirk
49db77e63a Conflicts resolved 2025-01-24 13:44:19 +01:00
Dirk Wetter
163d744c13 Add recent and bigger changes 
From today back to 1f37a8406f
 2025-01-24 11:32:41 +01:00
Dirk Wetter
0042b6313e s/drwetter/testssl 
For the remaining occurences. Except dockerhub which needs to be solved.
 2025-01-24 11:15:55 +01:00
Dirk Wetter
69d6a50696 Merge branch '3.2' into bump_version 2025-01-24 11:05:00 +01:00
Dirk Wetter
0539688c06 Merge pull request #2631 from testssl/corydalis10-3.2 
Improve CONTRIBUTING.md
 2025-01-23 17:42:29 +01:00