Commit Graph

3848 Commits

Author SHA1 Message Date
Jauder Ho
b1aeeb47e0 Testing context 2021-08-09 10:36:17 +00:00
Jauder Ho
4df60052af Use GH Action to build new container images upon push 2021-08-09 10:21:10 +00:00
Dirk Wetter
f15da8d15d
Merge pull request #1966 from drwetter/no_starttls
Add CVEs for No-STARTTLS vulnerability
2021-08-08 21:33:14 +02:00
Dirk
aaf6409581 Add CVEs for No-STARTTLS vulnerability
In text output only the original one from Wietse Venema.
The other known so far in JSON/CSV
2021-08-08 21:30:35 +02:00
Dirk Wetter
89de30c867
Merge pull request #1965 from jauderho/gha_build_status
Update build status to reflect use of GHA
2021-08-08 14:00:14 +02:00
Jauder Ho
6daa2956b9
Update Readme.md 2021-08-08 04:07:33 +00:00
Jauder Ho
fd9fac67aa
Update Readme.md 2021-08-08 03:51:34 +00:00
Dirk Wetter
77e47cadff
Merge pull request #1963 from drwetter/fix_1956_3.1dev
Redirect debugme() outputs to stderr (3.1dev)
2021-08-07 16:18:43 +02:00
Dirk Wetter
c1253f2cd0
Merge pull request #1953 from jauderho/3.1dev
Add Dependenbot checking for GitHub Actions
2021-08-07 16:17:33 +02:00
Dirk Wetter
7b0947c290
Merge pull request #1958 from dcooper16/use_all+
Use all+ in calls to tls_sockets()
2021-08-07 16:04:07 +02:00
Dirk
3f8c62dc41 Change debugme1 calls to include redirection from stderr back to stdout
The fact that debugme1() redirects to stderr and the calls to this functions
redo that is deliberately as in the future we might want to use debugme1
without redirection.
2021-08-07 15:26:51 +02:00
Dirk
4e01f86c99 Redirect debugme() outputs to stderr (3.1dev)
... to address #1956 and other places. Similar to #1957,
only for the 3.1dev rolling release branch.

Also it changes debugme1() back? to output debug
statements only when $DEBUG >= 1. Per default here
also stderr is used.
2021-08-07 15:20:09 +02:00
David Cooper
b4d11459a8 Use all+ in calls to tls_sockets()
get_server_certificate() includes a few calls to tls_sockets() in which the response will be TLS 1.3 and in which the response will be useless if it cannot be decrypted (since the goal is to obtain the server's certificate). So, these calls to tls_sockets() should specify "all+" rather than "all".
2021-08-05 11:36:32 -04:00
Dirk Wetter
1739ae1400
Merge pull request #1960 from dcooper16/certificate_compression
Check for RFC 8879 certificate compression
2021-08-05 16:51:03 +02:00
David Cooper
526d25bc1d Don't test for certificate compression if --ssl-native
This commit changes run_server_defaults() so that the test for certificate compression is not run in --ssl-native mode. This fixes an issue that was caught by 21_baseline_starttls.t.
2021-08-05 10:37:37 -04:00
David Cooper
fa1ccdb565 Check for RFC 8879 certificate compression
This commit adds a check for whether the server supports certificate compression (RFC 8879). If it does, then the list of supprted compression methods is output in the server's preference order.
2021-08-04 14:39:12 -04:00
Dirk Wetter
b603d57146
Merge pull request #1952 from drwetter/fix_1717
Look-ahead trick for -U --ids-friendly
2021-08-01 17:47:11 +02:00
Jauder Ho
91970a2214
Merge branch 'drwetter:3.1dev' into 3.1dev 2021-07-31 14:28:57 -07:00
Dirk Wetter
a3ab6cd887
Merge pull request #1950 from drwetter/digrc
Ignore $HOME/.digrc
2021-07-31 18:49:57 +02:00
Dirk
6cf7521184 Look-ahead trick for -U --ids-friendly
If the order of the cmdline is '-U --ids-friendly' then we need to make sure we catch --ids-friendly. Normally we do not,
 see #1717. The following statement makes sure. In the do-while + case-esac loop  the check for --ids-friendly will be
executed again, but it does not hurt
2021-07-31 18:27:03 +02:00
Dirk
439aad1f22 Ignore $HOME/.digrc
Newer dig versions have an option to ignore $HOME/.digrc, older don't.

This commit adds a patch checking for the availability of such an option and
uses it by default. See #1894 .

If this option doesn't exist then still dig is used and can still lead to
wrong output. Unfortunately Debian-based distros are not very
good at this. Debian 10, Ubuntu 18.04 still use dig 9.11, whereas
Opensuse 15.2 has 9.16. Debian 11 and Ubuntu 20.04 use that too.
2021-07-31 15:14:22 +02:00
Dirk Wetter
c40a3a7d02
Merge pull request #1946 from drwetter/noitalics4screen
Disable ANSI codes for italic when TERM == screen
2021-07-31 13:57:11 +02:00
Dirk
525a40a653 Disable ANSI codes for italic when TERM == screen
... otherwise it is being printed in reverse, see #1928.
2021-07-31 13:17:55 +02:00
Dirk Wetter
46862ecc84
Merge pull request #1945 from drwetter/alpine
Upgrade to alpine 3.13
2021-07-30 18:01:25 +02:00
Dirk Wetter
68c5acb556
Upgrade to alpine 3.13 2021-07-30 18:01:12 +02:00
Dirk Wetter
820b728bc4
Merge pull request #1943 from drwetter/email-contrib
E-Mail as a contribution possibility
2021-07-30 15:02:19 +02:00
Dirk Wetter
2b74e9f55d
E-Mail as a contribution possibility
As some people may have a problem with the owner of github.
2021-07-30 15:01:39 +02:00
Dirk Wetter
2935ecc2e1
Merge pull request #1938 from drwetter/nmap_portdetection_1931
Improved SSL/TLS portdetection in nmap greppable files
2021-07-30 09:48:50 +02:00
Dirk Wetter
70d40b416b
Merge pull request #1940 from dcooper16/print_spaces_faster
Print consecutive spaces faster
2021-07-30 09:21:50 +02:00
David Cooper
fc310301f1 Print consecutive spaces faster
This commit adds a new function, print_n_spaces(), which prints a sequence of (up to 80) space characters.

This new function is used to replace a few places in testssl.sh in which a sequence of space characters is printed by calling 'out " "' in a loop. The new function is much faster than the current code, so it will make testssl.sh run slightly faster.
2021-07-29 15:12:27 -04:00
Dirk
59c0b38140 see previous commit 2021-07-25 17:14:12 +02:00
Dirk
defed8705b Extend TLS/SSL port detection
As mentioned in #1931 the port detection for nmap greppable files
leaves space for improvements.

Ths PR adds a pattern detection of ssl and https in the forth or fifth
parameter of an open port, so those ports will be added to a scan when
a nmap greppable output file is as input to testssl.sh .

Also it does minor code adjustments to utils/gmap2testssl.sh .
2021-07-25 17:09:30 +02:00
Dirk Wetter
18dfa26e48
Merge pull request #1936 from drwetter/fix_1935
Fix problem when nmap file has .txt extension
2021-07-25 16:34:58 +02:00
Dirk
b1c1d250cf Redo utils/gmap2testssl.sh
.. mainly copied from testssl.sh. Also it adds a detection for the
strings ssl and https. If those run at non-stanadard ports but nmap
detected it, it'll show up in the output file.

That will be backported to the main program, see #1931 .
2021-07-25 16:28:50 +02:00
Dirk
5a7b7d8b8e Fix problem when nmap file has .txt extension
This addresses a bug filed in #1935 in 3.1dev when the supplied file
has a .txt extension. In this scenario the input file was nulled
as from the input file in nmap format an internal input file was
generated which has a .txt extension, in the same directory.
The idea was to persist the file for the user.

Now, this internal input file is ephemeral and only written to $TEMPDIR.
2021-07-25 13:05:40 +02:00
Dirk Wetter
05d087a564
Merge pull request #1933 from drwetter/drwetter-patch-1
Update bug_report.md
2021-07-21 09:22:38 +02:00
Dirk Wetter
8203049154
Update bug_report.md 2021-07-21 09:22:01 +02:00
Jauder Ho
ea4d939f8f
Create dependabot.yml 2021-07-01 19:32:33 -07:00
Dirk Wetter
56dcbcdc15
Merge pull request #1924 from drwetter/fix_1915
Fix redundant message (BREACH) when client certificate required
2021-06-22 08:25:29 +02:00
Dirk Wetter
f4bb1a20e2
Merge pull request #1925 from PeterDaveHello/Add.dockerignore
Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
2021-06-19 18:17:51 +02:00
Peter Dave Hello
f0970aff90 Ignore FreeBSD & macOS OpenSSL binary in Dockerfile
There is no need to add non-Linux binary in the Dockerfile here.
2021-06-19 22:22:59 +08:00
Dirk
28d9bc483d Fix redundant message (BREACH) when client certificate required
same as #1916.

Fixes #1915
2021-06-19 15:27:03 +02:00
Dirk Wetter
9f0d0c0062
Merge pull request #1921 from drwetter/gha_denylist
Github actions modifications
2021-06-19 12:30:00 +02:00
Dirk
2af7860a3c Remove mac osx
... apt is probably not the right thing ;-)
2021-06-19 11:17:52 +02:00
Dirk
247d08882e GHA: Fix push + PR
see https://github.community/t/how-to-factor-paths-in-common-for-push-and-pull-request/115967/2

TL;DR:  There is no way to specify the common paths for two events
2021-06-19 11:12:00 +02:00
Dirk
5cd97ddcb9 Correct YAML error in GHA + add macOS
- yamllint to the rescue. Still shows an error though:
  4:3       error    syntax error: expected <block end>, but found '<block mapping start>' (syntax)

- added macos, see https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners
2021-06-19 10:45:08 +02:00
Dirk
b8a9b9c6db Github actions modifications
- define deny list of files when modified not to run GHA
- specRitfy OS to be ubuntu-20.04 (is there a debian at all?)
- only use perl 5.26

While researching I stumbled over mac.osx as an OS one can specify. If anybody
knows whether this is really macosx (license?) please let me know. That
would be a great addition for CI. (Couldn't find BSD yet...)

See #1920
2021-06-19 09:20:48 +02:00
Dirk Wetter
2d3bd724fc
Merge pull request #1912 from PeterDaveHello/MakeShellScriptShebangConsistent
Make Shell Scripts' Shebang more consistent
2021-06-18 08:59:22 +02:00
Dirk Wetter
cb844557f8
Merge pull request #1913 from PeterDaveHello/CorrectExitUsage
Correct `exit` using, the exit status should be 0~255
2021-06-18 08:55:22 +02:00
Dirk Wetter
35c43719dd
Merge pull request #1919 from drwetter/rm_travisCIhook
Remove travis CI hook
2021-06-18 08:47:52 +02:00