Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-23 04:12:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
4,772 Commits 15 Branches 35 Tags
bbdf19df8500d4ffab335a9f0594c1df47e92d7c
Commit Graph

4772 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Cooper
bbdf19df85 Fix typo 
This commit fixes a typo that was introduced by #2656.
 2025-03-04 14:01:50 -08:00
Dirk Wetter
3ae276497d Merge pull request #2677 from testssl/dependabot/github_actions/docker/setup-qemu-action-3.6.0 
Bump docker/setup-qemu-action from 3.5.0 to 3.6.0
 2025-03-03 09:49:25 +01:00
dependabot[bot]
4d43d97622 Bump docker/setup-qemu-action from 3.5.0 to 3.6.0 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.5.0 to 3.6.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.5.0...v3.6.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-03 00:22:11 +00:00
Dirk Wetter
4fde2e7e49 Merge pull request #2674 from testssl/dependabot/github_actions/docker/build-push-action-6.15.0 
Bump docker/build-push-action from 6.14.0 to 6.15.0
 2025-02-27 10:32:27 +01:00
Dirk Wetter
105c19e4ef Merge pull request #2675 from testssl/dependabot/github_actions/docker/setup-qemu-action-3.5.0 
Bump docker/setup-qemu-action from 3.4.0 to 3.5.0
 2025-02-27 10:32:03 +01:00
Dirk Wetter
c9d1ba4fcc Merge pull request #2673 from dcooper16/avoid_subshell 
Avoid subshell overhead
 2025-02-27 10:31:04 +01:00
dependabot[bot]
c37e171424 Bump docker/setup-qemu-action from 3.4.0 to 3.5.0 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.4.0 to 3.5.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.4.0...v3.5.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-27 00:03:48 +00:00
dependabot[bot]
5bfe6d63bd Bump docker/build-push-action from 6.14.0 to 6.15.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.14.0 to 6.15.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.14.0...v6.15.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-27 00:03:46 +00:00
Dirk Wetter
78dd0a13c9 Merge pull request #2671 from javabrett/javabrett/improve-ev-detection 
Improved (experimental) Extended Validation (EV) certificate identification
 2025-02-26 22:56:21 +01:00
David Cooper
c38f46880f Avoid subshell overhead 
This commit removes the use of parenthesis in two expressions in run_fs() in order to avoid subshell overhead.
 2025-02-26 13:25:49 -08:00
David Cooper
102e4fb9b7 Merge pull request #2620 from Odinmylord/fix_curves 
fix curves findings in TLS1.2 and prior versions
 2025-02-26 13:15:34 -08:00
Dirk Wetter
04e5bc4be9 Merge pull request #2672 from javabrett/patch-1 
Update CONTRIBUTING.md
 2025-02-26 10:23:26 +01:00
Brett Randall
5f548b4214 Update CONTRIBUTING.md 
Fixed typo complains -> complaints.
 2025-02-26 13:02:16 +11:00
Brett Randall
352ed61a2e Improved (experimental) Extended Validation (EV) certificate identification. 
Three changes:

- added grep for "EV TLS" in addition to "EV SSL", as some issuers are
  using this.  This grep link actually picks-up most EV policies.
- Added policy detection for 2.23.140.1.1.  This is from CA Browser
  Forum https://cabforum.org/resources/object-registry/ extended-validation(1).
- Added policy detection for 1.3.6.1.4.1.38064.1.3.1.4 , which is SSL.com's EV policy.
 2025-02-26 10:10:21 +11:00
Dirk Wetter
ff41cbbb89 Merge pull request #2669 from magnuslarsen/3.1dev 
fix(rating): explicit enable rating if required vuln-checks are enabled
 2025-02-23 14:29:18 +01:00
Magnus Larsen
9429afade1 fix(rating): explicit enable rating if required tests are ran 2025-02-23 11:48:41 +01:00
Dirk Wetter
69e2067b99 Merge pull request #2666 from krufab/fix/fix-typo-in-help-message 
Corrected typo in the help message
 2025-02-22 16:00:31 +01:00
Fabio Kruger
1539148f0b Corrected typo in the help message 
Signed-off-by: Fabio Kruger <10956489+krufab@users.noreply.github.com>
 2025-02-22 00:55:08 +01:00
Riccardo Germenia
b3609603f9 remove unnecessary "if" statements and remove break from "if" statements 2025-02-20 15:45:05 +01:00
Dirk Wetter
ffa3e19764 Merge pull request #2662 from dcooper16/fix_ossl_supported_curve_check 
Fix check for OpenSSL supported curves
 2025-02-20 11:30:10 +01:00
Dirk Wetter
94ff89671f Merge pull request #2664 from testssl/dependabot/github_actions/docker/build-push-action-6.14.0 
Bump docker/build-push-action from 6.13.0 to 6.14.0
 2025-02-20 11:29:28 +01:00
dependabot[bot]
ec220e7c27 Bump docker/build-push-action from 6.13.0 to 6.14.0 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.13.0 to 6.14.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6.13.0...v6.14.0)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-20 00:56:34 +00:00
David Cooper
5c7e7bcbc7 Fix check for OpenSSL supported curves 
OpenSSL 3.X outputs a different error message than previous versions when $OPENSSL s_client -curves X ... is called with an unsupported curve. This was resulting in the check within find_openssl_binary() adding every curve to $OPENSSL_SUPPORTED_CURVES, even ones that were not supported. This commit changes to check in order to detect the new error message.
 2025-02-19 12:47:35 -08:00
Dirk Wetter
74209e05de Merge pull request #2660 from testssl/rm_comment 
Remove obsolete comment that SNI is not needed for ticketbleed
 2025-02-17 15:39:26 +01:00
Dirk Wetter
2baaf61cc5 Merge pull request #2657 from dcooper16/fix_pattern_match 
Fix pattern matches
 2025-02-15 14:14:38 +01:00
Dirk Wetter
f085fd1880 Merge pull request #2659 from dcooper16/npn_sockets 
Enable run_npn() to use tls_sockets()
 2025-02-15 13:47:13 +01:00
Dirk
e79dc8161e Remove obsolete comment that SNI is not needed for ticketbleed 
See also aa5d4917cf (r1954824502)
 2025-02-15 13:33:52 +01:00
Dirk Wetter
4b57f4c9f9 Merge pull request #2656 from dcooper16/ticketbleed 
Enhance ticketbleed testing
 2025-02-15 13:31:15 +01:00
David Cooper
96bd3072de Enable run_npn() to use tls_sockets() 
LibreSSL does not support the -nextprotoneg option. This commit enhances run_npn() to use tls_sockets() when $HAS_NPN is false, rather than reporting that the check can not be performed.
 2025-02-14 12:25:39 -08:00
David Cooper
acf48977c2 Fix pattern matches 
This commit fixes three lines of code that use Bash substring matching. In each case, a list of strings to match was enclosed in brackets. This resulted in a match if the string to test contained any character from any of the strings to match. This commit fixes the issue by removing the brackets.

(The bugs were introduced in b8e9b09ca7 and 8149c2d5cf)
 2025-02-13 14:21:26 -08:00
David Cooper
aa5d4917cf Enhance ticketbleed testing 
Some versions of OpenSSL/LibreSSL do not support TLS 1.1 and earlier, either because they do not support the protocol (e.g, `$OEPNSSL s_client -tls1` results in a "unknown option" error) or because the cryptography needed to support these protocol versions (e.g., MD5/SHA1) is not available.

Given the limitations of some versions of $OPENSSL, this commit enhances ticketbleed testing in two ways. First, it performs the testing using the newest (non-TLS 1.3) version supported by the server, so that TLS 1 and TLS 1.1 aren't used unless TLS 1.2 is not supported. Second, it adds tests for whether the protocol version to be used is supported by $OPENSSL and for whether connection attempts were successful, rather than assuming connection attempts succeed.
 2025-02-13 07:59:36 -08:00
Dirk Wetter
4b4260831e Merge pull request #2653 from testssl/address_addCA_issue 
Address CA file parsing problem (3.2)
 2025-02-07 14:18:51 +01:00
Dirk Wetter
ebc43ddafe Add previously added line from 3.0 in change log 
for consistency reasons
 2025-02-07 12:40:06 +01:00
Dirk Wetter
5e1db5f0a1 Address CA file parsing problem (3.2) 
.... by forbidding spaces in supplied CA files/directories

Also now we're sanitizing the cmd line parameter better using `safe_echo()`

See also #2647 .
 2025-02-07 12:30:41 +01:00
Dirk Wetter
21a89e40e8 Merge pull request #2650 from testssl/drwetter-patch-1 
Update Readme.md
 2025-02-07 10:01:31 +01:00
Dirk Wetter
72d9168389 add that pentest2xlsx is python 2025-02-07 10:00:50 +01:00
Dirk Wetter
d38e6ef6a7 Update Readme.md 2025-02-07 09:57:20 +01:00
Dirk Wetter
5b58771040 Merge pull request #2649 from testssl/dependabot/github_actions/docker/setup-qemu-action-3.4.0 
Bump docker/setup-qemu-action from 3.3.0 to 3.4.0
 2025-02-07 09:50:49 +01:00
dependabot[bot]
649608a868 Bump docker/setup-qemu-action from 3.3.0 to 3.4.0 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.3.0 to 3.4.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v3.3.0...v3.4.0)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-07 00:03:26 +00:00
Dirk Wetter
6e72c9b81d Merge pull request #2646 from testssl/fix_feature2098 
Feature: Detection STARTTLS throtteling via code 421/SMTP
 2025-01-31 12:26:44 +01:00
Dirk
4b928108ec Add trotteling feature 
* reorder points
* add sieve also
 2025-01-31 11:39:45 +01:00
Dirk
e73a2a9d53 Feature: Detection STARTTLS throtteling via code 421/SMTP 
For this anotehr variable needed to be passed to starttls_full_read()
via starttls_smtp_dialog, where the variable is defined.

Handling of the connection problem will occur at the calling level, fd_socket(),
so that in the future this can be extended if another STARTTLS problem signals
that we're too fast.

Fixes #2098.
 2025-01-31 11:26:44 +01:00
Dirk Wetter
abd0170fc4 Merge pull request #2645 from teunvink/3.2 
fix missing semicolon in docs
 2025-01-30 10:59:06 +01:00
Teun Vink
42f20b59b1 fix missing semicolon in docs 2025-01-30 10:23:12 +01:00
Dirk Wetter
65c18bed99 Merge pull request #2644 from testssl/fix_2642 
Fix error when hostname w trailing dot supplied
 2025-01-29 22:51:35 +01:00
Dirk Wetter
61cf7fe0e7 Fix error when hostname w trailing dot supplied 2025-01-29 20:47:13 +01:00
Dirk Wetter
aa4e9a4d41 Merge pull request #2641 from testssl/sieve_fix 
two sieve fixes to make it work
 2025-01-29 16:29:38 +01:00
Dirk
b054b5d687 two sieve fixes 
* one logical error
* removing check for trailing space for OK
 2025-01-28 22:15:17 +01:00
Dirk Wetter
f95ff7ab3e Merge pull request #2640 from forced-request/3.2 
Readme: Misformatted Markdown
 2025-01-28 20:57:53 +01:00
John Poulin
b84dd06b36 broken markdown 2025-01-28 13:46:12 -05:00