Commit Graph

3299 Commits

Author SHA1 Message Date
Dirk c4a2ba8b49 vuln count adjusted 2017-04-19 01:21:13 +02:00
Dirk Wetter 51497c9dfb Merge pull request #714 from drwetter/revert-712-travis_check_for_html
Revert "Add Travis test for HTML output"
2017-04-19 00:55:35 +02:00
Dirk Wetter 9164230186 Revert "Add Travis test for HTML output" 2017-04-19 00:53:38 +02:00
Dirk Wetter 5285c26759 Merge pull request #712 from dcooper16/travis_check_for_html
Add Travis test for HTML output
2017-04-19 00:38:27 +02:00
Dirk 9ff868b083 fix travis 2017-04-19 00:35:55 +02:00
Dirk 2469603a7f save also 1x connect for heartbleed() by reusing a previoulsy identified protocol 2017-04-19 00:30:09 +02:00
Dirk de79bd6b0e implemented ticketbleed (experimental). Renamed other vulnerabilty checks to easier memorize each check:
-H is now --heartbleed instead of --headers,
-B is now --breach instead of --heartbleed,
-T is now --ticketbleed (was previously --breach)

bugs fix for run_ccs_injection() where the tls protocols wa not properly passed to the ClientHello

Made use of already determined protocol ( this time only from determine_optimal_proto() ) ==> we shpould use this in run_protocols() too!)
for run_ccs_injection + run_ticketbleed(). For achieving this determine_optimal_proto() needed to be modified so that it adds a protocol
to PROTOS_OFFERED (all_failed is now boolean there)

added two easy functions for converting dec to hex

sockread_fast() is for testing which should make socket erads faster -- albeit it could potentially block the whole thing
2017-04-18 23:15:32 +02:00
Dirk ac5b9a8a78 minor polishing, correct handshake length 2017-04-18 23:06:12 +02:00
Dirk dd9b3919fc PoC uploaded 2017-04-16 20:38:47 +02:00
David Cooper c76f6019e3 Fix typo
Missing "/" in second call to testssl.sh
2017-04-14 16:31:46 -04:00
David Cooper 6d55b2e6f3 Include banner in check
* Changed calls to testssl.sh to not include `--quiet` or `--append` flags. Modified perl script to remove HTML header and footer before comparing to terminal output.

* Changed `TERM_WIDTH` to 120 (doesn't affect test, but 80 created too much line wrapping).

* Replace date and time information with X's rather than removing entirely. This should not affect the comparison, but will make the output created displayed in an error message look closer to the actual output of testssl.sh
2017-04-14 16:25:49 -04:00
David Cooper 1249157afd Handle differing HTTP clock skew
Occasionally the HTTP clock skew will differ between the two runs of testssl.sh, so remove that text from the strings that are compared.
2017-04-14 11:39:28 -04:00
David Cooper d82f809c6d Add Travis test for HTML output
I've never programmed in perl before, but this script seems to work. It includes two checks:

* I runs testssl.sh without the `--debug` flags and checks that the HTML file is the same as what is sent to the terminal.

* It runs testssl.sh with `--debug 4` and checks that the HTML file created is the same as the one created without the `--debug` flag.
2017-04-14 11:24:26 -04:00
David Cooper 7747d965d4 Merge branch '2.9dev' into openssl_location 2017-04-14 09:12:20 -04:00
Dirk 4b833b7b6e code readability improvements 2017-04-14 11:26:01 +02:00
Dirk Wetter 3d8c8769a9 Merge pull request #709 from dcooper16/fix_616
Fix #616
2017-04-14 11:04:54 +02:00
Dirk Wetter 0b9c04350d Merge pull request #710 from dcooper16/debug_output_in_html
No debugging text in HTML output
2017-04-14 11:03:48 +02:00
David Cooper 27124a404b Merge branch '2.9dev' into debug_output_in_html 2017-04-13 16:34:44 -04:00
David Cooper 2bfc0dc1d7 Merge branch '2.9dev' into fix_616 2017-04-13 16:33:57 -04:00
David Cooper 756e28d2dc Merge branch '2.9dev' into openssl_location 2017-04-13 16:31:30 -04:00
Dirk Wetter df953dca25 Merge pull request #711 from dcooper16/color_in_headers
Use of color in emphasize_stuff_in_headers()
2017-04-13 22:22:59 +02:00
David Cooper dcfee43b0d Use of color in emphasize_stuff_in_headers()
`emphasize_stuff_in_headers()` only adds color to the text being printed to the terminal if `$COLOR` is 2. So, the same should be the case for the HTML output.
2017-04-13 16:06:06 -04:00
David Cooper 5afee01797 No debugging text in HTML output
This PR fixes two places in which output is being included in the HTML output, but shouldn't be.
2017-04-13 14:28:39 -04:00
David Cooper 712c4ad30b Fix #616
This PR addresses issue #616, changing `run_cipher_match()` so that only those ciphers that are available are shown, unless the `--show-each` flag has been provided.

It also fixes a problem where the signature algorithm isn't being shown, even if `$SHOW_SIGALGO` is true.
2017-04-13 14:03:51 -04:00
David Cooper c77cbc3043 Merge branch '2.9dev' into openssl_location 2017-04-13 11:05:28 -04:00
Dirk Wetter 34a512a363 Merge pull request #708 from dcooper16/use_get_cipher
Use get_cipher() helper function
2017-04-13 16:50:42 +02:00
David Cooper e3e25ce1c3 Use get_cipher helper function
The new `get_cipher()` helper function was not being used in every place where it could be used.
2017-04-13 10:32:19 -04:00
David Cooper ae1bd5c6bd Merge branch '2.9dev' into openssl_location
Conflicts:
	testssl.sh
2017-04-12 16:07:42 -04:00
Dirk 5168fab693 minor polishing 2017-04-12 21:50:55 +02:00
David Cooper 59683927f8 Prevent word splitting 2017-04-12 15:39:37 -04:00
David Cooper 4d0bd4acb5 Merge branch '2.9dev' into openssl_location 2017-04-12 15:36:58 -04:00
Dirk Wetter d2b70f7289 Merge pull request #706 from dcooper16/fix_702
Fix #702
2017-04-12 21:33:36 +02:00
Dirk Wetter 9f7ab1cef6 Merge pull request #707 from dcooper16/more_702_fixes
More fixes for #702
2017-04-12 21:19:17 +02:00
Dirk 036bf2e53c revamped run_std_cipherlists(). There are now less catagories, less overlap and it's more modern:
NULL ciphers (no encryption)
 Anonymous NULL Ciphers (no authentication)
 Export ciphers (w/o ADH+NULL)
 LOW: 64 Bit + DES encryption (w/o export)
 Weak 128 Bit ciphers
 Triple DES Ciphers (Medium)
 High grade encryption
 Strong grade encryption (AEAD ciphers)
2017-04-12 21:00:08 +02:00
David Cooper 2ac14e879d More fixes for #702
This PR just addresses some places where quotes need to be used to avoid word splitting in case the referenced file, or path to the file, contains space characters.
2017-04-12 14:34:26 -04:00
David Cooper fa736cf6d9 Fix typo in run_mass_testing_parallel() 2017-04-12 12:24:33 -04:00
David Cooper 513ba8ff2d Another fix to calling child process
The previous fix did not work if testssl.sh was found via `$PATH`. This seems to work in all cases. If testssl.sh is found via `$PATH` or if the command line includes a path, then `which` returns a non-empty response; otherwise, `$0` does not include any path, but one needs to be provided, so `$RUN_DIR/$PROG_NAME` is used.
2017-04-12 12:15:27 -04:00
David Cooper f094013aeb Fix creation of child process
Using "$0" as the name of the executable seems to work as long as "$0" contains a directory name (e.g, "workingfiles/testssl.sh"), but not if it is just the name of the executable (e.g., "testssl.sh"). Specifying "$RUN_DIR/$PROG_NAME" seems to work in both cases, since if "$0" doesn't contain any path information, `$RUN_DIR` is `.`
2017-04-12 11:39:24 -04:00
David Cooper 6633d0e549 Improve pretty-printing of command line string
Use the suggestion "If you want to print the argument list as close as possible to what the user probably entered" from http://stackoverflow.com/questions/10835933/preserve-quotes-in-bash-arguments to create `$CMDLINE` and to print the command lines in `run_mass_testing()` and `run_mass_testing_parallel()`.
2017-04-12 10:00:40 -04:00
David Cooper 7cbce9cb55 Fix #702
This PR addresses issue #702. Rather than create the command line for each child process in `run_mass_testing()` as a string, it creates it as an array, with each argument being a separate element in the array. This was done based on http://mywiki.wooledge.org/BashFAQ/050.

The printing of each child's command line done based on http://stackoverflow.com/questions/10835933/preserve-quotes-in-bash-arguments.

The `$CMDLINE` string remains unchanged, even though it isn't entirely "correct," since http://jsonlint.com/ complains if the "Invocation:" string contains backslashes.
2017-04-11 17:05:27 -04:00
David Cooper 91695fe07e Merge branch '2.9dev' into openssl_location 2017-04-11 13:17:22 -04:00
Dirk ed2aa6698d comments added for #705 2017-04-11 18:48:23 +02:00
Dirk Wetter 3820e2c25c Merge pull request #705 from dcooper16/read_tls_data
Don't read tls_data.txt inside function
2017-04-11 18:40:01 +02:00
David Cooper a1d4eac64d Don't read tls_data.txt inside function
I was doing some testing on my extended_tls_sockets branch and discovered that it was not fully working since the `TLS13_KEY_SHARES` array was empty. According to https://lists.gnu.org/archive/html/bug-bash/2012-06/msg00068.html, there is an issue when trying to initialize a global array inside a function. (The current code initializes `TLS12_CIPHER`, `TLS_CIPHER`, and `TLS13_KEY_SHARES` within `get_install_dir()`, since tls_data.txt is read in that function.) In fact, according to http://stackoverflow.com/questions/10806357/associative-arrays-are-local-by-default, in order to initialize a global variable in a function, one needs to provide the `-g` option, which was only added in Bash 4.2.

This PR seems to fix the problem by moving the reading of tls_data.txt to the main body of the code rather than reading it within the `get_install_dir()` function.
2017-04-10 17:07:46 -04:00
David Cooper 43a4358442 Merge branch '2.9dev' into openssl_location 2017-04-10 09:00:06 -04:00
Dirk 5054cc33f3 rename *test_just_one as @AlGreed suggestted in #703 2017-04-10 14:45:39 +02:00
Dirk 0bbbd5217a swapped -f and -s
-f is now forward secrecy
    -s is standard cipher lists
2017-04-08 09:14:56 +02:00
David Cooper 25977d5537 Merge branch '2.9dev' into openssl_location 2017-04-07 09:41:40 -04:00
Dirk 55713e4929 use per default a lf before the first fatal message 2017-04-07 10:26:41 +02:00
Dirk c75a2cd838 In addition to #701 add quotes for correcting cmdline parsing -- especially for supplied filenames/arguments
(HTML,CSV,JOSN,PROXY).

Also strip off leading http:// | https://  for --proxy
2017-04-07 09:49:44 +02:00