Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-05 19:42:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
2,134 Commits 16 Branches 34 Tags
d3c3d65e1ffb19e302ae1d89dfe780464072d022
Commit Graph

2134 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirk
2936a42bc7 address #626 2017-05-09 21:58:03 +02:00
Dirk
9ed47eaa19 FIX #718 (added TLS padding to ticketbleed handshake). Also added TLS extension Signature Algorithms 2017-05-09 17:29:57 +02:00
Dirk
23e6209beb Merge branch '2.9dev' of github.com:drwetter/testssl.sh into 2.9dev 2017-05-08 23:55:19 +02:00
Dirk
ebd9e6ae65 manually merged #728 (see #423), credits also to @seccubus. Unfortunately the unit tests don't make so much sense atm 2017-05-08 23:51:37 +02:00
Dirk Wetter
53da6da77b Merge pull request #730 from typingArtist/729_catch_read_timeout 
correctly capture return code in starttls_full_read
 2017-05-04 22:32:23 +02:00
Dirk
699b48c8b8 lowering severity and taking other clients as browsers into account #735 2017-05-04 12:34:20 +02:00
Dirk Wetter
19052da1a5 Merge pull request #735 from tkaehn/alert_on_missing_sans 
Alert on missing SANs
 2017-05-04 11:52:47 +02:00
Thomas Kähn
5293c51bc4 Alert on missing SANs 2017-05-04 11:09:27 +02:00
Dirk Wetter
c9b6ee25b1 Delete 11_hpkp.t 2017-05-04 10:29:06 +02:00
Dirk
7d8479f55e temporary disabled until either an replacement has been coded or host is up again 2017-05-04 10:14:42 +02:00
typingArtist
55bbeef36c correctly capture return code in starttls_full_read 2017-04-30 19:57:40 +02:00
Dirk
ba9c056dfc renamed browser --> client simulation 2017-04-28 20:35:07 +02:00
Dirk Wetter
ef10fc3119 Merge pull request #726 from oerdnj/2.9dev-no-downgrade-breach 
Revert "Downgrade BREACH attack to MEDIUM severity"
 2017-04-25 23:10:11 +02:00
Ondřej Surý
c3fd0249f5 Revert "Downgrade BREACH attack to MEDIUM severity (as it depends on many things)" 
This reverts commit 3d2666ab79.
 2017-04-25 16:32:06 +02:00
Dirk Wetter
bd4575e14d Merge pull request #724 from oerdnj/2.9dev 
Fix prln usage to outln
 2017-04-25 16:27:47 +02:00
Ondřej Surý
3d2666ab79 Downgrade BREACH attack to MEDIUM severity (as it depends on many things) 2017-04-25 16:17:43 +02:00
Ondřej Surý
3fe0975f27 Merge branch '2.9dev-return-code' into 2.9dev 2017-04-25 15:19:46 +02:00
Ondřej Surý
9c7076b579 $? has an exitcode of the previous if then fi statement, use exit $ret 2017-04-25 15:12:01 +02:00
Ondřej Surý
4579ed2398 Fix prln usage to outln 2017-04-25 15:06:41 +02:00
Dirk
8ea8513529 fixed in Testing server preferences --> Negotiated cipher the empty TMPfile which led to an ugly error 
fixed in Session Resumption  for tickets if no extension=no resumption: there was 1x LF too much
 2017-04-24 19:18:39 +02:00
Dirk Wetter
7a99549e80 Merge pull request #721 from dcooper16/client_simulation_wide_option 
Add wide option for client simulations
 2017-04-24 16:26:08 +02:00
David Cooper
eea91a5a61 Merge branch '2.9dev' into client_simulation_wide_option 2017-04-24 08:50:53 -04:00
Dirk
01489b9ca1 special treatment for empty serverhello for ticketbleed 2017-04-24 09:25:23 +02:00
Dirk
2db8e8e8b1 use HAS_NO_SSL2 2017-04-22 22:14:06 +02:00
Dirk
c8cd1318e9 FIX #719, still work to do for ticketbleed (#655) 2017-04-22 15:39:18 +02:00
Dirk
f8e1ad0b7f add missing # 2017-04-22 15:19:39 +02:00
David Cooper
deab58fe26 Add wide option for client simulations 
There is a comment in the `run_client_simulation()` function that says "FIXME: printf formatting would look better, especially if we want a wide option here."

This PR is an attempt at addressing that FIXME and adding a wide option. The proposed wide option prints the same information as the non-wide option, just with the columns aligned. I didn't add any of the additional information that is displayed by other functions in wide mode, since I thought that made the output too wide.
 2017-04-21 16:27:02 -04:00
Dirk
584c933493 updated user agent for sneaky 2017-04-21 11:31:42 +02:00
Dirk
7de5e0113b check in 2017-04-21 11:29:20 +02:00
Dirk
28660f7a77 corrected pr_warningln 2017-04-20 17:29:07 +02:00
Dirk
1d992f3620 preview from clientsim branch, important to add now 2017-04-20 17:24:07 +02:00
Dirk
7c676dfc63 FIX #717 -- doubel meaning fo '-h' 2017-04-19 19:46:54 +02:00
Dirk Wetter
869ec9b9c3 Merge pull request #685 from dcooper16/openssl_location 
Populate OPENSSL_LOCATION in find_openssl_binary
 2017-04-19 18:23:14 +02:00
Dirk Wetter
219a07a620 Merge pull request #716 from gniltaws/2.9dev 
Use $TESTSSL_INSTALL_DIR instead of $RUN_DIR in find_openssl_binary() - Second Try
 2017-04-19 18:05:03 +02:00
Dirk Wetter
828dda79f3 Merge pull request #715 from dcooper16/travis_check_for_html 
Add Travis test for HTML output
 2017-04-19 16:01:07 +02:00
Todd Swatling
ee4975ac8a modified find_openssl_binary() to use TESTSSL_INSTALL_DIR since get_install_dir() works very hard to determine the where testssl actually is 2017-04-19 09:40:56 -04:00
David Cooper
6d1aec736e Add Travis test for HTML output 
It seems that I needed to escape the plus sign in the check for the HTTP clock skew.
 2017-04-19 09:19:24 -04:00
David Cooper
f7540cae57 Merge branch '2.9dev' into openssl_location 2017-04-19 09:13:33 -04:00
Dirk
c4a2ba8b49 vuln count adjusted 2017-04-19 01:21:13 +02:00
Dirk Wetter
51497c9dfb Merge pull request #714 from drwetter/revert-712-travis_check_for_html 
Revert "Add Travis test for HTML output"
 2017-04-19 00:55:35 +02:00
Dirk Wetter
9164230186 Revert "Add Travis test for HTML output" 2017-04-19 00:53:38 +02:00
Dirk Wetter
5285c26759 Merge pull request #712 from dcooper16/travis_check_for_html 
Add Travis test for HTML output
 2017-04-19 00:38:27 +02:00
Dirk
9ff868b083 fix travis 2017-04-19 00:35:55 +02:00
Dirk
2469603a7f save also 1x connect for heartbleed() by reusing a previoulsy identified protocol 2017-04-19 00:30:09 +02:00
Dirk
de79bd6b0e implemented ticketbleed (experimental). Renamed other vulnerabilty checks to easier memorize each check: 
-H is now --heartbleed instead of --headers,
-B is now --breach instead of --heartbleed,
-T is now --ticketbleed (was previously --breach)

bugs fix for run_ccs_injection() where the tls protocols wa not properly passed to the ClientHello

Made use of already determined protocol ( this time only from determine_optimal_proto() ) ==> we shpould use this in run_protocols() too!)
for run_ccs_injection + run_ticketbleed(). For achieving this determine_optimal_proto() needed to be modified so that it adds a protocol
to PROTOS_OFFERED (all_failed is now boolean there)

added two easy functions for converting dec to hex

sockread_fast() is for testing which should make socket erads faster -- albeit it could potentially block the whole thing
 2017-04-18 23:15:32 +02:00
Dirk
ac5b9a8a78 minor polishing, correct handshake length 2017-04-18 23:06:12 +02:00
Dirk
dd9b3919fc PoC uploaded 2017-04-16 20:38:47 +02:00
David Cooper
c76f6019e3 Fix typo 
Missing "/" in second call to testssl.sh
 2017-04-14 16:31:46 -04:00
David Cooper
6d55b2e6f3 Include banner in check 
* Changed calls to testssl.sh to not include `--quiet` or `--append` flags. Modified perl script to remove HTML header and footer before comparing to terminal output.

* Changed `TERM_WIDTH` to 120 (doesn't affect test, but 80 created too much line wrapping).

* Replace date and time information with X's rather than removing entirely. This should not affect the comparison, but will make the output created displayed in an error message look closer to the actual output of testssl.sh
 2017-04-14 16:25:49 -04:00
David Cooper
1249157afd Handle differing HTTP clock skew 
Occasionally the HTTP clock skew will differ between the two runs of testssl.sh, so remove that text from the strings that are compared.
 2017-04-14 11:39:28 -04:00