get_server_certificate() includes a few calls to tls_sockets() in which the response will be TLS 1.3 and in which the response will be useless if it cannot be decrypted (since the goal is to obtain the server's certificate). So, these calls to tls_sockets() should specify "all+" rather than "all".
If the order of the cmdline is '-U --ids-friendly' then we need to make sure we catch --ids-friendly. Normally we do not,
see #1717. The following statement makes sure. In the do-while + case-esac loop the check for --ids-friendly will be
executed again, but it does not hurt
Newer dig versions have an option to ignore $HOME/.digrc, older
don't.
This commit adds a patch checking for the availability of
such an option and uses it by default.
If doesn't exist then still dig is used and can still lead to
wrong output. Unfortunately Debian-based distros are not very
good at this. Debian 10, Ubuntu 18.04 still use dig 9.11, whereas
Opensuse 15.2 has 9.16.
Debian 11 and Ubuntu 20.04 use that too.
Thus to be considered for the stable 3.0-branch: move
dig in the resolver functions a couple of lines down.
As mentioned in #1931 the port detection for nmap greppable files
leaves space for improvements.
Ths PR adds a pattern detection of ssl and https in the forth or fifth
parameter of an open port, so those ports will be added to a scan when
a nmap greppable output file is supplied as input to testssl.sh .
Also it does minor code adjustments to utils/gmap2testssl.sh .
Same as #1938, only for 3.0.
... see #1936.
It is ~ copied from testssl.sh. It adds a detection for the
strings ssl and https. If those run at non-standard ports but nmap
detected it, it'll show up in the output file.
This addresses a bug filed in #1935 in 3.1dev when the supplied file
has a .txt extension. In this scenario the input file was nulled
as from the input file in nmap format an internal input file was
generated which has a .txt extension, in the same directory.
The idea was to persist the file for the user.
Now, this internal input file is ephemeral and only written to $TEMPDIR.
Same as #1921, only for the stable branch
* define deny list of files when modified not to run GHA
* specitfy OS to be ubuntu-20.04 (is there a debian at all?)
* only use perl 5.26
See #1920
There was by mistake a 179 days threshold and also the error message
was wrong when HSTS was exactly set to 179 days, see #1879.
This commit sets it to 180 days and corrects the error messages on
screen.
