Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-09-06 03:52:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4953d6e22ad2d3420d40540ba6084aac0c46621
testssl.sh/t
History
Dirk Wetter a4953d6e22 Redo PR for Opossum 
Fixes #2833

This does a check for the opossum vulnerability, see https://opossum-attack.com/ .

It uses a separate function to send the payload and retrieve the result via `http_header_printf()`.  It doesn't use curl or wget. The latter wouldn't work anyway as according to the manpage as the HTTP header which needs to be sent must not contain LFs.  This function was introduced because `http_get_header()` -- which was renamed to `http_head()` -- could use wget if curl is not available. On the way to this PR `http_head()` was improved, so that timeouts were used for curl and wget for better maturity.

`http_header_printf()` now uses bach sockets , strips the URI so that a plaintext request is made. This will be done in the background because not every host will answer.

Done also:
- handling when PROXY is requested (try anyway directly as the payload is not "proxyable")
- print a message when no HTTP service is present
- try hard to use plaintext HTTP when auth is required for HTTPS and service HTTP would not be defined otherwise
- manpages
- help

Also when pwnedkeys are checked a not pwned certificate is labled not neutral but OK=green.
2025-07-12 20:59:50 +02:00
..
baseline_data
Redo PR for Opossum
2025-07-12 20:59:50 +02:00
00_testssl_help.t
Number each check / make it work under MacOS
2025-05-08 14:13:01 +02:00
01_testssl_banner.t
Number each check / make it work under MacOS
2025-05-08 14:17:01 +02:00
02_clientsim_txt_parsable.t
Number each check
2025-05-08 14:18:30 +02:00
05_ca_hashes_up_to_date.t
Better phrasing
2025-05-08 14:30:13 +02:00
10_baseline_ipv4_http.t
Fix missing issuer CN
2025-06-10 22:54:11 +02:00
11_baseline_ipv6_http.t.DISABLED
s/drwetter/testssl
2025-01-24 11:15:55 +01:00
12_diff_opensslversions.t
For Mac: use homebrew's openssl
2025-07-10 13:19:46 +02:00
21_baseline_starttls.t
Numbering the checks
2025-05-08 23:08:59 +02:00
23_client_simulation.t
Ensure that stderr is caught / $prg=testssl.sh
2025-05-27 10:54:25 +02:00
31_isJSON_valid.t
Ensure that stderr is caught / $prg=testssl.sh
2025-05-27 10:54:25 +02:00
32_isHTML_valid.t
Redo PR for Opossum
2025-07-12 20:59:50 +02:00
33_isJSON_severitylevel_valid.t
Add missing vim modeline config in sh & perl files, cc #1901
2021-06-01 14:40:24 +08:00
51_badssl.com.t
Ensure that stderr is caught / $prg=testssl.sh
2025-05-27 10:54:25 +02:00
52_ocsp_revoked.t
Fix 52_ocsp_revoked (OCSP --> CRL)
2025-07-03 16:56:28 +02:00
59_hpkp.t.tmpDISABLED
Add missing vim modeline config in sh & perl files, cc #1901
2021-06-01 14:40:24 +08:00
61_diff_testsslsh.t
Handle space problem
2025-05-20 10:48:54 +02:00
Readme.md
minor stuff
2025-01-27 16:37:04 +01:00

Readme.md

Naming scheme

  • 00-05: Does the bare testssl.sh work at all?
  • 10-29: Do scans work fine (client side)?
  • 30-39: Does reporting work?
  • 50-69: Are the results what I expect (server side)?

Please help to write CI tests! Documentation can be found here. You can consult the existing code here. Feel free to use 10_baseline_ipv4_http.t or 12_diff_opensslversions.t as a template. The latter is newer and code is cleaner.