mirrors/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-11-04 09:31:08 +01:00
Code Issues Projects Releases Wiki Activity

- first prototype for using = in cmdline, see #108. Tests needed

Browse Source 
- beautified big case loop
This commit is contained in:
Dirk 2015-06-01 12:01:38 +02:00
parent 452fd6762a
commit cac985967f
1 changed files with 128 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

194
testssl.sh
View File

@ -2940,8 +2940,8 @@ old_fart() {
find_openssl_binary() {
# 0. check environment variable whether it's executable
if [ ! -z "$OPENSSL" ] && [ ! -x "$OPENSSL" ]; then
pr_redln "\ncannot find (\$OPENSSL=$OPENSSL) binary."
outln "continuing ..."
pr_red "\ncannot find (\$OPENSSL=$OPENSSL) binary."
outln " Looking some place else ..."
fi
if [ -x "$OPENSSL" ]; then
# 1. check environment variable
@ -3539,6 +3539,18 @@ debug_globals() {
}
# arg1+2 are just the options
parse_opt_equal_sign() {
if [[ "$1" == *=* ]]; then
echo "$1" | awk -F'=' '{ print $2 }'
return 1 # = means we don't need to shift args!
else
echo $2
return 0 # we need to shift
fi
}
# Parses options
startup() {
@ -3547,56 +3559,73 @@ startup() {
while [[ $# -gt 0 ]]; do
case $1 in
-h|--help)
help 0
;;
-b|--banner|-v|--version)
find_openssl_binary
mybanner
exit 0;;
exit 0
;;
--mx)
do_mx_all_ips=true;;
do_mx_all_ips=true
;;
--mx465) # doesn't work with major ISPs
do_mx_all_ips=true
PORT=465 ;;
PORT=465
;;
--mx587) # doesn't work with major ISPs
do_mx_all_ips=true
PORT=587 ;;
--ip)
CMDLINE_IP=$2
shift ;;
-V|--local) # this is only displaying local, thus we don't put it in the loop
PORT=587
;;
--ip|--ip=*)
CMDLINE_IP=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
;;
-V|-V=*|--local|--local=*) # this is only displaying local ciphers, thus we don't put it in the loop
find_openssl_binary
mybanner
openssl_age
maketempf
initialize_engine # GOST support-
prettyprint_local "$2"
exit $? ;;
-x|--single-cipher|--single_cipher)
initialize_engine # for GOST support
prettyprint_local $(parse_opt_equal_sign "$1" "$2")
exit $?
;;
-x|-x=*|--single[-_]cipher|--single[-_]cipher=*)
do_test_just_one=true
single_cipher=$2
shift;;
-t|--starttls)
STARTTLS_PROTOCOL=$2
single_cipher=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
;;
-t|-t=*|--starttls|--starttls=*)
do_starttls=true
shift;;
STARTTLS_PROTOCOL=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
;;
-e|--each-cipher)
do_allciphers=true;;
do_allciphers=true
;;
-E|--cipher-per-proto|--cipher_per_proto)
do_cipher_per_proto=true;;
-h|--help)
help 0 ;;
do_cipher_per_proto=true
;;
-p|--protocols)
do_protocols=true
do_spdy=true;;
do_spdy=true
;;
-y|--spdy|--npn)
do_spdy=true;;
do_spdy=true
;;
-f|--ciphers)
do_run_std_cipherlists=true;;
-S|--server_defaults|--server-defaults)
do_server_defaults=true;;
-P|--server_preference|--server-preference)
do_server_preference=true;;
do_run_std_cipherlists=true
;;
-S|--server[-_]defaults)
do_server_defaults=true
;;
-P|--server[_-]preference)
do_server_preference=true
;;
-H|--header|--headers)
do_header=true;;
do_header=true
;;
-U|--vulnerable)
do_vulnerabilities=true
do_heartbleed=true
@ -3609,39 +3638,51 @@ startup() {
do_beast=true
do_rc4=true
do_logjam=true
VULN_COUNT=10 ;;
VULN_COUNT=10
;;
-B|--heartbleed)
do_heartbleed=true
let "VULN_COUNT++" ;;
-I|--ccs|--ccs_injection|--ccs-injection)
let "VULN_COUNT++"
;;
-I|--ccs|--ccs[-_]injection)
do_ccs_injection=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-R|--renegotiation)
do_renego=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-C|--compression|--crime)
do_crime=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-T|--breach)
do_breach=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-O|--poodle)
do_ssl_poodle=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-F|--freak)
do_freak=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-J|--logjam)
do_logjam=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-A|--beast)
do_beast=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-4|--rc4|--appelbaum)
do_rc4=true
let "VULN_COUNT++" ;;
let "VULN_COUNT++"
;;
-s|--pfs|--fs|--nsa)
do_pfs=true;;
do_pfs=true
;;
-q) ### this is a development feature and will disappear:
# DEBUG=3 ./testssl.sh -q 03 "cc, 13, c0, 13" google.de
# DEBUG=3 ./testssl.sh -q 01 yandex.ru
@ -3652,41 +3693,56 @@ startup() {
fi
shift
do_tls_sockets=true
outln "TLS_LOW_BYTE/HEX_CIPHER: ${TLS_LOW_BYTE}/${HEX_CIPHER}" ;;
--wide) WIDE=0 ;;
--assuming-http|--assuming_http|--assume_http|--assume-http)
ASSUMING_HTTP=0 ;;
outln "TLS_LOW_BYTE/HEX_CIPHER: ${TLS_LOW_BYTE}/${HEX_CIPHER}"
;;
--wide)
WIDE=0
;;
--assuming[_-]http|--assume[-_]http)
ASSUMING_HTTP=0
;;
--sneaky)
SNEAKY=0 ;;
--warnings)
case "$2" in
batch|off|false) WARNINGS="$2" ;;
SNEAKY=0
;;
--warnings|--warnings=*)
WARNINGS=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
case "$WARNING" in
batch|off|false) ;;
default) pr_magentaln "warnings can be either \"batch\", \"off\" or \"false\"" ;;
esac
shift ;;
--show-each|--show_each)
SHOW_EACH_C=1 ;; #FIXME: sense is vice versa
--debug)
DEBUG="$2"
shift ;;
--color)
COLOR=$2
;;
--show[-_]each)
SHOW_EACH_C=1 #FIXME: sense is vice versa
;;
--debug|--debug=*)
DEBUG=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
;;
--color|--color=*)
COLOR=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
if [ $COLOR -ne 0 ] && [ $COLOR -ne 1 ] && [ $COLOR -ne 2 ] ; then
COLOR=2
pr_magentaln "$0: unrecognized color: $2" 1>&2
help 1
fi
shift ;;
--openssl)
OPENSSL="$2"
shift ;;
;;
--openssl|--openssl=*)
OPENSSL=$(parse_opt_equal_sign "$1" "$2")
[ $? -eq 0 ] && shift
;;
--ssl_native|--ssl-native)
SSL_NATIVE=0 ;;
SSL_NATIVE=0
;;
(--) shift
break ;;
break
;;
(-*) pr_magentaln "$0: unrecognized option $1" 1>&2;
help 1 ;;
(*) break ;;
help 1
;;
(*) break
;;
esac
shift
done
@ -3783,6 +3839,6 @@ fi
exit $ret
# $Id: testssl.sh,v 1.267 2015/05/31 12:40:11 dirkw Exp $
# $Id: testssl.sh,v 1.268 2015/06/01 10:01:37 dirkw Exp $
# vim:ts=5:sw=5
# ^^^ FYI: use vim and you will see everything beautifully indented with a 5 char tab