mirrors/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2025-10-31 15:41:02 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into openss2rfc_rfc2openssl

Browse Source
This commit is contained in:
David Cooper 2016-06-24 13:25:11 -04:00
commit d30dbe3c41
1 changed files with 42 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
testssl.sh
View File

@ -125,9 +125,9 @@ tty -s && \
readonly INTERACTIVE=false readonly INTERACTIVE=false
if ! tput cols &>/dev/null || ! $INTERACTIVE; then # Prevent tput errors if running non interactive if ! tput cols &>/dev/null || ! $INTERACTIVE; then # Prevent tput errors if running non interactive
TERM_DWITH=${COLUMNS:-80} TERM_WIDTH=${COLUMNS:-80}
else else
TERM_DWITH=${COLUMNS:-$(tput cols)} # for custom line wrapping and dashes TERM_WIDTH=${COLUMNS:-$(tput cols)} # for custom line wrapping and dashes
fi fi
TERM_CURRPOS=0 # custom line wrapping needs alter the current horizontal cursor pos TERM_CURRPOS=0 # custom line wrapping needs alter the current horizontal cursor pos
@ -2204,6 +2204,7 @@ run_client_simulation() {
else else
#FIXME: awk #FIXME: awk
proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g') proto=$(grep -aw "Protocol" $TMPFILE | sed -e 's/^.*Protocol.*://' -e 's/ //g')
[[ "$proto" == TLSv1 ]] && proto="TLSv1.0"
if [[ "$proto" == TLSv1.2 ]]; then if [[ "$proto" == TLSv1.2 ]]; then
# OpenSSL reports TLS1.2 even if the connection is TLS1.1 or TLS1.0. Need to figure out which one it is... # OpenSSL reports TLS1.2 even if the connection is TLS1.1 or TLS1.0. Need to figure out which one it is...
for tls in ${tlsvers[i]}; do for tls in ${tlsvers[i]}; do
@ -6202,7 +6203,7 @@ MAPPING_FILE_RFC: $MAPPING_FILE_RFC
CAPATH: $CAPATH CAPATH: $CAPATH
COLOR: $COLOR COLOR: $COLOR
COLORBLIND: $COLORBLIND COLORBLIND: $COLORBLIND
TERM_DWITH: $TERM_DWITH TERM_WIDTH: $TERM_WIDTH
INTERACTIVE: $INTERACTIVE INTERACTIVE: $INTERACTIVE
HAS_GNUDATE: $HAS_GNUDATE HAS_GNUDATE: $HAS_GNUDATE
HAS_FREEBSDDATE: $HAS_FREEBSDDATE HAS_FREEBSDDATE: $HAS_FREEBSDDATE
@ -6722,7 +6723,6 @@ ignore_no_or_lame() {
} }
# arg1: URI # arg1: URI
# arg2: protocol
parse_hn_port() { parse_hn_port() {
local tmp_port local tmp_port
@ -6755,13 +6755,27 @@ parse_hn_port() {
debugme echo $NODE:$PORT debugme echo $NODE:$PORT
SNI="-servername $NODE" SNI="-servername $NODE"
# now do logging if instructed URL_PATH=$(echo "$1" | sed 's/https:\/\///' | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port
URL_PATH=$(echo "$URL_PATH" | sed 's/\/\//\//g') # we rather want // -> /
[[ -z "$URL_PATH" ]] && URL_PATH="/"
debugme echo $URL_PATH
return 0 # NODE, URL_PATH, PORT is set now
}
# now do logging if instructed
# arg1: for testing mx records name we put a name of logfile in here, otherwise we get strange file names
prepare_logging() {
local fname_prefix="$1"
[[ -z "$fname_prefix" ]] && fname_prefix="$NODE"
if "$do_logging"; then if "$do_logging"; then
if [[ -z "$LOGFILE" ]]; then if [[ -z "$LOGFILE" ]]; then
LOGFILE=$NODE-$(date +"%Y%m%d-%H%M".log) LOGFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".log)
elif [[ -d "$LOGFILE" ]]; then elif [[ -d "$LOGFILE" ]]; then
# actually we were instructed to place all files in a DIR instead of the current working dir # actually we were instructed to place all files in a DIR instead of the current working dir
LOGFILE=$LOGFILE/$NODE-$(date +"%Y%m%d-%H%M".log) LOGFILE=$LOGFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".log)
else else
: # just for clarity: a log file was specified, no need to do anything else : # just for clarity: a log file was specified, no need to do anything else
fi fi
@ -6775,32 +6789,26 @@ parse_hn_port() {
if "$do_json"; then if "$do_json"; then
if [[ -z "$JSONFILE" ]]; then if [[ -z "$JSONFILE" ]]; then
JSONFILE=$NODE-$(date +"%Y%m%d-%H%M".json) JSONFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".json)
elif [[ -d "$JSONFILE" ]]; then elif [[ -d "$JSONFILE" ]]; then
# actually we were instructed to place all files in a DIR instead of the current working dir # actually we were instructed to place all files in a DIR instead of the current working dir
JSONFILE=$JSONFILE/$NODE-$(date +"%Y%m%d-%H%M".json) JSONFILE=$JSONFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".json)
fi fi
fi fi
if "$do_csv"; then if "$do_csv"; then
if [[ -z "$CSVFILE" ]]; then if [[ -z "$CSVFILE" ]]; then
CSVFILE=$NODE-$(date +"%Y%m%d-%H%M".csv) CSVFILE=$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
elif [[ -d "$CSVFILE" ]]; then elif [[ -d "$CSVFILE" ]]; then
# actually we were instructed to place all files in a DIR instead of the current working dir # actually we were instructed to place all files in a DIR instead of the current working dir
CSVFILE=$CSVFILE/$NODE-$(date +"%Y%m%d-%H%M".csv) CSVFILE=$CSVFILE/$fname_prefix-$(date +"%Y%m%d-%H%M".csv)
fi fi
fi fi
fileout_header # write out any CSV/JSON header line fileout_header # write out any CSV/JSON header line
URL_PATH=$(echo "$1" | sed 's/https:\/\///' | sed 's/'"${NODE}"'//' | sed 's/.*'"${PORT}"'//') # remove protocol and node part and port return 0
URL_PATH=$(echo "$URL_PATH" | sed 's/\/\//\//g') # we rather want // -> /
[[ -z "$URL_PATH" ]] && URL_PATH="/"
debugme echo $URL_PATH
return 0 # NODE, URL_PATH, PORT is set now
} }
# args: string containing ip addresses # args: string containing ip addresses
filter_ip6_address() { filter_ip6_address() {
local a local a
@ -7236,7 +7244,7 @@ draw_line() {
} }
mx_all_ips() { run_mx_all_ips() {
local mxs mx local mxs mx
local mxport local mxport
local -i ret=0 local -i ret=0
@ -7246,12 +7254,17 @@ mx_all_ips() {
# test first higher priority servers # test first higher priority servers
mxs=$(get_mx_record "$1" | sort -n | sed -e 's/^.* //' -e 's/\.$//' | tr '\n' ' ') mxs=$(get_mx_record "$1" | sort -n | sed -e 's/^.* //' -e 's/\.$//' | tr '\n' ' ')
mxport=${2:-25} mxport=${2:-25}
if [[ -n "$LOGFILE" ]]; then
prepare_logging
else
prepare_logging "mx-$1"
fi
if [[ -n "$mxs" ]] && [[ "$mxs" != ' ' ]]; then if [[ -n "$mxs" ]] && [[ "$mxs" != ' ' ]]; then
[[ $mxport == "465" ]] && \ [[ $mxport == "465" ]] && \
STARTTLS_PROTOCOL="" # no starttls for Port 465, on all other ports we speak starttls STARTTLS_PROTOCOL="" # no starttls for Port 465, on all other ports we speak starttls
pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs" pr_bold "Testing now all MX records (on port $mxport): "; outln "$mxs"
for mx in $mxs; do for mx in $mxs; do
draw_line "-" $((TERM_DWITH * 2 / 3)) draw_line "-" $((TERM_WIDTH * 2 / 3))
outln outln
parse_hn_port "$mx:$mxport" parse_hn_port "$mx:$mxport"
determine_ip_addresses || continue determine_ip_addresses || continue
@ -7267,7 +7280,7 @@ mx_all_ips() {
fi fi
ret=$(($? + ret)) ret=$(($? + ret))
done done
draw_line "-" $((TERM_DWITH * 2 / 3)) draw_line "-" $((TERM_WIDTH * 2 / 3))
outln outln
pr_bold "Done testing now all MX records (on port $mxport): "; outln "$mxs" pr_bold "Done testing now all MX records (on port $mxport): "; outln "$mxs"
else else
@ -7293,7 +7306,7 @@ run_mass_testing_parallel() {
[[ -z "$cmdline" ]] && continue [[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break [[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch -q $cmdline" cmdline="$0 $global_cmdline --warnings=batch -q $cmdline"
draw_line "=" $((TERM_DWITH / 2)); outln; draw_line "=" $((TERM_WIDTH / 2)); outln;
determine_logfile determine_logfile
outln "$cmdline" outln "$cmdline"
$cmdline >$LOGFILE & $cmdline >$LOGFILE &
@ -7318,7 +7331,7 @@ run_mass_testing() {
[[ -z "$cmdline" ]] && continue [[ -z "$cmdline" ]] && continue
[[ "$cmdline" == "EOF" ]] && break [[ "$cmdline" == "EOF" ]] && break
cmdline="$0 $global_cmdline --warnings=batch -q --append $cmdline" cmdline="$0 $global_cmdline --warnings=batch -q --append $cmdline"
draw_line "=" $((TERM_DWITH / 2)); outln; draw_line "=" $((TERM_WIDTH / 2)); outln;
outln "$cmdline" outln "$cmdline"
$cmdline $cmdline
done < "${FNAME}" done < "${FNAME}"
@ -7873,10 +7886,11 @@ fi
if $do_mx_all_ips; then if $do_mx_all_ips; then
query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified query_globals # if we have just 1x "do_*" --> we do a standard run -- otherwise just the one specified
[[ $? -eq 1 ]] && set_scanning_defaults [[ $? -eq 1 ]] && set_scanning_defaults
mx_all_ips "${URI}" $PORT run_mx_all_ips "${URI}" $PORT # we should reduce run_mx_all_ips to the stuff neccessary as ~15 lines later we have sililar code
ret=$? ret=$?
else else
parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now parse_hn_port "${URI}" # NODE, URL_PATH, PORT, IPADDR and IP46ADDR is set now
prepare_logging
if ! determine_ip_addresses && [[ -z "$CMDLINE_IP" ]]; then if ! determine_ip_addresses && [[ -z "$CMDLINE_IP" ]]; then
fatal "No IP address could be determined" fatal "No IP address could be determined"
fi fi
@ -7890,13 +7904,13 @@ else
if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check if [[ $(count_words "$(echo -n "$IPADDRs")") -gt 1 ]]; then # we have more than one ipv4 address to check
pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs" pr_bold "Testing all IPv4 addresses (port $PORT): "; outln "$IPADDRs"
for ip in $IPADDRs; do for ip in $IPADDRs; do
draw_line "-" $((TERM_DWITH * 2 / 3)) draw_line "-" $((TERM_WIDTH * 2 / 3))
outln outln
NODEIP="$ip" NODEIP="$ip"
lets_roll "${STARTTLS_PROTOCOL}" lets_roll "${STARTTLS_PROTOCOL}"
ret=$(($? + ret)) ret=$(($? + ret))
done done
draw_line "-" $((TERM_DWITH * 2 / 3)) draw_line "-" $((TERM_WIDTH * 2 / 3))
outln outln
pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs" pr_bold "Done testing now all IP addresses (on port $PORT): "; outln "$IPADDRs"
else # we need just one ip4v to check else # we need just one ip4v to check
@ -7910,4 +7924,4 @@ fi
exit $? exit $?
# $Id: testssl.sh,v 1.505 2016/06/23 12:33:25 dirkw Exp $ # $Id: testssl.sh,v 1.507 2016/06/24 17:00:58 dirkw Exp $