ciphersurfer 1.0.4 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/.rvmrc +1 -0
- data/Gemfile +3 -17
- data/Gemfile.lock +11 -24
- data/LICENSE.txt +3 -1
- data/Rakefile +1 -58
- data/VERSION +1 -1
- data/bin/ciphersurfer +17 -2
- data/ciphersurfer.gemspec +25 -0
- data/lib/ciphersurfer/version.rb +1 -8
- metadata +49 -65
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f1503df20e8e6fb158b82a0cb49f1ec3ccccdf1c
|
4
|
+
data.tar.gz: 0144cabd84f3d1f72fc5844f2d82b025e2f5a5f6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4a0a44b91ffd8a7ceb03ac5ad25b986c5c126607811b4f750a231ac025d5178f92317f07dda234c274ecf0676b329027af432fb12e048c631b6a6d3e1de38a31
|
7
|
+
data.tar.gz: 34428251037480f89df420a00ea8fda7dd6eb972cd5bee9c5efe201192c6a9b4f1967e7948585a409a8fda914877988eba43b9897e8b79dd5afa3c1a55920a4e
|
data/.gitignore
ADDED
data/.rvmrc
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
rvm use 2.1.3@hacking
|
data/Gemfile
CHANGED
@@ -1,18 +1,4 @@
|
|
1
|
-
source
|
1
|
+
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem
|
4
|
-
|
5
|
-
gem 'httpclient'
|
6
|
-
|
7
|
-
# Add dependencies required to use your gem here.
|
8
|
-
# Example:
|
9
|
-
# gem "activesupport", ">= 2.3.5"
|
10
|
-
|
11
|
-
# Add dependencies to develop your gem here.
|
12
|
-
# Include everything needed to run rake, tests, features, etc.
|
13
|
-
group :development do
|
14
|
-
gem "rspec", "~> 2.3.0"
|
15
|
-
gem "bundler", "~> 1.0.0"
|
16
|
-
gem "jeweler", "~> 1.6.4"
|
17
|
-
gem "rcov", ">= 0"
|
18
|
-
end
|
3
|
+
# Specify your gem's dependencies in ciphersurfer.gemspec
|
4
|
+
gemspec
|
data/Gemfile.lock
CHANGED
@@ -1,34 +1,21 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
ciphersurfer (1.2.0)
|
5
|
+
httpclient
|
6
|
+
rainbow
|
7
|
+
|
1
8
|
GEM
|
2
|
-
remote:
|
9
|
+
remote: https://rubygems.org/
|
3
10
|
specs:
|
4
|
-
diff-lcs (1.1.3)
|
5
|
-
git (1.2.5)
|
6
11
|
httpclient (2.2.4)
|
7
|
-
jeweler (1.6.4)
|
8
|
-
bundler (~> 1.0)
|
9
|
-
git (>= 1.2.5)
|
10
|
-
rake
|
11
|
-
json (1.6.5)
|
12
12
|
rainbow (1.1.3)
|
13
13
|
rake (0.9.2.2)
|
14
|
-
rcov (0.9.11)
|
15
|
-
rspec (2.3.0)
|
16
|
-
rspec-core (~> 2.3.0)
|
17
|
-
rspec-expectations (~> 2.3.0)
|
18
|
-
rspec-mocks (~> 2.3.0)
|
19
|
-
rspec-core (2.3.1)
|
20
|
-
rspec-expectations (2.3.0)
|
21
|
-
diff-lcs (~> 1.1.2)
|
22
|
-
rspec-mocks (2.3.0)
|
23
14
|
|
24
15
|
PLATFORMS
|
25
16
|
ruby
|
26
17
|
|
27
18
|
DEPENDENCIES
|
28
|
-
bundler (~> 1.
|
29
|
-
|
30
|
-
|
31
|
-
json
|
32
|
-
rainbow
|
33
|
-
rcov
|
34
|
-
rspec (~> 2.3.0)
|
19
|
+
bundler (~> 1.5)
|
20
|
+
ciphersurfer!
|
21
|
+
rake
|
data/LICENSE.txt
CHANGED
data/Rakefile
CHANGED
@@ -1,58 +1 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'rubygems'
|
4
|
-
require 'bundler'
|
5
|
-
begin
|
6
|
-
Bundler.setup(:default, :development)
|
7
|
-
rescue Bundler::BundlerError => e
|
8
|
-
$stderr.puts e.message
|
9
|
-
$stderr.puts "Run `bundle install` to install missing gems"
|
10
|
-
exit e.status_code
|
11
|
-
end
|
12
|
-
require 'rake'
|
13
|
-
|
14
|
-
require 'jeweler'
|
15
|
-
require './lib/ciphersurfer/version'
|
16
|
-
|
17
|
-
Jeweler::Tasks.new do |gem|
|
18
|
-
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
19
|
-
gem.name = "ciphersurfer"
|
20
|
-
gem.homepage = "http://github.com/thesp0nge/ciphersurfer"
|
21
|
-
gem.license = "BSD"
|
22
|
-
gem.version = Ciphersurfer::Version::STRING
|
23
|
-
File.open('VERSION', 'w') {|f| f.write(Ciphersurfer::Version::STRING) }
|
24
|
-
|
25
|
-
gem.summary = %Q{evaluates web server SSL configuration}
|
26
|
-
gem.description = %Q{ciphersurfer is a security tool that evaluates web server SSL configuration}
|
27
|
-
gem.email = "thesp0nge@gmail.com"
|
28
|
-
gem.required_ruby_version = '>= 1.8.7'
|
29
|
-
gem.authors = ["Paolo Perego"]
|
30
|
-
gem.executables = ['ciphersurfer']
|
31
|
-
gem.default_executable = 'ciphersurfer'
|
32
|
-
gem.require_path = 'lib'
|
33
|
-
# dependencies defined in Gemfile
|
34
|
-
end
|
35
|
-
Jeweler::RubygemsDotOrgTasks.new
|
36
|
-
|
37
|
-
require 'rspec/core'
|
38
|
-
require 'rspec/core/rake_task'
|
39
|
-
RSpec::Core::RakeTask.new(:spec) do |spec|
|
40
|
-
spec.pattern = FileList['spec/**/*_spec.rb']
|
41
|
-
end
|
42
|
-
|
43
|
-
RSpec::Core::RakeTask.new(:rcov) do |spec|
|
44
|
-
spec.pattern = 'spec/**/*_spec.rb'
|
45
|
-
spec.rcov = true
|
46
|
-
end
|
47
|
-
|
48
|
-
task :default => :spec
|
49
|
-
|
50
|
-
require 'rake/rdoctask'
|
51
|
-
Rake::RDocTask.new do |rdoc|
|
52
|
-
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
53
|
-
|
54
|
-
rdoc.rdoc_dir = 'rdoc'
|
55
|
-
rdoc.title = "ciphersurfer #{version}"
|
56
|
-
rdoc.rdoc_files.include('README*')
|
57
|
-
rdoc.rdoc_files.include('lib/**/*.rb')
|
58
|
-
end
|
1
|
+
require "bundler/gem_tasks"
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0
|
1
|
+
1.2.0
|
data/bin/ciphersurfer
CHANGED
@@ -20,11 +20,12 @@ opts = GetoptLong.new(
|
|
20
20
|
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
|
21
21
|
[ '--version', '-v', GetoptLong::NO_ARGUMENT ],
|
22
22
|
[ '--list-ciphers', '-l', GetoptLong::NO_ARGUMENT ],
|
23
|
+
[ '--poodle-test', '-P', GetoptLong::NO_ARGUMENT ],
|
23
24
|
[ '--json', '-j', GetoptLong::NO_ARGUMENT]
|
24
25
|
)
|
25
26
|
trap("INT") { puts '['+'INTERRUPTED'.color(:red)+']'; exit -1 }
|
26
27
|
|
27
|
-
options={:json=>false,:list_ciphers=>false}
|
28
|
+
options={:json=>false,:list_ciphers=>false, :poodle=>true}
|
28
29
|
|
29
30
|
opts.each do |opt, arg|
|
30
31
|
case opt
|
@@ -32,6 +33,7 @@ opts.each do |opt, arg|
|
|
32
33
|
puts "usage: ciphersurfer [-ljvh] server[:port]"
|
33
34
|
puts " -l: lists supported ciphers instead of just evaluate the security level"
|
34
35
|
puts " -j: formats the output using JSON"
|
36
|
+
puts " -P: checks if server supports SSLv3 protocol for the POODLE attack (https://www.openssl.org/~bodo/ssl-poodle.pdf)"
|
35
37
|
puts " -v: shows version"
|
36
38
|
puts " -h: this help"
|
37
39
|
exit 0
|
@@ -42,6 +44,8 @@ opts.each do |opt, arg|
|
|
42
44
|
options[:json]=true
|
43
45
|
when '--list-ciphers'
|
44
46
|
options[:list_ciphers]=true
|
47
|
+
when '--poodle-test'
|
48
|
+
options[:poodle] = true
|
45
49
|
end
|
46
50
|
end
|
47
51
|
|
@@ -96,7 +100,10 @@ end
|
|
96
100
|
cert= Ciphersurfer::Scanner.cert(host, port)
|
97
101
|
if ! cert.nil?
|
98
102
|
a=cert.public_key.to_text ||= ""
|
99
|
-
|
103
|
+
match_modulus=/Modulus \((\d+)/i.match(a)
|
104
|
+
key_size=match_modulus[1].to_i unless match_modulus.nil?
|
105
|
+
match_key=/Public-Key: \((\d+) bit\)/i.match(a)
|
106
|
+
key_size=match_key[1].to_i unless match_key.nil?
|
100
107
|
else
|
101
108
|
puts "warning: the server didn't give us the certificate".color(:yellow)
|
102
109
|
key_size=0
|
@@ -114,6 +121,13 @@ if (options[:json])
|
|
114
121
|
|
115
122
|
exit 0
|
116
123
|
end
|
124
|
+
if (options[:poodle])
|
125
|
+
supported_protocols.each do|s|
|
126
|
+
puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support" if s == :SSLv3
|
127
|
+
puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
|
128
|
+
end
|
129
|
+
exit 0
|
130
|
+
end
|
117
131
|
|
118
132
|
printf "%20s : %s (%s)\n", "Overall evaluation", Ciphersurfer::Score.evaluate(score), score.to_s
|
119
133
|
printf "%20s : ", "Protocol support"
|
@@ -126,3 +140,4 @@ printf "%20s : ", "Cipher strength"
|
|
126
140
|
cipher_score.to_i.times{print 'o'.color(score_to_color(cipher_score))}
|
127
141
|
puts ' ('+cipher_score.to_s+')'
|
128
142
|
|
143
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'ciphersurfer/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "ciphersurfer"
|
8
|
+
spec.version = Ciphersurfer::VERSION
|
9
|
+
spec.authors = ["Paolo Perego"]
|
10
|
+
spec.email = ["thesp0nge@gmail.com"]
|
11
|
+
spec.summary = %q{ciphersurfer is a tool to check how strong is an SSL certificate. It also check for POODLE vulnerability, if your server supports SSLv3}
|
12
|
+
spec.description = %q{ciphersurfer is a tool to check how strong is an SSL certificate. It also check for POODLE vulnerability, if your server supports SSLv3}
|
13
|
+
spec.homepage = "https://codiceinsicuro.it"
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files`.split($/)
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_dependency "rainbow"
|
22
|
+
spec.add_dependency "httpclient"
|
23
|
+
spec.add_development_dependency "bundler", "~> 1.5"
|
24
|
+
spec.add_development_dependency "rake"
|
25
|
+
end
|
data/lib/ciphersurfer/version.rb
CHANGED
metadata
CHANGED
@@ -1,104 +1,84 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ciphersurfer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
5
|
-
prerelease:
|
4
|
+
version: 1.2.0
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Paolo Perego
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2014-10-15 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: rainbow
|
16
|
-
requirement:
|
17
|
-
none: false
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
18
16
|
requirements:
|
19
|
-
- -
|
17
|
+
- - ">="
|
20
18
|
- !ruby/object:Gem::Version
|
21
19
|
version: '0'
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
|
-
version_requirements:
|
25
|
-
- !ruby/object:Gem::Dependency
|
26
|
-
name: json
|
27
|
-
requirement: &70177371273600 !ruby/object:Gem::Requirement
|
28
|
-
none: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
29
23
|
requirements:
|
30
|
-
- -
|
24
|
+
- - ">="
|
31
25
|
- !ruby/object:Gem::Version
|
32
26
|
version: '0'
|
33
|
-
type: :runtime
|
34
|
-
prerelease: false
|
35
|
-
version_requirements: *70177371273600
|
36
27
|
- !ruby/object:Gem::Dependency
|
37
28
|
name: httpclient
|
38
|
-
requirement:
|
39
|
-
none: false
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
40
30
|
requirements:
|
41
|
-
- -
|
31
|
+
- - ">="
|
42
32
|
- !ruby/object:Gem::Version
|
43
33
|
version: '0'
|
44
34
|
type: :runtime
|
45
35
|
prerelease: false
|
46
|
-
version_requirements:
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
name: rspec
|
49
|
-
requirement: &70177371271500 !ruby/object:Gem::Requirement
|
50
|
-
none: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
37
|
requirements:
|
52
|
-
- -
|
38
|
+
- - ">="
|
53
39
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
55
|
-
type: :development
|
56
|
-
prerelease: false
|
57
|
-
version_requirements: *70177371271500
|
40
|
+
version: '0'
|
58
41
|
- !ruby/object:Gem::Dependency
|
59
42
|
name: bundler
|
60
|
-
requirement:
|
61
|
-
none: false
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
62
44
|
requirements:
|
63
|
-
- - ~>
|
45
|
+
- - "~>"
|
64
46
|
- !ruby/object:Gem::Version
|
65
|
-
version: 1.
|
47
|
+
version: '1.5'
|
66
48
|
type: :development
|
67
49
|
prerelease: false
|
68
|
-
version_requirements:
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: jeweler
|
71
|
-
requirement: &70177371261020 !ruby/object:Gem::Requirement
|
72
|
-
none: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
51
|
requirements:
|
74
|
-
- - ~>
|
52
|
+
- - "~>"
|
75
53
|
- !ruby/object:Gem::Version
|
76
|
-
version: 1.
|
77
|
-
type: :development
|
78
|
-
prerelease: false
|
79
|
-
version_requirements: *70177371261020
|
54
|
+
version: '1.5'
|
80
55
|
- !ruby/object:Gem::Dependency
|
81
|
-
name:
|
82
|
-
requirement:
|
83
|
-
none: false
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
84
58
|
requirements:
|
85
|
-
- -
|
59
|
+
- - ">="
|
86
60
|
- !ruby/object:Gem::Version
|
87
61
|
version: '0'
|
88
62
|
type: :development
|
89
63
|
prerelease: false
|
90
|
-
version_requirements:
|
91
|
-
|
92
|
-
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: ciphersurfer is a tool to check how strong is an SSL certificate. It
|
70
|
+
also check for POODLE vulnerability, if your server supports SSLv3
|
71
|
+
email:
|
72
|
+
- thesp0nge@gmail.com
|
93
73
|
executables:
|
94
74
|
- ciphersurfer
|
95
75
|
extensions: []
|
96
|
-
extra_rdoc_files:
|
97
|
-
- LICENSE.txt
|
98
|
-
- README.md
|
76
|
+
extra_rdoc_files: []
|
99
77
|
files:
|
100
|
-
- .document
|
101
|
-
- .
|
78
|
+
- ".document"
|
79
|
+
- ".gitignore"
|
80
|
+
- ".rspec"
|
81
|
+
- ".rvmrc"
|
102
82
|
- Gemfile
|
103
83
|
- Gemfile.lock
|
104
84
|
- LICENSE.txt
|
@@ -106,6 +86,7 @@ files:
|
|
106
86
|
- Rakefile
|
107
87
|
- VERSION
|
108
88
|
- bin/ciphersurfer
|
89
|
+
- ciphersurfer.gemspec
|
109
90
|
- lib/ciphersurfer.rb
|
110
91
|
- lib/ciphersurfer/scanner.rb
|
111
92
|
- lib/ciphersurfer/score.rb
|
@@ -113,29 +94,32 @@ files:
|
|
113
94
|
- spec/ciphersurfer_spec.rb
|
114
95
|
- spec/scoring_spec.rb
|
115
96
|
- spec/spec_helper.rb
|
116
|
-
homepage:
|
97
|
+
homepage: https://codiceinsicuro.it
|
117
98
|
licenses:
|
118
|
-
-
|
99
|
+
- MIT
|
100
|
+
metadata: {}
|
119
101
|
post_install_message:
|
120
102
|
rdoc_options: []
|
121
103
|
require_paths:
|
122
104
|
- lib
|
123
105
|
required_ruby_version: !ruby/object:Gem::Requirement
|
124
|
-
none: false
|
125
106
|
requirements:
|
126
|
-
- -
|
107
|
+
- - ">="
|
127
108
|
- !ruby/object:Gem::Version
|
128
|
-
version:
|
109
|
+
version: '0'
|
129
110
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
130
|
-
none: false
|
131
111
|
requirements:
|
132
|
-
- -
|
112
|
+
- - ">="
|
133
113
|
- !ruby/object:Gem::Version
|
134
114
|
version: '0'
|
135
115
|
requirements: []
|
136
116
|
rubyforge_project:
|
137
|
-
rubygems_version:
|
117
|
+
rubygems_version: 2.2.2
|
138
118
|
signing_key:
|
139
|
-
specification_version:
|
140
|
-
summary:
|
141
|
-
|
119
|
+
specification_version: 4
|
120
|
+
summary: ciphersurfer is a tool to check how strong is an SSL certificate. It also
|
121
|
+
check for POODLE vulnerability, if your server supports SSLv3
|
122
|
+
test_files:
|
123
|
+
- spec/ciphersurfer_spec.rb
|
124
|
+
- spec/scoring_spec.rb
|
125
|
+
- spec/spec_helper.rb
|