RubyGems - ciphersurfer - Versions diffs - 1.2.0 → 1.4.0 - Mend

ciphersurfer 1.2.0 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f1503df20e8e6fb158b82a0cb49f1ec3ccccdf1c
-  data.tar.gz: 0144cabd84f3d1f72fc5844f2d82b025e2f5a5f6
+  metadata.gz: 0450ff899c0cd27a3489224297d9177b3e8b0737
+  data.tar.gz: 700b97bdd102d017fb8f7961ba59443153e26ae7
 SHA512:
-  metadata.gz: 4a0a44b91ffd8a7ceb03ac5ad25b986c5c126607811b4f750a231ac025d5178f92317f07dda234c274ecf0676b329027af432fb12e048c631b6a6d3e1de38a31
-  data.tar.gz: 34428251037480f89df420a00ea8fda7dd6eb972cd5bee9c5efe201192c6a9b4f1967e7948585a409a8fda914877988eba43b9897e8b79dd5afa3c1a55920a4e
+  metadata.gz: fd5d0dd3afd9346776ecf76c5f5d8424e64c491f25bb0d8af31cac6c1e80373797a4f88fbe37261a477f5cb0ff07cd3ae01d1a2447bc7df92baaab46690b0abe
+  data.tar.gz: 8203791bec5d0867301b21415ac330f3639232622f3cdaca4eb77a9b1ec619055b807011a68900a753b1be5b7249d98b89f89494e16c6dde58c668bcaf677195

data/bin/ciphersurfer CHANGED

@@ -45,7 +45,7 @@ opts.each do |opt, arg|
   when '--list-ciphers'
     options[:list_ciphers]=true
   when '--poodle-test'
-    options[:poodle] = true
+    options[:poodle]=true
   end
 end
@@ -65,6 +65,15 @@ target = ARGV.shift
 host = target.split(':')[0] ||= "localhost"   #fallback here should never occur... however it's better to be paranoid
 port = target.split(':')[1] ||= 443           # more common here
+if (options[:poodle])
+  if Ciphersurfer::Scanner.poodle?(host, port)
+    puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support"
+  else
+    puts "[*] #{target} does not support SSLv3"
+  end
+  exit
+end
 puts "Evaluating secure communication with #{host}:#{port}"
 if ! Ciphersurfer::Scanner.alive?(host, port)
@@ -121,13 +130,8 @@ if (options[:json])
   exit 0
 end
-if (options[:poodle])
-  supported_protocols.each do|s|
-    puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support" if s == :SSLv3
-    puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
-  end
-  exit 0
-end
+    # puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
 printf "%20s : %s (%s)\n", "Overall evaluation", Ciphersurfer::Score.evaluate(score), score.to_s
 printf "%20s : ", "Protocol support"

data/lib/ciphersurfer/scanner.rb CHANGED

@@ -83,7 +83,25 @@ module Ciphersurfer
     #     return false
     #   end
     # end
+    def self.poodle?(host, port)
+      # context=OpenSSL::SSL::SSLContext.new(:SSLv3)
+      request = Net::HTTP.new(host, port)
+      request.use_ssl = true
+      request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      request.ssl_version = :SSLv3
+      begin
+        response = request.get("/")
+        return true
+      rescue OpenSSL::SSL::SSLError => e
+        return false
+      rescue
+        return false
+      end
+    end
     def go
       context=OpenSSL::SSL::SSLContext.new(@proto)
       cipher_set = context.ciphers

data/lib/ciphersurfer/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Ciphersurfer
-  VERSION = "1.2.0"
+  VERSION = "1.4.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ciphersurfer
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Paolo Perego