ciphersurfer 0.50.0

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,13 @@
+source "http://rubygems.org"
+# Add dependencies required to use your gem here.
+# Example:
+#   gem "activesupport", ">= 2.3.5"
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development do
+  gem "rspec", "~> 2.3.0"
+  gem "bundler", "~> 1.0.0"
+  gem "jeweler", "~> 1.6.4"
+  gem "rcov", ">= 0"
+end

data/Gemfile.lock

@@ -0,0 +1,28 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    diff-lcs (1.1.3)
+    git (1.2.5)
+    jeweler (1.6.4)
+      bundler (~> 1.0)
+      git (>= 1.2.5)
+      rake
+    rake (0.9.2.2)
+    rcov (0.9.11)
+    rspec (2.3.0)
+      rspec-core (~> 2.3.0)
+      rspec-expectations (~> 2.3.0)
+      rspec-mocks (~> 2.3.0)
+    rspec-core (2.3.1)
+    rspec-expectations (2.3.0)
+      diff-lcs (~> 1.1.2)
+    rspec-mocks (2.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.0.0)
+  jeweler (~> 1.6.4)
+  rcov
+  rspec (~> 2.3.0)

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2012 Paolo Perego
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,31 @@
+# ciphersurfer
+
+ciphersurfer is a tool to enumerate a website for ciphers it supports. It can
+be used for testing pourposes and to evaluate te security configuration for an
+SSL configured web server.
+
+## OWASP Testing guide 
+
+ciphersurfer goal is to make tests described in the [Owasp Testing guide](https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001))
+
+
+## Contributing to ciphersurfer
+ 
+* Check out the latest master to make sure the feature hasn't been implemented
+  or the bug hasn't been fixed yet
+* Check out the issue tracker to make sure someone already hasn't requested it
+  and/or contributed it
+* Fork the project
+* Start a feature/bugfix branch
+* Commit and push until you are happy with your contribution
+* Make sure to add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to
+  have your own version, or is otherwise necessary, that is fine, but please
+  isolate to its own commit so I can cherry-pick around it.
+
+## Copyright
+
+Copyright (c) 2012 Paolo Perego. See LICENSE for
+further details.
+

data/Rakefile

@@ -0,0 +1,53 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "ciphersurfer"
+  gem.homepage = "http://github.com/thesp0nge/ciphersurfer"
+  gem.license = "BSD"
+  gem.version = File.read('VERSION')
+  gem.summary = %Q{list all enable ciphers for a given website}
+  gem.description = %Q{ciphersurfer is a security tool that list enabled ciphers for a secure HTTP connection}
+  gem.email = "thesp0nge@gmail.com"
+  gem.authors = ["Paolo Perego"]
+  gem.executables = ['ciphersurfer']
+  gem.default_executable = 'ciphersurfer'
+  gem.require_path = 'lib'
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = true
+end
+
+task :default => :spec
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "ciphersurfer #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.50.0

data/bin/ciphersurfer

@@ -0,0 +1,24 @@
+#!/usr/bin/env ruby
+#
+$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + '/../lib'))
+
+require 'ciphersurfer'
+
+if ! Ciphersurfer::Scanner.alive?(ARGV[0], ARGV[1])
+  puts "#{ARGV[0]}@#{ARGV[1]}: connection refused"
+  exit 1
+end
+protocol_version = [:SSLv2, :SSLv3, :TLSv1]
+protocol_version.each do |version|
+  puts version
+  s = Ciphersurfer::Scanner.new({:host=>ARGV[0], :port=>ARGV[1], :proto=>version})
+
+  s.go
+  ok = s.ok_ciphers
+  ko = s.ko_ciphers
+
+  ok.each do |o|
+    puts "[+] Accepted\t #{o[:bits]} bits\t#{o[:name]}"
+  end
+end
+

data/lib/ciphersurfer/net_http.rb

@@ -0,0 +1,22 @@
+require 'socket'
+require 'net/https'
+require 'openssl'
+
+module Net
+  class HTTP
+    def set_context=(value)
+      @ssl_context = OpenSSL::SSL::SSLContext.new
+      @ssl_context &&= OpenSSL::SSL::SSLContext.new(value)
+    end
+    
+    def ciphers
+      return nil unless @ssl_context
+      @ssl_context.ciphers
+    end
+
+    def ciphers=(val)
+      @ssl_context ||= OpenSSL::SSL::SSLContext.new
+      @ssl_context.ciphers = val
+    end
+  end
+end

data/lib/ciphersurfer/scanner.rb

@@ -0,0 +1,46 @@
+module Ciphersurfer
+  class Scanner
+    
+    attr_reader :ok_ciphers, :ko_ciphers
+
+    def initialize(options={})
+      @host=options[:host]
+      @port=options[:port] ||= 443
+      @proto=options[:proto]
+      @ok_ciphers=[]
+      @ko_ciphers=[]
+    end
+
+    def self.alive?(host, port)
+      request = Net::HTTP.new(host, port)
+      request.use_ssl = true
+      request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      begin
+        response = request.get("/")
+        return true
+      rescue Errno::ECONNREFUSED => e
+        return false
+      rescue OpenSSL::SSL::SSLError => e
+        return false
+      end
+    end
+    def go
+      cipher_set = OpenSSL::SSL::SSLContext.new(@proto).ciphers
+      cipher_set.each do |cipher_name, cipher_version, bits, algorithm_bits|
+        request = Net::HTTP.new(@host, @port)
+        request.use_ssl = true
+        request.set_context = @proto
+        request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        request.ciphers = cipher_name
+        begin
+          response = request.get("/")
+          @ok_ciphers << {:bits=>bits, :name=>cipher_name}
+        rescue OpenSSL::SSL::SSLError => e
+          @ko_ciphers << {:bits=>bits, :name=>cipher_name}
+        rescue 
+          # Quietly discard all other errors... you must perform all error chekcs in the calling program
+        end
+      end
+    end
+  end
+end

data/lib/ciphersurfer/version.rb

@@ -0,0 +1,89 @@
+module Ciphersurfer
+  class Version
+
+    # Returns a hash representing the version of ciphersurfer.
+    # The `:major`, `:minor`, and `:patch` keys have their respective numbers as Fixnums.
+    # The `:name` key has the name of the version.
+    # The `:string` key contains a human-readable string representation of the version.
+    # The `:number` key is the major, minor, and patch keys separated by periods.
+    # If ciphersurfer is checked out from Git, the `:rev` key will have the revision hash.  
+    # 
+    # For example:
+    #
+    #     {
+    #       :string => "0.1.4.160676a",
+    #       :rev    => "160676ab8924ef36639c7e82aa88a51a24d16949",
+    #       :number => "0.1.4",
+    #       :major  => 0, :minor => 1, :patch => 4
+    #     }
+    # 
+    # If a prerelease version of ciphersurfer is being used,
+    # the `:string` and `:number` fields will reflect the full version
+    # (e.g. `"1.0.beta.1"`), and the `:patch` field will be `-1`.
+    #
+    # A `:prerelease` key will contain the name of the prerelease (e.g. `"beta"`),
+    # and a `:prerelease_number` key will contain the rerelease number.
+    #
+    # For example:
+    #
+    #     {
+    #       :string => "1.0.beta.1",
+    #       :number => "1.0.beta.1",
+    #       :major => 1, :minor => 0, :patch => -1,
+    #       :prerelease => "beta",
+    #       :prerelease_number => 1
+    #     }
+    # 
+    # @return [{Symbol => String/Fixnum}] The version hash  
+    def self.version
+      return @@version if defined?(@@version)
+      numbers = File.read('VERSION').strip.split('.').map {|n| n =~ /^[0-9]+$/ ? n.to_i : n}
+      @@version = {
+        :major => numbers[0],
+        :minor => numbers[1],
+        :patch => numbers[2]
+      }
+      if numbers[3].is_a?(String)
+        @@version[:patch] = -1
+        @@version[:prerelease] = numbers[3]
+        @@version[:prerelease_number] = numbers[4]
+      end
+      @@version[:number] = numbers.join('.')
+      @@version[:string] = @@version[:number].dup
+      
+      rev = revision_number
+      @@version[:rev] = rev
+      unless rev[0] == ?(
+        @@version[:string] << "." << rev[0...7]
+      end
+      
+      @@version
+    end
+
+    def self.revision_number
+      if File.exists?('REVISION')
+        rev = File.read('REVISION').strip
+        return rev unless rev =~ /^([a-f0-9]+|\(.*\))$/ || rev == '(unknown)'
+      end
+
+      return unless File.exists?('.git/HEAD')
+      rev = File.read('.git/HEAD').strip
+      return rev unless rev =~ /^ref: (.*)$/
+
+        ref_name = $1
+      ref_file = "./.git/#{ref_name}"
+      info_file = "./.git/info/refs"
+      return File.read(ref_file).strip if File.exists?(ref_file)
+      return unless File.exists?(info_file)
+      File.open(info_file) do |f|
+        f.each do |l|
+          sha, ref = l.strip.split("\t", 2)
+          next unless ref == ref_name
+          return sha
+        end
+      end
+      return nil
+    end
+
+  end
+end

data/lib/ciphersurfer.rb

@@ -0,0 +1,3 @@
+require 'ciphersurfer/scanner'
+require 'ciphersurfer/version'
+require 'ciphersurfer/net_http'

data/spec/ciphersurfer_spec.rb

@@ -0,0 +1,7 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+describe "Ciphersurfer" do
+  it "fails" do
+    fail "hey buddy, you should probably rename this file and start specing for real"
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,12 @@
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'rspec'
+require 'ciphersurfer'
+
+# Requires supporting files with custom matchers and macros, etc,
+# in ./support/ and its subdirectories.
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
+
+RSpec.configure do |config|
+  
+end

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: ciphersurfer
+version: !ruby/object:Gem::Version
+  version: 0.50.0
+  prerelease: 
+platform: ruby
+authors:
+- Paolo Perego
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-01-21 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70294824617780 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.3.0
+  type: :development
+  prerelease: false
+  version_requirements: *70294824617780
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: &70294824617180 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: *70294824617180
+- !ruby/object:Gem::Dependency
+  name: jeweler
+  requirement: &70294824616580 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.4
+  type: :development
+  prerelease: false
+  version_requirements: *70294824616580
+- !ruby/object:Gem::Dependency
+  name: rcov
+  requirement: &70294824616000 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *70294824616000
+description: ciphersurfer is a security tool that list enabled ciphers for a secure
+  HTTP connection
+email: thesp0nge@gmail.com
+executables:
+- ciphersurfer
+extensions: []
+extra_rdoc_files:
+- LICENSE
+- README.md
+files:
+- .document
+- .rspec
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- VERSION
+- bin/ciphersurfer
+- lib/ciphersurfer.rb
+- lib/ciphersurfer/net_http.rb
+- lib/ciphersurfer/scanner.rb
+- lib/ciphersurfer/version.rb
+- spec/ciphersurfer_spec.rb
+- spec/spec_helper.rb
+homepage: http://github.com/thesp0nge/ciphersurfer
+licenses:
+- BSD
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: 2513195494446220526
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: list all enable ciphers for a given website
+test_files: []