ciphersurfer 0.50.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.rspec +1 -0
- data/Gemfile +13 -0
- data/Gemfile.lock +28 -0
- data/LICENSE +20 -0
- data/README.md +31 -0
- data/Rakefile +53 -0
- data/VERSION +1 -0
- data/bin/ciphersurfer +24 -0
- data/lib/ciphersurfer/net_http.rb +22 -0
- data/lib/ciphersurfer/scanner.rb +46 -0
- data/lib/ciphersurfer/version.rb +89 -0
- data/lib/ciphersurfer.rb +3 -0
- data/spec/ciphersurfer_spec.rb +7 -0
- data/spec/spec_helper.rb +12 -0
- metadata +111 -0
data/.document
ADDED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color
|
data/Gemfile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
source "http://rubygems.org"
|
2
|
+
# Add dependencies required to use your gem here.
|
3
|
+
# Example:
|
4
|
+
# gem "activesupport", ">= 2.3.5"
|
5
|
+
|
6
|
+
# Add dependencies to develop your gem here.
|
7
|
+
# Include everything needed to run rake, tests, features, etc.
|
8
|
+
group :development do
|
9
|
+
gem "rspec", "~> 2.3.0"
|
10
|
+
gem "bundler", "~> 1.0.0"
|
11
|
+
gem "jeweler", "~> 1.6.4"
|
12
|
+
gem "rcov", ">= 0"
|
13
|
+
end
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
GEM
|
2
|
+
remote: http://rubygems.org/
|
3
|
+
specs:
|
4
|
+
diff-lcs (1.1.3)
|
5
|
+
git (1.2.5)
|
6
|
+
jeweler (1.6.4)
|
7
|
+
bundler (~> 1.0)
|
8
|
+
git (>= 1.2.5)
|
9
|
+
rake
|
10
|
+
rake (0.9.2.2)
|
11
|
+
rcov (0.9.11)
|
12
|
+
rspec (2.3.0)
|
13
|
+
rspec-core (~> 2.3.0)
|
14
|
+
rspec-expectations (~> 2.3.0)
|
15
|
+
rspec-mocks (~> 2.3.0)
|
16
|
+
rspec-core (2.3.1)
|
17
|
+
rspec-expectations (2.3.0)
|
18
|
+
diff-lcs (~> 1.1.2)
|
19
|
+
rspec-mocks (2.3.0)
|
20
|
+
|
21
|
+
PLATFORMS
|
22
|
+
ruby
|
23
|
+
|
24
|
+
DEPENDENCIES
|
25
|
+
bundler (~> 1.0.0)
|
26
|
+
jeweler (~> 1.6.4)
|
27
|
+
rcov
|
28
|
+
rspec (~> 2.3.0)
|
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2012 Paolo Perego
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
# ciphersurfer
|
2
|
+
|
3
|
+
ciphersurfer is a tool to enumerate a website for ciphers it supports. It can
|
4
|
+
be used for testing pourposes and to evaluate te security configuration for an
|
5
|
+
SSL configured web server.
|
6
|
+
|
7
|
+
## OWASP Testing guide
|
8
|
+
|
9
|
+
ciphersurfer goal is to make tests described in the [Owasp Testing guide](https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001))
|
10
|
+
|
11
|
+
|
12
|
+
## Contributing to ciphersurfer
|
13
|
+
|
14
|
+
* Check out the latest master to make sure the feature hasn't been implemented
|
15
|
+
or the bug hasn't been fixed yet
|
16
|
+
* Check out the issue tracker to make sure someone already hasn't requested it
|
17
|
+
and/or contributed it
|
18
|
+
* Fork the project
|
19
|
+
* Start a feature/bugfix branch
|
20
|
+
* Commit and push until you are happy with your contribution
|
21
|
+
* Make sure to add tests for it. This is important so I don't break it in a
|
22
|
+
future version unintentionally.
|
23
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to
|
24
|
+
have your own version, or is otherwise necessary, that is fine, but please
|
25
|
+
isolate to its own commit so I can cherry-pick around it.
|
26
|
+
|
27
|
+
## Copyright
|
28
|
+
|
29
|
+
Copyright (c) 2012 Paolo Perego. See LICENSE for
|
30
|
+
further details.
|
31
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
|
3
|
+
require 'rubygems'
|
4
|
+
require 'bundler'
|
5
|
+
begin
|
6
|
+
Bundler.setup(:default, :development)
|
7
|
+
rescue Bundler::BundlerError => e
|
8
|
+
$stderr.puts e.message
|
9
|
+
$stderr.puts "Run `bundle install` to install missing gems"
|
10
|
+
exit e.status_code
|
11
|
+
end
|
12
|
+
require 'rake'
|
13
|
+
|
14
|
+
require 'jeweler'
|
15
|
+
Jeweler::Tasks.new do |gem|
|
16
|
+
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
17
|
+
gem.name = "ciphersurfer"
|
18
|
+
gem.homepage = "http://github.com/thesp0nge/ciphersurfer"
|
19
|
+
gem.license = "BSD"
|
20
|
+
gem.version = File.read('VERSION')
|
21
|
+
gem.summary = %Q{list all enable ciphers for a given website}
|
22
|
+
gem.description = %Q{ciphersurfer is a security tool that list enabled ciphers for a secure HTTP connection}
|
23
|
+
gem.email = "thesp0nge@gmail.com"
|
24
|
+
gem.authors = ["Paolo Perego"]
|
25
|
+
gem.executables = ['ciphersurfer']
|
26
|
+
gem.default_executable = 'ciphersurfer'
|
27
|
+
gem.require_path = 'lib'
|
28
|
+
# dependencies defined in Gemfile
|
29
|
+
end
|
30
|
+
Jeweler::RubygemsDotOrgTasks.new
|
31
|
+
|
32
|
+
require 'rspec/core'
|
33
|
+
require 'rspec/core/rake_task'
|
34
|
+
RSpec::Core::RakeTask.new(:spec) do |spec|
|
35
|
+
spec.pattern = FileList['spec/**/*_spec.rb']
|
36
|
+
end
|
37
|
+
|
38
|
+
RSpec::Core::RakeTask.new(:rcov) do |spec|
|
39
|
+
spec.pattern = 'spec/**/*_spec.rb'
|
40
|
+
spec.rcov = true
|
41
|
+
end
|
42
|
+
|
43
|
+
task :default => :spec
|
44
|
+
|
45
|
+
require 'rake/rdoctask'
|
46
|
+
Rake::RDocTask.new do |rdoc|
|
47
|
+
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
48
|
+
|
49
|
+
rdoc.rdoc_dir = 'rdoc'
|
50
|
+
rdoc.title = "ciphersurfer #{version}"
|
51
|
+
rdoc.rdoc_files.include('README*')
|
52
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
53
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.50.0
|
data/bin/ciphersurfer
ADDED
@@ -0,0 +1,24 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
#
|
3
|
+
$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + '/../lib'))
|
4
|
+
|
5
|
+
require 'ciphersurfer'
|
6
|
+
|
7
|
+
if ! Ciphersurfer::Scanner.alive?(ARGV[0], ARGV[1])
|
8
|
+
puts "#{ARGV[0]}@#{ARGV[1]}: connection refused"
|
9
|
+
exit 1
|
10
|
+
end
|
11
|
+
protocol_version = [:SSLv2, :SSLv3, :TLSv1]
|
12
|
+
protocol_version.each do |version|
|
13
|
+
puts version
|
14
|
+
s = Ciphersurfer::Scanner.new({:host=>ARGV[0], :port=>ARGV[1], :proto=>version})
|
15
|
+
|
16
|
+
s.go
|
17
|
+
ok = s.ok_ciphers
|
18
|
+
ko = s.ko_ciphers
|
19
|
+
|
20
|
+
ok.each do |o|
|
21
|
+
puts "[+] Accepted\t #{o[:bits]} bits\t#{o[:name]}"
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require 'socket'
|
2
|
+
require 'net/https'
|
3
|
+
require 'openssl'
|
4
|
+
|
5
|
+
module Net
|
6
|
+
class HTTP
|
7
|
+
def set_context=(value)
|
8
|
+
@ssl_context = OpenSSL::SSL::SSLContext.new
|
9
|
+
@ssl_context &&= OpenSSL::SSL::SSLContext.new(value)
|
10
|
+
end
|
11
|
+
|
12
|
+
def ciphers
|
13
|
+
return nil unless @ssl_context
|
14
|
+
@ssl_context.ciphers
|
15
|
+
end
|
16
|
+
|
17
|
+
def ciphers=(val)
|
18
|
+
@ssl_context ||= OpenSSL::SSL::SSLContext.new
|
19
|
+
@ssl_context.ciphers = val
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
module Ciphersurfer
|
2
|
+
class Scanner
|
3
|
+
|
4
|
+
attr_reader :ok_ciphers, :ko_ciphers
|
5
|
+
|
6
|
+
def initialize(options={})
|
7
|
+
@host=options[:host]
|
8
|
+
@port=options[:port] ||= 443
|
9
|
+
@proto=options[:proto]
|
10
|
+
@ok_ciphers=[]
|
11
|
+
@ko_ciphers=[]
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.alive?(host, port)
|
15
|
+
request = Net::HTTP.new(host, port)
|
16
|
+
request.use_ssl = true
|
17
|
+
request.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
18
|
+
begin
|
19
|
+
response = request.get("/")
|
20
|
+
return true
|
21
|
+
rescue Errno::ECONNREFUSED => e
|
22
|
+
return false
|
23
|
+
rescue OpenSSL::SSL::SSLError => e
|
24
|
+
return false
|
25
|
+
end
|
26
|
+
end
|
27
|
+
def go
|
28
|
+
cipher_set = OpenSSL::SSL::SSLContext.new(@proto).ciphers
|
29
|
+
cipher_set.each do |cipher_name, cipher_version, bits, algorithm_bits|
|
30
|
+
request = Net::HTTP.new(@host, @port)
|
31
|
+
request.use_ssl = true
|
32
|
+
request.set_context = @proto
|
33
|
+
request.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
34
|
+
request.ciphers = cipher_name
|
35
|
+
begin
|
36
|
+
response = request.get("/")
|
37
|
+
@ok_ciphers << {:bits=>bits, :name=>cipher_name}
|
38
|
+
rescue OpenSSL::SSL::SSLError => e
|
39
|
+
@ko_ciphers << {:bits=>bits, :name=>cipher_name}
|
40
|
+
rescue
|
41
|
+
# Quietly discard all other errors... you must perform all error chekcs in the calling program
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,89 @@
|
|
1
|
+
module Ciphersurfer
|
2
|
+
class Version
|
3
|
+
|
4
|
+
# Returns a hash representing the version of ciphersurfer.
|
5
|
+
# The `:major`, `:minor`, and `:patch` keys have their respective numbers as Fixnums.
|
6
|
+
# The `:name` key has the name of the version.
|
7
|
+
# The `:string` key contains a human-readable string representation of the version.
|
8
|
+
# The `:number` key is the major, minor, and patch keys separated by periods.
|
9
|
+
# If ciphersurfer is checked out from Git, the `:rev` key will have the revision hash.
|
10
|
+
#
|
11
|
+
# For example:
|
12
|
+
#
|
13
|
+
# {
|
14
|
+
# :string => "0.1.4.160676a",
|
15
|
+
# :rev => "160676ab8924ef36639c7e82aa88a51a24d16949",
|
16
|
+
# :number => "0.1.4",
|
17
|
+
# :major => 0, :minor => 1, :patch => 4
|
18
|
+
# }
|
19
|
+
#
|
20
|
+
# If a prerelease version of ciphersurfer is being used,
|
21
|
+
# the `:string` and `:number` fields will reflect the full version
|
22
|
+
# (e.g. `"1.0.beta.1"`), and the `:patch` field will be `-1`.
|
23
|
+
#
|
24
|
+
# A `:prerelease` key will contain the name of the prerelease (e.g. `"beta"`),
|
25
|
+
# and a `:prerelease_number` key will contain the rerelease number.
|
26
|
+
#
|
27
|
+
# For example:
|
28
|
+
#
|
29
|
+
# {
|
30
|
+
# :string => "1.0.beta.1",
|
31
|
+
# :number => "1.0.beta.1",
|
32
|
+
# :major => 1, :minor => 0, :patch => -1,
|
33
|
+
# :prerelease => "beta",
|
34
|
+
# :prerelease_number => 1
|
35
|
+
# }
|
36
|
+
#
|
37
|
+
# @return [{Symbol => String/Fixnum}] The version hash
|
38
|
+
def self.version
|
39
|
+
return @@version if defined?(@@version)
|
40
|
+
numbers = File.read('VERSION').strip.split('.').map {|n| n =~ /^[0-9]+$/ ? n.to_i : n}
|
41
|
+
@@version = {
|
42
|
+
:major => numbers[0],
|
43
|
+
:minor => numbers[1],
|
44
|
+
:patch => numbers[2]
|
45
|
+
}
|
46
|
+
if numbers[3].is_a?(String)
|
47
|
+
@@version[:patch] = -1
|
48
|
+
@@version[:prerelease] = numbers[3]
|
49
|
+
@@version[:prerelease_number] = numbers[4]
|
50
|
+
end
|
51
|
+
@@version[:number] = numbers.join('.')
|
52
|
+
@@version[:string] = @@version[:number].dup
|
53
|
+
|
54
|
+
rev = revision_number
|
55
|
+
@@version[:rev] = rev
|
56
|
+
unless rev[0] == ?(
|
57
|
+
@@version[:string] << "." << rev[0...7]
|
58
|
+
end
|
59
|
+
|
60
|
+
@@version
|
61
|
+
end
|
62
|
+
|
63
|
+
def self.revision_number
|
64
|
+
if File.exists?('REVISION')
|
65
|
+
rev = File.read('REVISION').strip
|
66
|
+
return rev unless rev =~ /^([a-f0-9]+|\(.*\))$/ || rev == '(unknown)'
|
67
|
+
end
|
68
|
+
|
69
|
+
return unless File.exists?('.git/HEAD')
|
70
|
+
rev = File.read('.git/HEAD').strip
|
71
|
+
return rev unless rev =~ /^ref: (.*)$/
|
72
|
+
|
73
|
+
ref_name = $1
|
74
|
+
ref_file = "./.git/#{ref_name}"
|
75
|
+
info_file = "./.git/info/refs"
|
76
|
+
return File.read(ref_file).strip if File.exists?(ref_file)
|
77
|
+
return unless File.exists?(info_file)
|
78
|
+
File.open(info_file) do |f|
|
79
|
+
f.each do |l|
|
80
|
+
sha, ref = l.strip.split("\t", 2)
|
81
|
+
next unless ref == ref_name
|
82
|
+
return sha
|
83
|
+
end
|
84
|
+
end
|
85
|
+
return nil
|
86
|
+
end
|
87
|
+
|
88
|
+
end
|
89
|
+
end
|
data/lib/ciphersurfer.rb
ADDED
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
+
require 'rspec'
|
4
|
+
require 'ciphersurfer'
|
5
|
+
|
6
|
+
# Requires supporting files with custom matchers and macros, etc,
|
7
|
+
# in ./support/ and its subdirectories.
|
8
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
9
|
+
|
10
|
+
RSpec.configure do |config|
|
11
|
+
|
12
|
+
end
|
metadata
ADDED
@@ -0,0 +1,111 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ciphersurfer
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.50.0
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Paolo Perego
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2012-01-21 00:00:00.000000000Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rspec
|
16
|
+
requirement: &70294824617780 !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: 2.3.0
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: *70294824617780
|
25
|
+
- !ruby/object:Gem::Dependency
|
26
|
+
name: bundler
|
27
|
+
requirement: &70294824617180 !ruby/object:Gem::Requirement
|
28
|
+
none: false
|
29
|
+
requirements:
|
30
|
+
- - ~>
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: 1.0.0
|
33
|
+
type: :development
|
34
|
+
prerelease: false
|
35
|
+
version_requirements: *70294824617180
|
36
|
+
- !ruby/object:Gem::Dependency
|
37
|
+
name: jeweler
|
38
|
+
requirement: &70294824616580 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ~>
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
version: 1.6.4
|
44
|
+
type: :development
|
45
|
+
prerelease: false
|
46
|
+
version_requirements: *70294824616580
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: rcov
|
49
|
+
requirement: &70294824616000 !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
51
|
+
requirements:
|
52
|
+
- - ! '>='
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
type: :development
|
56
|
+
prerelease: false
|
57
|
+
version_requirements: *70294824616000
|
58
|
+
description: ciphersurfer is a security tool that list enabled ciphers for a secure
|
59
|
+
HTTP connection
|
60
|
+
email: thesp0nge@gmail.com
|
61
|
+
executables:
|
62
|
+
- ciphersurfer
|
63
|
+
extensions: []
|
64
|
+
extra_rdoc_files:
|
65
|
+
- LICENSE
|
66
|
+
- README.md
|
67
|
+
files:
|
68
|
+
- .document
|
69
|
+
- .rspec
|
70
|
+
- Gemfile
|
71
|
+
- Gemfile.lock
|
72
|
+
- LICENSE
|
73
|
+
- README.md
|
74
|
+
- Rakefile
|
75
|
+
- VERSION
|
76
|
+
- bin/ciphersurfer
|
77
|
+
- lib/ciphersurfer.rb
|
78
|
+
- lib/ciphersurfer/net_http.rb
|
79
|
+
- lib/ciphersurfer/scanner.rb
|
80
|
+
- lib/ciphersurfer/version.rb
|
81
|
+
- spec/ciphersurfer_spec.rb
|
82
|
+
- spec/spec_helper.rb
|
83
|
+
homepage: http://github.com/thesp0nge/ciphersurfer
|
84
|
+
licenses:
|
85
|
+
- BSD
|
86
|
+
post_install_message:
|
87
|
+
rdoc_options: []
|
88
|
+
require_paths:
|
89
|
+
- lib
|
90
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
91
|
+
none: false
|
92
|
+
requirements:
|
93
|
+
- - ! '>='
|
94
|
+
- !ruby/object:Gem::Version
|
95
|
+
version: '0'
|
96
|
+
segments:
|
97
|
+
- 0
|
98
|
+
hash: 2513195494446220526
|
99
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
100
|
+
none: false
|
101
|
+
requirements:
|
102
|
+
- - ! '>='
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '0'
|
105
|
+
requirements: []
|
106
|
+
rubyforge_project:
|
107
|
+
rubygems_version: 1.8.10
|
108
|
+
signing_key:
|
109
|
+
specification_version: 3
|
110
|
+
summary: list all enable ciphers for a given website
|
111
|
+
test_files: []
|