ciphersurfer 1.0.0.rc1 → 1.0.0

data/Gemfile

@@ -1,8 +1,6 @@
 source "http://rubygems.org"
 
 gem 'rainbow'
-gem 'progressbar'
-gem "awesome_print"
 gem 'json'
 gem 'httpclient'
 

data/Gemfile.lock

@@ -1,7 +1,6 @@
 GEM
   remote: http://rubygems.org/
   specs:
-    awesome_print (1.0.2)
     diff-lcs (1.1.3)
     git (1.2.5)
     httpclient (2.2.4)
@@ -10,7 +9,6 @@ GEM
       git (>= 1.2.5)
       rake
     json (1.6.5)
-    progressbar (0.9.2)
     rainbow (1.1.3)
     rake (0.9.2.2)
     rcov (0.9.11)
@@ -27,12 +25,10 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  awesome_print
   bundler (~> 1.0.0)
   httpclient
   jeweler (~> 1.6.4)
   json
-  progressbar
   rainbow
   rcov
   rspec (~> 2.3.0)

data/README.md

@@ -1,24 +1,108 @@
 # ciphersurfer
 
-ciphersurfer is a tool to enumerate a website for ciphers it supports. It can
-be used for testing pourposes and to evaluate te security configuration for an
-SSL configured web server.
+ciphersurfer is a tool written for the early stages of a penetration test
+activities. While gathering information about an host, it's important to
+evaluate how strong is the cryptography applied to the HTTP traffic. This is
+the ciphersurfer goal.
+
+The tool tries for every SSL protocols it supports to connect to the host with
+all ciphers saving the ones the server supports.
+
+This information used with certificate key lenght and the list of supported
+protocols by the server it's used to evaluate how strong is the target HTTPS
+configuration. This gives the penetration test an information about how secure
+is the communication between clients and the target machine.
+
+## Some disclaimer
+
+ciphersurfer performs neither of the followings:
+
+* denial of service attacks
+* cross site scripting or injection attempts
+* data manipulation or leakage
+
+The requests the tool makes are just an HTTP GET / of target website to ensure
+the server accept an HTTP communication given a SSL protocol and cipher
+proposed by the client. No more. Really, ciphersurer won't hurt your webserver,
+nor your business. 
+
+If you don't trust this disclaimer, just check the source code.
 
 ## Installing ciphersurfer
 
-Installing ciphersurfer is easy. Just follow the standard ruby gem way:
+ciphersurfer is deployed as standard gem served by
+[rubygems](http://rubygems.org). 
+
+To install latest ciphersurfer stable release, just issue this command:
+
+```
+gem install ciphersurfer
+```
+
+If you want to install a _pre_ release, such as a _release candidate_ you can do it this way:
+
+```
+gem install ciphersurfer --pre
+```
+
+I recommend you to install [rvm](https://rvm.beginrescueend.com/) in order to
+have your gem binaries tool installed in your home directory, otherwise
+ciphersurfer will try to install itself in standard /usr/bin directory if no
+other flags are passed to gem command.
+
+## Using ciphersurfer
+
+After ciphersurfer has been installed, using it it's very simple.
+
+To evaluate secure communication with the target host _test-this.com_ at the
+standard HTTPS port, you just give the tool the target name as option:
+
+``` 
+ciphersurfer test-this.com
+``` 
+
+As output you will see an evaluation for HTTPS test-this.com configuration. 
+The evaluation scale is:
+
+* A: _prime class_ HTTPS configuration. Servers handling **very** sensitive
+  information
+* B: strong HTTPS configuration, suitable for must production servers
+* C: quite goot HTTPS configuration. If your web server is a private server and
+  for development or testing purposes, it can be acceptable. If your server is
+  exposed to the Internet, you want to improve your SSL configuration.
+* D: poor HTTPS configuration. Suitable **only** for development machines.
+* E: weak HTTPS configuration. You really don't want to have this score
+
+If your HTTPS server is listening to a non standard port, you can supply the
+port number (e.g. 4433) this way:
+
+``` 
+ciphersurfer test-this.com:4433
+``` 
+
+You can also just listen ciphers supported by your web server instead of having
+an SSL evaluation:
+
+``` 
+$ ciphersurfer -l gmail.com 
 
-  gem install ciphersurfer
+"Evaluating secure communication with gmail.com:443"
+"[+] accepted RC4-MD5"
+"[+] accepted AES256-SHA"
+"[+] accepted DES-CBC3-SHA"
+"[+] accepted AES128-SHA"
+"[+] accepted RC4-SHA"
+``` 
 
-Now you've got a ciphersurfer executable you can invoke using your command line.
+## Some theory behind ciphersurfer
 
-## SSLabs
+### SSLabs
 
 For the SSL security evaluation, we use [SSLabs
 document](https://www.ssllabs.com/downloads/SSL_Server_Rating_Guide_2009.pdf)
 as reference.
 
-## OWASP Testing guide 
+### OWASP Testing guide 
 
 ciphersurfer goal is to make tests described in the [Owasp Testing
 guide](https://www.owasp.org/index.php/Testing_for_SSL-TLS_(OWASP-CM-001\))

data/Rakefile

@@ -12,14 +12,18 @@ end
 require 'rake'
 
 require 'jeweler'
+require './lib/ciphersurfer/version'
+
 Jeweler::Tasks.new do |gem|
   # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
   gem.name = "ciphersurfer"
   gem.homepage = "http://github.com/thesp0nge/ciphersurfer"
   gem.license = "BSD"
-  gem.version = File.read('VERSION')
-  gem.summary = %Q{list all enable ciphers for a given website}
-  gem.description = %Q{ciphersurfer is a security tool that list enabled ciphers for a secure HTTP connection}
+  gem.version = Ciphersurfer::Version::STRING 
+  File.open('VERSION', 'w') {|f| f.write(Ciphersurfer::Version::STRING) }
+
+  gem.summary = %Q{evaluates web server SSL configuration}
+  gem.description = %Q{ciphersurfer is a security tool that evaluates web server SSL configuration}
   gem.email = "thesp0nge@gmail.com"
   gem.authors = ["Paolo Perego"]
   gem.executables = ['ciphersurfer']

data/VERSION

@@ -1 +1 @@
-1.0.0.rc1
+1.0.0

data/bin/ciphersurfer

@@ -1,42 +1,59 @@
 #!/usr/bin/env ruby
-require 'ciphersurfer'
+
 require 'rainbow'
-require 'awesome_print'
-require 'progressbar'
+require 'ciphersurfer'
 require 'getoptlong'
 require 'json'
 
+def score_to_color(score)
+  case score
+  when 1...40
+    return "red".to_sym
+  when 40...80
+    return "yellow".to_sym
+  when 80..100
+    return "green".to_sym
+  end
+end
+
 opts = GetoptLong.new(
   [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
   [ '--version', '-v', GetoptLong::NO_ARGUMENT ],
-  [ '--list-ciphers', '-l', GetoptLong::NO_ARGUMENT ]#,
-  # [ '--json', '-j', GetoptLong::NO_ARGUMENT]
+  [ '--list-ciphers', '-l', GetoptLong::NO_ARGUMENT ],
+  [ '--json', '-j', GetoptLong::NO_ARGUMENT]
 )
+trap("INT") { puts '['+'INTERRUPTED'.color(:red)+']'; exit -1 }
 
 options={:json=>false,:list_ciphers=>false}
 
 opts.each do |opt, arg|
   case opt
   when '--help'
-    ap "usage: ciphersurfer [-ljvh] server[:port]"
-    ap "       -l: lists supported ciphers instead of just evaluate the security level"
-    # ap "       -j: formats the output using JSON"
-    ap "       -v: shows  version"
-    ap "       -h: this help"
+    puts "usage: ciphersurfer [-ljvh] server[:port]"
+    puts "       -l: lists supported ciphers instead of just evaluate the security level"
+    puts "       -j: formats the output using JSON"
+    puts "       -v: shows  version"
+    puts "       -h: this help"
     exit 0
   when '--version'
-    ap "ciphersurfer " + Ciphersurfer::Version.version[:string]
+    puts "ciphersurfer " + Ciphersurfer::Version::STRING
     exit 0
-  # unsupported right now...
-  #when '--json'
-  #  options[:json]=true
+  when '--json'
+    options[:json]=true
   when '--list-ciphers'
     options[:list_ciphers]=true
   end
 end
 
 if ( ARGV.length != 1 )
-  ap 'ciphersurfer: missing target'
+  puts 'missing target'.color(:red)
+
+  puts "usage: ciphersurfer [-ljvh] server[:port]"
+  puts "       -l: lists supported ciphers instead of just evaluate the security level"
+  puts "       -j: formats the output using JSON"
+  puts "       -v: shows  version"
+  puts "       -h: this help"
+
   exit -1
 end
 
@@ -44,19 +61,17 @@ target = ARGV.shift
 host = target.split(':')[0] ||= "localhost"   #fallback here should never occur... however it's better to be paranoid
 port = target.split(':')[1] ||= 443           # more common here
 
-ap "scanning #{host}:#{port} for supported ciphers"
+puts "Evaluating secure communication with #{host}:#{port}"
 
 if ! Ciphersurfer::Scanner.alive?(host, port)
-  ap "it seems there is no server listening @#{host}:#{port}"
   exit -2 
 end
 
 protocol_version = [:SSLv2, :SSLv3, :TLSv1]#, :TLSv11, :TLSv12]
 
-# ok = {}
 supported_protocols = []
 cipher_bits=[]
-
+ciphers=[]
 
 
 protocol_version.each do |version|
@@ -66,36 +81,48 @@ protocol_version.each do |version|
   if (s.ok_ciphers.size != 0)
     supported_protocols << version
     cipher_bits = cipher_bits | s.ok_bits
+    ciphers = ciphers | s.ok_ciphers
   end
-  
-  # ok << {:proto=>version, :ciphers=>s.ok_ciphers}
 
 end
 
-cert = Ciphersurfer::Scanner.cert(host, port)
-a=cert.public_key.to_text
-key_size=/Modulus \((\d+)/i.match(a)[1]
-                   
-
-                    proto_score= Ciphersurfer::Score.evaluate_protocols(supported_protocols)
-                    cipher_score= Ciphersurfer::Score.evaluate_ciphers(cipher_bits)
-                    key_score= Ciphersurfer::Score.evaluate_key(key_size.to_i)
-score= Ciphersurfer::Score.score(proto_score, key_score, cipher_score)
-ap Ciphersurfer::Score.evaluate(score) + " ("+score.to_s+")"
-
-ap "Protocol support: " + proto_score.to_s
-ap "Key exchange: " + key_score.to_s
-ap "Cipher strength: " + cipher_score.to_s
-
+if (options[:list_ciphers])
+  ciphers.each do |c|
+    puts "[+] accepted #{c}".green
+  end
+  exit 0
+end
 
+cert= Ciphersurfer::Scanner.cert(host, port)
+if ! cert.nil?
+  a=cert.public_key.to_text
+  key_size=/Modulus \((\d+)/i.match(a)[1]
+else
+  puts "warning: the server didn't give us the certificate".color(:yellow)
+  key_size=0
+end
+                   
 
+proto_score=  Ciphersurfer::Score.evaluate_protocols(supported_protocols)
+cipher_score= Ciphersurfer::Score.evaluate_ciphers(cipher_bits)
+key_score=    Ciphersurfer::Score.evaluate_key(key_size.to_i)
+score=        Ciphersurfer::Score.score(proto_score, key_score, cipher_score)
 
-# e.g. supported_protocols = [:SSLv2, :TLSv1]
-# e.g. cipher_bits = [0, 256, 1024]
+if (options[:json])
+  a={:evaluation => Ciphersurfer::Score.evaluate(score), :score => score, :protocol_score=>proto_score, :key_exchange_score=>key_score, :cipher_score=>cipher_score}
+  puts a.to_json
+  
+  exit 0
+end
 
-# if options[:list_ciphers] 
-#     ok.each do |o|
-#       puts "[+] Accepted\\t #{o[:bits]} bits\\t#{o[:name]}"
-#     end
-#   end
+printf "%20s : %s (%s)\n", "Overall evaluation", Ciphersurfer::Score.evaluate(score), score.to_s
+printf "%20s : ", "Protocol support" 
+proto_score.to_i.times{print 'o'.color(score_to_color(proto_score))}
+puts ' ('+proto_score.to_s+')'
+printf "%20s : ",  "Key exchange" 
+key_score.to_i.times{print 'o'.color(score_to_color(key_score))}
+puts ' ('+key_score.to_s+')'
+printf "%20s : ", "Cipher strength" 
+cipher_score.to_i.times{print 'o'.color(score_to_color(cipher_score))}
+puts ' ('+cipher_score.to_s+')'
 

data/lib/ciphersurfer/scanner.rb

@@ -9,35 +9,58 @@ module Ciphersurfer
     attr_reader :ok_ciphers, :ok_bits
     attr_reader :peer_cert
 
+
+
     def initialize(options={})
       @host=options[:host]
       @port=options[:port] ||= 443
       @proto=options[:proto]
       @ok_ciphers=[]
       @ok_bits=[]
+      @alive=false
     end
 
     def self.cert(host, port)
-      client=HTTPClient.new
-      response=client.get("https://#{host}:#{port}")
-      peer_cert = response.peer_cert
+      if (! @alive)
+        self.alive?(host.port)
+      end
+
+      @peer_cert
+
+      # client=HTTPClient.new
+      # response=client.get("https://#{host}:#{port}")
+      # peer_cert = response.peer_cert
     end
 
     def self.alive?(host, port)
-      request = Net::HTTP.new(host, port)
-      request.use_ssl = true
-      request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      client=HTTPClient.new
       begin
-        response = request.get("/")
+        @alive=true
+        response=client.get("https://#{host}:#{port}")
+        @peer_cert = response.peer_cert
         return true
-      rescue Errno::ECONNREFUSED => e
-        return false
-      rescue OpenSSL::SSL::SSLError => e
-        return false
-      rescue 
+      rescue => e
+        puts "alive?(): #{e.message}".color(:red)
         return false
       end
+      
     end
+
+    # def self.alive?(host, port)
+    #   request = Net::HTTP.new(host, port)
+    #   request.use_ssl = true
+    #   request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    #   begin
+    #     response = request.get("/")
+    #     return true
+    #   rescue Errno::ECONNREFUSED => e
+    #     return false
+    #   rescue OpenSSL::SSL::SSLError => e
+    #     return false
+    #   rescue 
+    #     return false
+    #   end
+    # end
    
     def go
       context=OpenSSL::SSL::SSLContext.new(@proto)
@@ -46,14 +69,12 @@ module Ciphersurfer
 
         request = Net::HTTP.new(@host, @port)
         request.use_ssl = true
-        
-        request.ca_file='/Users/thesp0nge/src/hacking/ciphersurfer/cacert.pem'
         request.verify_mode = OpenSSL::SSL::VERIFY_NONE
         request.ciphers= cipher_name
         begin
           response = request.get("/")
           @ok_bits << bits
-          @ok_ciphers << {:bits=>bits, :name=>cipher_name}
+          @ok_ciphers << cipher_name
         rescue OpenSSL::SSL::SSLError => e
           # Quietly discard SSLErrors, really I don't care if the cipher has
           # not been accepted

data/lib/ciphersurfer/score.rb

@@ -1,7 +1,4 @@
 module Ciphersurfer
-    PROTOCOL_SUPPORT_RATIO  = 0.3
-    KEY_EXCHANGE_RATIO      = 0.3
-    CIPHER_STRENGTH         = 0.4
 
     class Score
 
@@ -92,7 +89,6 @@ module Ciphersurfer
 
 
       # FIXME: How can I test Weak key (Debian OpenSSL flaw)?
-      # FIXME: Evaluate if "Exportable key exchange limited to 512 bits is fully covered in k_len<1024
       def self.evaluate_key(key_length)
         case (key_length)
         when 0

data/lib/ciphersurfer/version.rb

@@ -1,89 +1,10 @@
 module Ciphersurfer
-  class Version
-
-    # Returns a hash representing the version of ciphersurfer.
-    # The `:major`, `:minor`, and `:patch` keys have their respective numbers as Fixnums.
-    # The `:name` key has the name of the version.
-    # The `:string` key contains a human-readable string representation of the version.
-    # The `:number` key is the major, minor, and patch keys separated by periods.
-    # If ciphersurfer is checked out from Git, the `:rev` key will have the revision hash.  
-    # 
-    # For example:
-    #
-    #     {
-    #       :string => "0.1.4.160676a",
-    #       :rev    => "160676ab8924ef36639c7e82aa88a51a24d16949",
-    #       :number => "0.1.4",
-    #       :major  => 0, :minor => 1, :patch => 4
-    #     }
-    # 
-    # If a prerelease version of ciphersurfer is being used,
-    # the `:string` and `:number` fields will reflect the full version
-    # (e.g. `"1.0.beta.1"`), and the `:patch` field will be `-1`.
-    #
-    # A `:prerelease` key will contain the name of the prerelease (e.g. `"beta"`),
-    # and a `:prerelease_number` key will contain the rerelease number.
-    #
-    # For example:
-    #
-    #     {
-    #       :string => "1.0.beta.1",
-    #       :number => "1.0.beta.1",
-    #       :major => 1, :minor => 0, :patch => -1,
-    #       :prerelease => "beta",
-    #       :prerelease_number => 1
-    #     }
-    # 
-    # @return [{Symbol => String/Fixnum}] The version hash  
-    def self.version
-      return @@version if defined?(@@version)
-      numbers = File.read('VERSION').strip.split('.').map {|n| n =~ /^[0-9]+$/ ? n.to_i : n}
-      @@version = {
-        :major => numbers[0],
-        :minor => numbers[1],
-        :patch => numbers[2]
-      }
-      if numbers[3].is_a?(String)
-        @@version[:patch] = -1
-        @@version[:prerelease] = numbers[3]
-        @@version[:prerelease_number] = numbers[4]
-      end
-      @@version[:number] = numbers.join('.')
-      @@version[:string] = @@version[:number].dup
-      
-      rev = revision_number
-      @@version[:rev] = rev
-      unless rev[0] == ?(
-        @@version[:string] << "." << rev[0...7]
-      end
-      
-      @@version
-    end
-
-    def self.revision_number
-      if File.exists?('REVISION')
-        rev = File.read('REVISION').strip
-        return rev unless rev =~ /^([a-f0-9]+|\(.*\))$/ || rev == '(unknown)'
-      end
-
-      return unless File.exists?('.git/HEAD')
-      rev = File.read('.git/HEAD').strip
-      return rev unless rev =~ /^ref: (.*)$/
-
-        ref_name = $1
-      ref_file = "./.git/#{ref_name}"
-      info_file = "./.git/info/refs"
-      return File.read(ref_file).strip if File.exists?(ref_file)
-      return unless File.exists?(info_file)
-      File.open(info_file) do |f|
-        f.each do |l|
-          sha, ref = l.strip.split("\t", 2)
-          next unless ref == ref_name
-          return sha
-        end
-      end
-      return nil
-    end
-
+  module Version
+    MAJOR = 1
+    MINOR = 0
+    PATCH = 0
+    #BUILD = ''
+    #STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
+    STRING = [MAJOR, MINOR, PATCH].compact.join('.')
   end
 end

data/spec/scoring_spec.rb

@@ -40,22 +40,22 @@ describe 'Ciphersurfer' do
     end
 
     it "should give a 0.5 if both SSLv2 and SSLv3 are supported but no TLS" do
-      Ciphersurfer::Score.evaluate_protocols([:SSLv2, :SSLv3]).should == 0.5
+      Ciphersurfer::Score.evaluate_protocols([:SSLv2, :SSLv3]).should == 50
     end
     it "should give a 0.2 if only SSLv2 protocol is supported" do
-      Ciphersurfer::Score.evaluate_protocols([:SSLv2]).should == 0.2
+      Ciphersurfer::Score.evaluate_protocols([:SSLv2]).should == 20
     end
 
     it "should give a 0.55 if SSLv2 and TLSv1 are supported but no SSLv3" do
-      Ciphersurfer::Score.evaluate_protocols([:SSLv2, :TLSv1]).should == 0.55
+      Ciphersurfer::Score.evaluate_protocols([:SSLv2, :TLSv1]).should == 55
     end
 
     it "should give a 0.55 if SSLv2, SSLv3 and TLSv1 are supported" do
-      Ciphersurfer::Score.evaluate_protocols([:SSLv2, :SSLv3, :TLSv1]).should == 0.55
+      Ciphersurfer::Score.evaluate_protocols([:SSLv2, :SSLv3, :TLSv1]).should == 55
     end
 
     it "should give a 1 if only TLSv1.2 is supported" do
-      Ciphersurfer::Score.evaluate_protocols([:TLSv12]).should == 1.0
+      Ciphersurfer::Score.evaluate_protocols([:TLSv12]).should == 100
     end
 
     it "should give a 0 if cipher has 0 length" do
@@ -63,27 +63,27 @@ describe 'Ciphersurfer' do
     end 
 
     it "should give a 0.2 if ciphers supported have length < 128" do 
-      Ciphersurfer::Score.evaluate_ciphers([40, 56, 64]).should == 0.2
+      Ciphersurfer::Score.evaluate_ciphers([40, 56, 64]).should == 20
     end 
 
     it "should give a 0.8 if ciphers supported have length < 256" do 
-      Ciphersurfer::Score.evaluate_ciphers([128, 168, 255]).should == 0.8
+      Ciphersurfer::Score.evaluate_ciphers([128, 168, 255]).should == 80
     end 
 
     it "should give a 1.0 if ciphers supported have length >= 256" do 
-      Ciphersurfer::Score.evaluate_ciphers([256, 512, 2048]).should == 1.0
+      Ciphersurfer::Score.evaluate_ciphers([256, 512, 2048]).should == 100
     end 
 
     it "should give 0.1 if no encryption or ciphers lenght < 128" do
-      Ciphersurfer::Score.evaluate_ciphers([0, 40, 56, 64]).should == 0.1
+      Ciphersurfer::Score.evaluate_ciphers([0, 40, 56, 64]).should == 10
     end
 
     it "should give a 0.5 if ciphers supported have length < 256 and < 128" do 
-      Ciphersurfer::Score.evaluate_ciphers([40, 56, 128, 168, 255]).should == 0.5
+      Ciphersurfer::Score.evaluate_ciphers([40, 56, 128, 168, 255]).should == 50
     end 
 
     it "should give a 0.6 if ciphers supported have length >= 256 and < 128" do 
-      Ciphersurfer::Score.evaluate_ciphers([40, 56, 1024, 2048]).should == 0.6
+      Ciphersurfer::Score.evaluate_ciphers([40, 56, 1024, 2048]).should == 60
     end 
 
     it "should give a 0 if no key provided" do
@@ -91,41 +91,41 @@ describe 'Ciphersurfer' do
     end
 
     it "should give a 0.2 if key < 512" do
-      Ciphersurfer::Score.evaluate_key(128).should == 0.2
-      Ciphersurfer::Score.evaluate_key(256).should == 0.2
-      Ciphersurfer::Score.evaluate_key(511).should == 0.2
-      Ciphersurfer::Score.evaluate_key(512).should_not == 0.2
+      Ciphersurfer::Score.evaluate_key(128).should == 20
+      Ciphersurfer::Score.evaluate_key(256).should == 20
+      Ciphersurfer::Score.evaluate_key(511).should == 20
+      Ciphersurfer::Score.evaluate_key(512).should_not == 20
     end
 
     it "should give a 0.4 if 512 <= key < 1024" do
-      Ciphersurfer::Score.evaluate_key(512).should == 0.4
-      Ciphersurfer::Score.evaluate_key(1000).should == 0.4
-      Ciphersurfer::Score.evaluate_key(1024).should_not == 0.4
+      Ciphersurfer::Score.evaluate_key(512).should == 40
+      Ciphersurfer::Score.evaluate_key(1000).should == 40
+      Ciphersurfer::Score.evaluate_key(1024).should_not == 40
     end
 
     it "should give a 0.8 if 1024 <= key < 2048" do
-      Ciphersurfer::Score.evaluate_key(1024).should == 0.8
-      Ciphersurfer::Score.evaluate_key(2043).should == 0.8
-      Ciphersurfer::Score.evaluate_key(2048).should_not == 0.8
+      Ciphersurfer::Score.evaluate_key(1024).should == 80
+      Ciphersurfer::Score.evaluate_key(2043).should == 80
+      Ciphersurfer::Score.evaluate_key(2048).should_not == 80
     end
 
     it "should give a 0.9 if 2048 <= key < 4096" do
-      Ciphersurfer::Score.evaluate_key(2048).should == 0.9
-      Ciphersurfer::Score.evaluate_key(4095).should == 0.9
-      Ciphersurfer::Score.evaluate_key(4096).should_not == 0.9
+      Ciphersurfer::Score.evaluate_key(2048).should == 90
+      Ciphersurfer::Score.evaluate_key(4095).should == 90
+      Ciphersurfer::Score.evaluate_key(4096).should_not == 90
     end
 
     it "should give a 1.0 if key >= 4096" do
-      Ciphersurfer::Score.evaluate_key(4096).should == 1.0
+      Ciphersurfer::Score.evaluate_key(4096).should == 100
     end
 
 
     it "should evalute the overall score" do
-      Ciphersurfer::Score.score([1.0, 1.0, 1.0]).should == 1.0
-      Ciphersurfer::Score.score([0, 1.0, 1.0]).should == 0.7
-      Ciphersurfer::Score.score([1.0, 0, 1.0]).should == 0.7
-      Ciphersurfer::Score.score([1.0, 1.0, 0]).should == 0.6
-      Ciphersurfer::Score.score([0, 0, 1.0]).should == 0.4
+      Ciphersurfer::Score.score(100, 100, 100).should == 100
+      Ciphersurfer::Score.score(0, 100, 100).should == 70
+      Ciphersurfer::Score.score(100, 0, 100).should == 70
+      Ciphersurfer::Score.score(100, 100, 0).should == 60
+      Ciphersurfer::Score.score(0, 0, 100).should == 40
     end
   end
 end

metadata

@@ -1,19 +1,19 @@
 --- !ruby/object:Gem::Specification
 name: ciphersurfer
 version: !ruby/object:Gem::Version
-  version: 1.0.0.rc1
-  prerelease: 6
+  version: 1.0.0
+  prerelease: 
 platform: ruby
 authors:
 - Paolo Perego
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-01-30 00:00:00.000000000Z
+date: 2012-01-31 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rainbow
-  requirement: &70292333333420 !ruby/object:Gem::Requirement
+  requirement: &70151800022700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,32 +21,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70292333333420
-- !ruby/object:Gem::Dependency
-  name: progressbar
-  requirement: &70292333332820 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: *70292333332820
-- !ruby/object:Gem::Dependency
-  name: awesome_print
-  requirement: &70292333332280 !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - ! '>='
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: *70292333332280
+  version_requirements: *70151800022700
 - !ruby/object:Gem::Dependency
   name: json
-  requirement: &70292333331760 !ruby/object:Gem::Requirement
+  requirement: &70151800022200 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,10 +32,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70292333331760
+  version_requirements: *70151800022200
 - !ruby/object:Gem::Dependency
   name: httpclient
-  requirement: &70292333331180 !ruby/object:Gem::Requirement
+  requirement: &70151800021680 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -65,10 +43,10 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70292333331180
+  version_requirements: *70151800021680
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70292333330580 !ruby/object:Gem::Requirement
+  requirement: &70151800021200 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -76,10 +54,10 @@ dependencies:
         version: 2.3.0
   type: :development
   prerelease: false
-  version_requirements: *70292333330580
+  version_requirements: *70151800021200
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70292333329980 !ruby/object:Gem::Requirement
+  requirement: &70151800020700 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -87,10 +65,10 @@ dependencies:
         version: 1.0.0
   type: :development
   prerelease: false
-  version_requirements: *70292333329980
+  version_requirements: *70151800020700
 - !ruby/object:Gem::Dependency
   name: jeweler
-  requirement: &70292333329400 !ruby/object:Gem::Requirement
+  requirement: &70151800020200 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ~>
@@ -98,10 +76,10 @@ dependencies:
         version: 1.6.4
   type: :development
   prerelease: false
-  version_requirements: *70292333329400
+  version_requirements: *70151800020200
 - !ruby/object:Gem::Dependency
   name: rcov
-  requirement: &70292333328800 !ruby/object:Gem::Requirement
+  requirement: &70151800019680 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -109,22 +87,21 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70292333328800
-description: ciphersurfer is a security tool that list enabled ciphers for a secure
-  HTTP connection
+  version_requirements: *70151800019680
+description: ciphersurfer is a security tool that evaluates web server SSL configuration
 email: thesp0nge@gmail.com
 executables:
 - ciphersurfer
 extensions: []
 extra_rdoc_files:
-- LICENSE
+- LICENSE.txt
 - README.md
 files:
 - .document
 - .rspec
 - Gemfile
 - Gemfile.lock
-- LICENSE
+- LICENSE.txt
 - README.md
 - Rakefile
 - VERSION
@@ -151,17 +128,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2946885741293011983
+      hash: -144423805926763558
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
-  - - ! '>'
+  - - ! '>='
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
-summary: list all enable ciphers for a given website
+summary: evaluates web server SSL configuration
 test_files: []