ciphersurfer 1.0.4 → 1.2.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: f1503df20e8e6fb158b82a0cb49f1ec3ccccdf1c
+  data.tar.gz: 0144cabd84f3d1f72fc5844f2d82b025e2f5a5f6
+SHA512:
+  metadata.gz: 4a0a44b91ffd8a7ceb03ac5ad25b986c5c126607811b4f750a231ac025d5178f92317f07dda234c274ecf0676b329027af432fb12e048c631b6a6d3e1de38a31
+  data.tar.gz: 34428251037480f89df420a00ea8fda7dd6eb972cd5bee9c5efe201192c6a9b4f1967e7948585a409a8fda914877988eba43b9897e8b79dd5afa3c1a55920a4e

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rvmrc

@@ -0,0 +1 @@
+rvm use 2.1.3@hacking

data/Gemfile

@@ -1,18 +1,4 @@
-source "http://rubygems.org"
+source 'https://rubygems.org'
 
-gem 'rainbow'
-gem 'json'
-gem 'httpclient'
-
-# Add dependencies required to use your gem here.
-# Example:
-#   gem "activesupport", ">= 2.3.5"
-
-# Add dependencies to develop your gem here.
-# Include everything needed to run rake, tests, features, etc.
-group :development do
-  gem "rspec", "~> 2.3.0"
-  gem "bundler", "~> 1.0.0"
-  gem "jeweler", "~> 1.6.4"
-  gem "rcov", ">= 0"
-end
+# Specify your gem's dependencies in ciphersurfer.gemspec
+gemspec

data/Gemfile.lock

@@ -1,34 +1,21 @@
+PATH
+  remote: .
+  specs:
+    ciphersurfer (1.2.0)
+      httpclient
+      rainbow
+
 GEM
-  remote: http://rubygems.org/
+  remote: https://rubygems.org/
   specs:
-    diff-lcs (1.1.3)
-    git (1.2.5)
     httpclient (2.2.4)
-    jeweler (1.6.4)
-      bundler (~> 1.0)
-      git (>= 1.2.5)
-      rake
-    json (1.6.5)
     rainbow (1.1.3)
     rake (0.9.2.2)
-    rcov (0.9.11)
-    rspec (2.3.0)
-      rspec-core (~> 2.3.0)
-      rspec-expectations (~> 2.3.0)
-      rspec-mocks (~> 2.3.0)
-    rspec-core (2.3.1)
-    rspec-expectations (2.3.0)
-      diff-lcs (~> 1.1.2)
-    rspec-mocks (2.3.0)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  bundler (~> 1.0.0)
-  httpclient
-  jeweler (~> 1.6.4)
-  json
-  rainbow
-  rcov
-  rspec (~> 2.3.0)
+  bundler (~> 1.5)
+  ciphersurfer!
+  rake

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright (c) 2012 Paolo Perego
+Copyright (c) 2014 Paolo Perego
+
+MIT License
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/Rakefile

@@ -1,58 +1 @@
-# encoding: utf-8
-
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
-require 'rake'
-
-require 'jeweler'
-require './lib/ciphersurfer/version'
-
-Jeweler::Tasks.new do |gem|
-  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
-  gem.name = "ciphersurfer"
-  gem.homepage = "http://github.com/thesp0nge/ciphersurfer"
-  gem.license = "BSD"
-  gem.version = Ciphersurfer::Version::STRING 
-  File.open('VERSION', 'w') {|f| f.write(Ciphersurfer::Version::STRING) }
-
-  gem.summary = %Q{evaluates web server SSL configuration}
-  gem.description = %Q{ciphersurfer is a security tool that evaluates web server SSL configuration}
-  gem.email = "thesp0nge@gmail.com"
-  gem.required_ruby_version = '>= 1.8.7'
-  gem.authors = ["Paolo Perego"]
-  gem.executables = ['ciphersurfer']
-  gem.default_executable = 'ciphersurfer'
-  gem.require_path = 'lib'
-  # dependencies defined in Gemfile
-end
-Jeweler::RubygemsDotOrgTasks.new
-
-require 'rspec/core'
-require 'rspec/core/rake_task'
-RSpec::Core::RakeTask.new(:spec) do |spec|
-  spec.pattern = FileList['spec/**/*_spec.rb']
-end
-
-RSpec::Core::RakeTask.new(:rcov) do |spec|
-  spec.pattern = 'spec/**/*_spec.rb'
-  spec.rcov = true
-end
-
-task :default => :spec
-
-require 'rake/rdoctask'
-Rake::RDocTask.new do |rdoc|
-  version = File.exist?('VERSION') ? File.read('VERSION') : ""
-
-  rdoc.rdoc_dir = 'rdoc'
-  rdoc.title = "ciphersurfer #{version}"
-  rdoc.rdoc_files.include('README*')
-  rdoc.rdoc_files.include('lib/**/*.rb')
-end
+require "bundler/gem_tasks"

data/VERSION

@@ -1 +1 @@
-1.0.4
+1.2.0

data/bin/ciphersurfer

@@ -20,11 +20,12 @@ opts = GetoptLong.new(
   [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
   [ '--version', '-v', GetoptLong::NO_ARGUMENT ],
   [ '--list-ciphers', '-l', GetoptLong::NO_ARGUMENT ],
+  [ '--poodle-test', '-P', GetoptLong::NO_ARGUMENT ],
   [ '--json', '-j', GetoptLong::NO_ARGUMENT]
 )
 trap("INT") { puts '['+'INTERRUPTED'.color(:red)+']'; exit -1 }
 
-options={:json=>false,:list_ciphers=>false}
+options={:json=>false,:list_ciphers=>false, :poodle=>true}
 
 opts.each do |opt, arg|
   case opt
@@ -32,6 +33,7 @@ opts.each do |opt, arg|
     puts "usage: ciphersurfer [-ljvh] server[:port]"
     puts "       -l: lists supported ciphers instead of just evaluate the security level"
     puts "       -j: formats the output using JSON"
+    puts "       -P: checks if server supports SSLv3 protocol for the POODLE attack (https://www.openssl.org/~bodo/ssl-poodle.pdf)"
     puts "       -v: shows  version"
     puts "       -h: this help"
     exit 0
@@ -42,6 +44,8 @@ opts.each do |opt, arg|
     options[:json]=true
   when '--list-ciphers'
     options[:list_ciphers]=true
+  when '--poodle-test'
+    options[:poodle] = true
   end
 end
 
@@ -96,7 +100,10 @@ end
 cert= Ciphersurfer::Scanner.cert(host, port)
 if ! cert.nil?
   a=cert.public_key.to_text ||= ""
-  key_size=/Modulus \((\d+)/i.match(a)[1]
+  match_modulus=/Modulus \((\d+)/i.match(a)
+  key_size=match_modulus[1].to_i unless match_modulus.nil?
+  match_key=/Public-Key: \((\d+) bit\)/i.match(a)
+  key_size=match_key[1].to_i unless match_key.nil?
 else
   puts "warning: the server didn't give us the certificate".color(:yellow)
   key_size=0
@@ -114,6 +121,13 @@ if (options[:json])
   
   exit 0
 end
+if (options[:poodle])
+  supported_protocols.each do|s|
+    puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support" if s == :SSLv3
+    puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
+  end
+  exit 0
+end
 
 printf "%20s : %s (%s)\n", "Overall evaluation", Ciphersurfer::Score.evaluate(score), score.to_s
 printf "%20s : ", "Protocol support" 
@@ -126,3 +140,4 @@ printf "%20s : ", "Cipher strength"
 cipher_score.to_i.times{print 'o'.color(score_to_color(cipher_score))}
 puts ' ('+cipher_score.to_s+')'
 
+

data/ciphersurfer.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'ciphersurfer/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "ciphersurfer"
+  spec.version       = Ciphersurfer::VERSION
+  spec.authors       = ["Paolo Perego"]
+  spec.email         = ["thesp0nge@gmail.com"]
+  spec.summary       = %q{ciphersurfer is a tool to check how strong is an SSL certificate. It also check for POODLE vulnerability, if your server supports SSLv3}
+  spec.description   = %q{ciphersurfer is a tool to check how strong is an SSL certificate. It also check for POODLE vulnerability, if your server supports SSLv3}
+  spec.homepage      = "https://codiceinsicuro.it"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "rainbow"
+  spec.add_dependency "httpclient"
+  spec.add_development_dependency "bundler", "~> 1.5"
+  spec.add_development_dependency "rake"
+end

data/lib/ciphersurfer/version.rb

@@ -1,10 +1,3 @@
 module Ciphersurfer
-  module Version
-    MAJOR = 1
-    MINOR = 0
-    PATCH = 4
-    #BUILD = ''
-    #STRING = [MAJOR, MINOR, PATCH, BUILD].compact.join('.')
-    STRING = [MAJOR, MINOR, PATCH].compact.join('.')
-  end
+  VERSION = "1.2.0"
 end

metadata

@@ -1,104 +1,84 @@
 --- !ruby/object:Gem::Specification
 name: ciphersurfer
 version: !ruby/object:Gem::Version
-  version: 1.0.4
-  prerelease: 
+  version: 1.2.0
 platform: ruby
 authors:
 - Paolo Perego
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-02-13 00:00:00.000000000Z
+date: 2014-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rainbow
-  requirement: &70177371274920 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70177371274920
-- !ruby/object:Gem::Dependency
-  name: json
-  requirement: &70177371273600 !ruby/object:Gem::Requirement
-    none: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: *70177371273600
 - !ruby/object:Gem::Dependency
   name: httpclient
-  requirement: &70177371272420 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70177371272420
-- !ruby/object:Gem::Dependency
-  name: rspec
-  requirement: &70177371271500 !ruby/object:Gem::Requirement
-    none: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 2.3.0
-  type: :development
-  prerelease: false
-  version_requirements: *70177371271500
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bundler
-  requirement: &70177371262180 !ruby/object:Gem::Requirement
-    none: false
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '1.5'
   type: :development
   prerelease: false
-  version_requirements: *70177371262180
-- !ruby/object:Gem::Dependency
-  name: jeweler
-  requirement: &70177371261020 !ruby/object:Gem::Requirement
-    none: false
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.6.4
-  type: :development
-  prerelease: false
-  version_requirements: *70177371261020
+        version: '1.5'
 - !ruby/object:Gem::Dependency
-  name: rcov
-  requirement: &70177371260040 !ruby/object:Gem::Requirement
-    none: false
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70177371260040
-description: ciphersurfer is a security tool that evaluates web server SSL configuration
-email: thesp0nge@gmail.com
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ciphersurfer is a tool to check how strong is an SSL certificate. It
+  also check for POODLE vulnerability, if your server supports SSLv3
+email:
+- thesp0nge@gmail.com
 executables:
 - ciphersurfer
 extensions: []
-extra_rdoc_files:
-- LICENSE.txt
-- README.md
+extra_rdoc_files: []
 files:
-- .document
-- .rspec
+- ".document"
+- ".gitignore"
+- ".rspec"
+- ".rvmrc"
 - Gemfile
 - Gemfile.lock
 - LICENSE.txt
@@ -106,6 +86,7 @@ files:
 - Rakefile
 - VERSION
 - bin/ciphersurfer
+- ciphersurfer.gemspec
 - lib/ciphersurfer.rb
 - lib/ciphersurfer/scanner.rb
 - lib/ciphersurfer/score.rb
@@ -113,29 +94,32 @@ files:
 - spec/ciphersurfer_spec.rb
 - spec/scoring_spec.rb
 - spec/spec_helper.rb
-homepage: http://github.com/thesp0nge/ciphersurfer
+homepage: https://codiceinsicuro.it
 licenses:
-- BSD
+- MIT
+metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.8.7
+      version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 2.2.2
 signing_key: 
-specification_version: 3
-summary: evaluates web server SSL configuration
-test_files: []
+specification_version: 4
+summary: ciphersurfer is a tool to check how strong is an SSL certificate. It also
+  check for POODLE vulnerability, if your server supports SSLv3
+test_files:
+- spec/ciphersurfer_spec.rb
+- spec/scoring_spec.rb
+- spec/spec_helper.rb