ciphersurfer 1.0.4 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/.rvmrc +1 -0
- data/Gemfile +3 -17
- data/Gemfile.lock +11 -24
- data/LICENSE.txt +3 -1
- data/Rakefile +1 -58
- data/VERSION +1 -1
- data/bin/ciphersurfer +17 -2
- data/ciphersurfer.gemspec +25 -0
- data/lib/ciphersurfer/version.rb +1 -8
- metadata +49 -65
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f1503df20e8e6fb158b82a0cb49f1ec3ccccdf1c
|
4
|
+
data.tar.gz: 0144cabd84f3d1f72fc5844f2d82b025e2f5a5f6
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 4a0a44b91ffd8a7ceb03ac5ad25b986c5c126607811b4f750a231ac025d5178f92317f07dda234c274ecf0676b329027af432fb12e048c631b6a6d3e1de38a31
|
7
|
+
data.tar.gz: 34428251037480f89df420a00ea8fda7dd6eb972cd5bee9c5efe201192c6a9b4f1967e7948585a409a8fda914877988eba43b9897e8b79dd5afa3c1a55920a4e
|
data/.gitignore
ADDED
data/.rvmrc
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
rvm use 2.1.3@hacking
|
data/Gemfile
CHANGED
@@ -1,18 +1,4 @@
|
|
1
|
-
source
|
1
|
+
source 'https://rubygems.org'
|
2
2
|
|
3
|
-
gem
|
4
|
-
|
5
|
-
gem 'httpclient'
|
6
|
-
|
7
|
-
# Add dependencies required to use your gem here.
|
8
|
-
# Example:
|
9
|
-
# gem "activesupport", ">= 2.3.5"
|
10
|
-
|
11
|
-
# Add dependencies to develop your gem here.
|
12
|
-
# Include everything needed to run rake, tests, features, etc.
|
13
|
-
group :development do
|
14
|
-
gem "rspec", "~> 2.3.0"
|
15
|
-
gem "bundler", "~> 1.0.0"
|
16
|
-
gem "jeweler", "~> 1.6.4"
|
17
|
-
gem "rcov", ">= 0"
|
18
|
-
end
|
3
|
+
# Specify your gem's dependencies in ciphersurfer.gemspec
|
4
|
+
gemspec
|
data/Gemfile.lock
CHANGED
@@ -1,34 +1,21 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
ciphersurfer (1.2.0)
|
5
|
+
httpclient
|
6
|
+
rainbow
|
7
|
+
|
1
8
|
GEM
|
2
|
-
remote:
|
9
|
+
remote: https://rubygems.org/
|
3
10
|
specs:
|
4
|
-
diff-lcs (1.1.3)
|
5
|
-
git (1.2.5)
|
6
11
|
httpclient (2.2.4)
|
7
|
-
jeweler (1.6.4)
|
8
|
-
bundler (~> 1.0)
|
9
|
-
git (>= 1.2.5)
|
10
|
-
rake
|
11
|
-
json (1.6.5)
|
12
12
|
rainbow (1.1.3)
|
13
13
|
rake (0.9.2.2)
|
14
|
-
rcov (0.9.11)
|
15
|
-
rspec (2.3.0)
|
16
|
-
rspec-core (~> 2.3.0)
|
17
|
-
rspec-expectations (~> 2.3.0)
|
18
|
-
rspec-mocks (~> 2.3.0)
|
19
|
-
rspec-core (2.3.1)
|
20
|
-
rspec-expectations (2.3.0)
|
21
|
-
diff-lcs (~> 1.1.2)
|
22
|
-
rspec-mocks (2.3.0)
|
23
14
|
|
24
15
|
PLATFORMS
|
25
16
|
ruby
|
26
17
|
|
27
18
|
DEPENDENCIES
|
28
|
-
bundler (~> 1.
|
29
|
-
|
30
|
-
|
31
|
-
json
|
32
|
-
rainbow
|
33
|
-
rcov
|
34
|
-
rspec (~> 2.3.0)
|
19
|
+
bundler (~> 1.5)
|
20
|
+
ciphersurfer!
|
21
|
+
rake
|
data/LICENSE.txt
CHANGED
data/Rakefile
CHANGED
@@ -1,58 +1 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
require 'rubygems'
|
4
|
-
require 'bundler'
|
5
|
-
begin
|
6
|
-
Bundler.setup(:default, :development)
|
7
|
-
rescue Bundler::BundlerError => e
|
8
|
-
$stderr.puts e.message
|
9
|
-
$stderr.puts "Run `bundle install` to install missing gems"
|
10
|
-
exit e.status_code
|
11
|
-
end
|
12
|
-
require 'rake'
|
13
|
-
|
14
|
-
require 'jeweler'
|
15
|
-
require './lib/ciphersurfer/version'
|
16
|
-
|
17
|
-
Jeweler::Tasks.new do |gem|
|
18
|
-
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
19
|
-
gem.name = "ciphersurfer"
|
20
|
-
gem.homepage = "http://github.com/thesp0nge/ciphersurfer"
|
21
|
-
gem.license = "BSD"
|
22
|
-
gem.version = Ciphersurfer::Version::STRING
|
23
|
-
File.open('VERSION', 'w') {|f| f.write(Ciphersurfer::Version::STRING) }
|
24
|
-
|
25
|
-
gem.summary = %Q{evaluates web server SSL configuration}
|
26
|
-
gem.description = %Q{ciphersurfer is a security tool that evaluates web server SSL configuration}
|
27
|
-
gem.email = "thesp0nge@gmail.com"
|
28
|
-
gem.required_ruby_version = '>= 1.8.7'
|
29
|
-
gem.authors = ["Paolo Perego"]
|
30
|
-
gem.executables = ['ciphersurfer']
|
31
|
-
gem.default_executable = 'ciphersurfer'
|
32
|
-
gem.require_path = 'lib'
|
33
|
-
# dependencies defined in Gemfile
|
34
|
-
end
|
35
|
-
Jeweler::RubygemsDotOrgTasks.new
|
36
|
-
|
37
|
-
require 'rspec/core'
|
38
|
-
require 'rspec/core/rake_task'
|
39
|
-
RSpec::Core::RakeTask.new(:spec) do |spec|
|
40
|
-
spec.pattern = FileList['spec/**/*_spec.rb']
|
41
|
-
end
|
42
|
-
|
43
|
-
RSpec::Core::RakeTask.new(:rcov) do |spec|
|
44
|
-
spec.pattern = 'spec/**/*_spec.rb'
|
45
|
-
spec.rcov = true
|
46
|
-
end
|
47
|
-
|
48
|
-
task :default => :spec
|
49
|
-
|
50
|
-
require 'rake/rdoctask'
|
51
|
-
Rake::RDocTask.new do |rdoc|
|
52
|
-
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
53
|
-
|
54
|
-
rdoc.rdoc_dir = 'rdoc'
|
55
|
-
rdoc.title = "ciphersurfer #{version}"
|
56
|
-
rdoc.rdoc_files.include('README*')
|
57
|
-
rdoc.rdoc_files.include('lib/**/*.rb')
|
58
|
-
end
|
1
|
+
require "bundler/gem_tasks"
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0
|
1
|
+
1.2.0
|
data/bin/ciphersurfer
CHANGED
@@ -20,11 +20,12 @@ opts = GetoptLong.new(
|
|
20
20
|
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
|
21
21
|
[ '--version', '-v', GetoptLong::NO_ARGUMENT ],
|
22
22
|
[ '--list-ciphers', '-l', GetoptLong::NO_ARGUMENT ],
|
23
|
+
[ '--poodle-test', '-P', GetoptLong::NO_ARGUMENT ],
|
23
24
|
[ '--json', '-j', GetoptLong::NO_ARGUMENT]
|
24
25
|
)
|
25
26
|
trap("INT") { puts '['+'INTERRUPTED'.color(:red)+']'; exit -1 }
|
26
27
|
|
27
|
-
options={:json=>false,:list_ciphers=>false}
|
28
|
+
options={:json=>false,:list_ciphers=>false, :poodle=>true}
|
28
29
|
|
29
30
|
opts.each do |opt, arg|
|
30
31
|
case opt
|
@@ -32,6 +33,7 @@ opts.each do |opt, arg|
|
|
32
33
|
puts "usage: ciphersurfer [-ljvh] server[:port]"
|
33
34
|
puts " -l: lists supported ciphers instead of just evaluate the security level"
|
34
35
|
puts " -j: formats the output using JSON"
|
36
|
+
puts " -P: checks if server supports SSLv3 protocol for the POODLE attack (https://www.openssl.org/~bodo/ssl-poodle.pdf)"
|
35
37
|
puts " -v: shows version"
|
36
38
|
puts " -h: this help"
|
37
39
|
exit 0
|
@@ -42,6 +44,8 @@ opts.each do |opt, arg|
|
|
42
44
|
options[:json]=true
|
43
45
|
when '--list-ciphers'
|
44
46
|
options[:list_ciphers]=true
|
47
|
+
when '--poodle-test'
|
48
|
+
options[:poodle] = true
|
45
49
|
end
|
46
50
|
end
|
47
51
|
|
@@ -96,7 +100,10 @@ end
|
|
96
100
|
cert= Ciphersurfer::Scanner.cert(host, port)
|
97
101
|
if ! cert.nil?
|
98
102
|
a=cert.public_key.to_text ||= ""
|
99
|
-
|
103
|
+
match_modulus=/Modulus \((\d+)/i.match(a)
|
104
|
+
key_size=match_modulus[1].to_i unless match_modulus.nil?
|
105
|
+
match_key=/Public-Key: \((\d+) bit\)/i.match(a)
|
106
|
+
key_size=match_key[1].to_i unless match_key.nil?
|
100
107
|
else
|
101
108
|
puts "warning: the server didn't give us the certificate".color(:yellow)
|
102
109
|
key_size=0
|
@@ -114,6 +121,13 @@ if (options[:json])
|
|
114
121
|
|
115
122
|
exit 0
|
116
123
|
end
|
124
|
+
if (options[:poodle])
|
125
|
+
supported_protocols.each do|s|
|
126
|
+
puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support" if s == :SSLv3
|
127
|
+
puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
|
128
|
+
end
|
129
|
+
exit 0
|
130
|
+
end
|
117
131
|
|
118
132
|
printf "%20s : %s (%s)\n", "Overall evaluation", Ciphersurfer::Score.evaluate(score), score.to_s
|
119
133
|
printf "%20s : ", "Protocol support"
|
@@ -126,3 +140,4 @@ printf "%20s : ", "Cipher strength"
|
|
126
140
|
cipher_score.to_i.times{print 'o'.color(score_to_color(cipher_score))}
|
127
141
|
puts ' ('+cipher_score.to_s+')'
|
128
142
|
|
143
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'ciphersurfer/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "ciphersurfer"
|
8
|
+
spec.version = Ciphersurfer::VERSION
|
9
|
+
spec.authors = ["Paolo Perego"]
|
10
|
+
spec.email = ["thesp0nge@gmail.com"]
|
11
|
+
spec.summary = %q{ciphersurfer is a tool to check how strong is an SSL certificate. It also check for POODLE vulnerability, if your server supports SSLv3}
|
12
|
+
spec.description = %q{ciphersurfer is a tool to check how strong is an SSL certificate. It also check for POODLE vulnerability, if your server supports SSLv3}
|
13
|
+
spec.homepage = "https://codiceinsicuro.it"
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files`.split($/)
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_dependency "rainbow"
|
22
|
+
spec.add_dependency "httpclient"
|
23
|
+
spec.add_development_dependency "bundler", "~> 1.5"
|
24
|
+
spec.add_development_dependency "rake"
|
25
|
+
end
|
data/lib/ciphersurfer/version.rb
CHANGED
metadata
CHANGED
@@ -1,104 +1,84 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ciphersurfer
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
5
|
-
prerelease:
|
4
|
+
version: 1.2.0
|
6
5
|
platform: ruby
|
7
6
|
authors:
|
8
7
|
- Paolo Perego
|
9
8
|
autorequire:
|
10
9
|
bindir: bin
|
11
10
|
cert_chain: []
|
12
|
-
date:
|
11
|
+
date: 2014-10-15 00:00:00.000000000 Z
|
13
12
|
dependencies:
|
14
13
|
- !ruby/object:Gem::Dependency
|
15
14
|
name: rainbow
|
16
|
-
requirement:
|
17
|
-
none: false
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
18
16
|
requirements:
|
19
|
-
- -
|
17
|
+
- - ">="
|
20
18
|
- !ruby/object:Gem::Version
|
21
19
|
version: '0'
|
22
20
|
type: :runtime
|
23
21
|
prerelease: false
|
24
|
-
version_requirements:
|
25
|
-
- !ruby/object:Gem::Dependency
|
26
|
-
name: json
|
27
|
-
requirement: &70177371273600 !ruby/object:Gem::Requirement
|
28
|
-
none: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
29
23
|
requirements:
|
30
|
-
- -
|
24
|
+
- - ">="
|
31
25
|
- !ruby/object:Gem::Version
|
32
26
|
version: '0'
|
33
|
-
type: :runtime
|
34
|
-
prerelease: false
|
35
|
-
version_requirements: *70177371273600
|
36
27
|
- !ruby/object:Gem::Dependency
|
37
28
|
name: httpclient
|
38
|
-
requirement:
|
39
|
-
none: false
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
40
30
|
requirements:
|
41
|
-
- -
|
31
|
+
- - ">="
|
42
32
|
- !ruby/object:Gem::Version
|
43
33
|
version: '0'
|
44
34
|
type: :runtime
|
45
35
|
prerelease: false
|
46
|
-
version_requirements:
|
47
|
-
- !ruby/object:Gem::Dependency
|
48
|
-
name: rspec
|
49
|
-
requirement: &70177371271500 !ruby/object:Gem::Requirement
|
50
|
-
none: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
37
|
requirements:
|
52
|
-
- -
|
38
|
+
- - ">="
|
53
39
|
- !ruby/object:Gem::Version
|
54
|
-
version:
|
55
|
-
type: :development
|
56
|
-
prerelease: false
|
57
|
-
version_requirements: *70177371271500
|
40
|
+
version: '0'
|
58
41
|
- !ruby/object:Gem::Dependency
|
59
42
|
name: bundler
|
60
|
-
requirement:
|
61
|
-
none: false
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
62
44
|
requirements:
|
63
|
-
- - ~>
|
45
|
+
- - "~>"
|
64
46
|
- !ruby/object:Gem::Version
|
65
|
-
version: 1.
|
47
|
+
version: '1.5'
|
66
48
|
type: :development
|
67
49
|
prerelease: false
|
68
|
-
version_requirements:
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: jeweler
|
71
|
-
requirement: &70177371261020 !ruby/object:Gem::Requirement
|
72
|
-
none: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
73
51
|
requirements:
|
74
|
-
- - ~>
|
52
|
+
- - "~>"
|
75
53
|
- !ruby/object:Gem::Version
|
76
|
-
version: 1.
|
77
|
-
type: :development
|
78
|
-
prerelease: false
|
79
|
-
version_requirements: *70177371261020
|
54
|
+
version: '1.5'
|
80
55
|
- !ruby/object:Gem::Dependency
|
81
|
-
name:
|
82
|
-
requirement:
|
83
|
-
none: false
|
56
|
+
name: rake
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
84
58
|
requirements:
|
85
|
-
- -
|
59
|
+
- - ">="
|
86
60
|
- !ruby/object:Gem::Version
|
87
61
|
version: '0'
|
88
62
|
type: :development
|
89
63
|
prerelease: false
|
90
|
-
version_requirements:
|
91
|
-
|
92
|
-
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
description: ciphersurfer is a tool to check how strong is an SSL certificate. It
|
70
|
+
also check for POODLE vulnerability, if your server supports SSLv3
|
71
|
+
email:
|
72
|
+
- thesp0nge@gmail.com
|
93
73
|
executables:
|
94
74
|
- ciphersurfer
|
95
75
|
extensions: []
|
96
|
-
extra_rdoc_files:
|
97
|
-
- LICENSE.txt
|
98
|
-
- README.md
|
76
|
+
extra_rdoc_files: []
|
99
77
|
files:
|
100
|
-
- .document
|
101
|
-
- .
|
78
|
+
- ".document"
|
79
|
+
- ".gitignore"
|
80
|
+
- ".rspec"
|
81
|
+
- ".rvmrc"
|
102
82
|
- Gemfile
|
103
83
|
- Gemfile.lock
|
104
84
|
- LICENSE.txt
|
@@ -106,6 +86,7 @@ files:
|
|
106
86
|
- Rakefile
|
107
87
|
- VERSION
|
108
88
|
- bin/ciphersurfer
|
89
|
+
- ciphersurfer.gemspec
|
109
90
|
- lib/ciphersurfer.rb
|
110
91
|
- lib/ciphersurfer/scanner.rb
|
111
92
|
- lib/ciphersurfer/score.rb
|
@@ -113,29 +94,32 @@ files:
|
|
113
94
|
- spec/ciphersurfer_spec.rb
|
114
95
|
- spec/scoring_spec.rb
|
115
96
|
- spec/spec_helper.rb
|
116
|
-
homepage:
|
97
|
+
homepage: https://codiceinsicuro.it
|
117
98
|
licenses:
|
118
|
-
-
|
99
|
+
- MIT
|
100
|
+
metadata: {}
|
119
101
|
post_install_message:
|
120
102
|
rdoc_options: []
|
121
103
|
require_paths:
|
122
104
|
- lib
|
123
105
|
required_ruby_version: !ruby/object:Gem::Requirement
|
124
|
-
none: false
|
125
106
|
requirements:
|
126
|
-
- -
|
107
|
+
- - ">="
|
127
108
|
- !ruby/object:Gem::Version
|
128
|
-
version:
|
109
|
+
version: '0'
|
129
110
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
130
|
-
none: false
|
131
111
|
requirements:
|
132
|
-
- -
|
112
|
+
- - ">="
|
133
113
|
- !ruby/object:Gem::Version
|
134
114
|
version: '0'
|
135
115
|
requirements: []
|
136
116
|
rubyforge_project:
|
137
|
-
rubygems_version:
|
117
|
+
rubygems_version: 2.2.2
|
138
118
|
signing_key:
|
139
|
-
specification_version:
|
140
|
-
summary:
|
141
|
-
|
119
|
+
specification_version: 4
|
120
|
+
summary: ciphersurfer is a tool to check how strong is an SSL certificate. It also
|
121
|
+
check for POODLE vulnerability, if your server supports SSLv3
|
122
|
+
test_files:
|
123
|
+
- spec/ciphersurfer_spec.rb
|
124
|
+
- spec/scoring_spec.rb
|
125
|
+
- spec/spec_helper.rb
|