RubyGems - ciphersurfer - Versions diffs - 1.2.0 → 1.4.0 - Mend

ciphersurfer 1.2.0 → 1.4.0

Files changed (5) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f1503df20e8e6fb158b82a0cb49f1ec3ccccdf1c
-  data.tar.gz: 0144cabd84f3d1f72fc5844f2d82b025e2f5a5f6
+  metadata.gz: 0450ff899c0cd27a3489224297d9177b3e8b0737
+  data.tar.gz: 700b97bdd102d017fb8f7961ba59443153e26ae7
 SHA512:
-  metadata.gz: 4a0a44b91ffd8a7ceb03ac5ad25b986c5c126607811b4f750a231ac025d5178f92317f07dda234c274ecf0676b329027af432fb12e048c631b6a6d3e1de38a31
-  data.tar.gz: 34428251037480f89df420a00ea8fda7dd6eb972cd5bee9c5efe201192c6a9b4f1967e7948585a409a8fda914877988eba43b9897e8b79dd5afa3c1a55920a4e
+  metadata.gz: fd5d0dd3afd9346776ecf76c5f5d8424e64c491f25bb0d8af31cac6c1e80373797a4f88fbe37261a477f5cb0ff07cd3ae01d1a2447bc7df92baaab46690b0abe
+  data.tar.gz: 8203791bec5d0867301b21415ac330f3639232622f3cdaca4eb77a9b1ec619055b807011a68900a753b1be5b7249d98b89f89494e16c6dde58c668bcaf677195

data/bin/ciphersurfer CHANGED

@@ -45,7 +45,7 @@ opts.each do |opt, arg|
   when '--list-ciphers'
     options[:list_ciphers]=true
   when '--poodle-test'
-    options[:poodle] = true
+    options[:poodle]=true
   end
 end
@@ -65,6 +65,15 @@ target = ARGV.shift
 host = target.split(':')[0] ||= "localhost"   #fallback here should never occur... however it's better to be paranoid
 port = target.split(':')[1] ||= 443           # more common here
+if (options[:poodle])
+  if Ciphersurfer::Scanner.poodle?(host, port)
+    puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support"
+  else
+    puts "[*] #{target} does not support SSLv3"
+  end
+  exit
+end
 puts "Evaluating secure communication with #{host}:#{port}"
 if ! Ciphersurfer::Scanner.alive?(host, port)
@@ -121,13 +130,8 @@ if (options[:json])
   exit 0
 end
-if (options[:poodle])
-  supported_protocols.each do|s|
-    puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support" if s == :SSLv3
-    puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
-  end
-  exit 0
-end
+    # puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
 printf "%20s : %s (%s)\n", "Overall evaluation", Ciphersurfer::Score.evaluate(score), score.to_s
 printf "%20s : ", "Protocol support"

@@ -83,7 +83,25 @@ module Ciphersurfer
     #     return false
     #   end
     # end
+    def self.poodle?(host, port)
+      # context=OpenSSL::SSL::SSLContext.new(:SSLv3)
+      request = Net::HTTP.new(host, port)
+      request.use_ssl = true
+      request.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      request.ssl_version = :SSLv3
+      begin
+        response = request.get("/")
+        return true
+      rescue OpenSSL::SSL::SSLError => e
+        return false
+      rescue
+        return false
+      end
+    end
     def go
       context=OpenSSL::SSL::SSLContext.new(@proto)
       cipher_set = context.ciphers

@@ -1,3 +1,3 @@
 module Ciphersurfer
-  VERSION = "1.2.0"
+  VERSION = "1.4.0"
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ciphersurfer
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.4.0
 platform: ruby
 authors:
 - Paolo Perego