ciphersurfer 1.2.0 → 1.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/ciphersurfer +12 -8
- data/lib/ciphersurfer/scanner.rb +19 -1
- data/lib/ciphersurfer/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0450ff899c0cd27a3489224297d9177b3e8b0737
|
4
|
+
data.tar.gz: 700b97bdd102d017fb8f7961ba59443153e26ae7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd5d0dd3afd9346776ecf76c5f5d8424e64c491f25bb0d8af31cac6c1e80373797a4f88fbe37261a477f5cb0ff07cd3ae01d1a2447bc7df92baaab46690b0abe
|
7
|
+
data.tar.gz: 8203791bec5d0867301b21415ac330f3639232622f3cdaca4eb77a9b1ec619055b807011a68900a753b1be5b7249d98b89f89494e16c6dde58c668bcaf677195
|
data/bin/ciphersurfer
CHANGED
@@ -45,7 +45,7 @@ opts.each do |opt, arg|
|
|
45
45
|
when '--list-ciphers'
|
46
46
|
options[:list_ciphers]=true
|
47
47
|
when '--poodle-test'
|
48
|
-
options[:poodle]
|
48
|
+
options[:poodle]=true
|
49
49
|
end
|
50
50
|
end
|
51
51
|
|
@@ -65,6 +65,15 @@ target = ARGV.shift
|
|
65
65
|
host = target.split(':')[0] ||= "localhost" #fallback here should never occur... however it's better to be paranoid
|
66
66
|
port = target.split(':')[1] ||= 443 # more common here
|
67
67
|
|
68
|
+
if (options[:poodle])
|
69
|
+
if Ciphersurfer::Scanner.poodle?(host, port)
|
70
|
+
puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support"
|
71
|
+
else
|
72
|
+
puts "[*] #{target} does not support SSLv3"
|
73
|
+
end
|
74
|
+
exit
|
75
|
+
end
|
76
|
+
|
68
77
|
puts "Evaluating secure communication with #{host}:#{port}"
|
69
78
|
|
70
79
|
if ! Ciphersurfer::Scanner.alive?(host, port)
|
@@ -121,13 +130,8 @@ if (options[:json])
|
|
121
130
|
|
122
131
|
exit 0
|
123
132
|
end
|
124
|
-
|
125
|
-
|
126
|
-
puts "[!] #{target} is vulnerable to POODLE attack. Please remove SSLv3 support" if s == :SSLv3
|
127
|
-
puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
|
128
|
-
end
|
129
|
-
exit 0
|
130
|
-
end
|
133
|
+
|
134
|
+
# puts "[!] #{target} supports SSLv1 that is obsolete and insecure. Please remove SSLv2 support" if s == :SSLv2
|
131
135
|
|
132
136
|
printf "%20s : %s (%s)\n", "Overall evaluation", Ciphersurfer::Score.evaluate(score), score.to_s
|
133
137
|
printf "%20s : ", "Protocol support"
|
data/lib/ciphersurfer/scanner.rb
CHANGED
@@ -83,7 +83,25 @@ module Ciphersurfer
|
|
83
83
|
# return false
|
84
84
|
# end
|
85
85
|
# end
|
86
|
-
|
86
|
+
|
87
|
+
def self.poodle?(host, port)
|
88
|
+
# context=OpenSSL::SSL::SSLContext.new(:SSLv3)
|
89
|
+
request = Net::HTTP.new(host, port)
|
90
|
+
request.use_ssl = true
|
91
|
+
request.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
92
|
+
request.ssl_version = :SSLv3
|
93
|
+
begin
|
94
|
+
response = request.get("/")
|
95
|
+
return true
|
96
|
+
rescue OpenSSL::SSL::SSLError => e
|
97
|
+
return false
|
98
|
+
rescue
|
99
|
+
return false
|
100
|
+
end
|
101
|
+
|
102
|
+
|
103
|
+
end
|
104
|
+
|
87
105
|
def go
|
88
106
|
context=OpenSSL::SSL::SSLContext.new(@proto)
|
89
107
|
cipher_set = context.ciphers
|
data/lib/ciphersurfer/version.rb
CHANGED