rex-sslscan 0.1.11 → 0.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/verify.yml +2 -41
- data/README.md +2 -0
- data/lib/rex/sslscan/scanner.rb +32 -18
- data/lib/rex/sslscan/version.rb +1 -1
- metadata +7 -30
- checksums.yaml.gz.sig +0 -2
- data.tar.gz.sig +0 -0
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cef4452d76a846d5eba655bd26b54eaf4dc395c460159dbc63513cf2132cc849
|
|
4
|
+
data.tar.gz: 22297a7682033968b7289572fa14744b18c93a7adc5a83f107739741587dc05b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 02dc4ff4d97bf79b3b7a098c010583933d12ab241c9b84929bec7888c90d75a75dbee9e5038b68fea4dbe8236e99e0d2d825067e76ab71cf4a07564a3c3ea9fc
|
|
7
|
+
data.tar.gz: b4678f9fe1770c3374c8601d3bc5d7128edb347b86f424655fb9c93b498f635f6b16507929685e5b555dddfb042076604962347c37095ec0a027820f9faabc6b
|
|
@@ -9,44 +9,5 @@ on:
|
|
|
9
9
|
- '*'
|
|
10
10
|
|
|
11
11
|
jobs:
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
timeout-minutes: 40
|
|
15
|
-
|
|
16
|
-
strategy:
|
|
17
|
-
fail-fast: true
|
|
18
|
-
matrix:
|
|
19
|
-
ruby:
|
|
20
|
-
- '2.7'
|
|
21
|
-
- '3.0'
|
|
22
|
-
- '3.1'
|
|
23
|
-
- '3.2'
|
|
24
|
-
os:
|
|
25
|
-
- ubuntu-20.04
|
|
26
|
-
- ubuntu-latest
|
|
27
|
-
exclude:
|
|
28
|
-
- { os: ubuntu-latest, ruby: '2.7' }
|
|
29
|
-
- { os: ubuntu-latest, ruby: '3.0' }
|
|
30
|
-
test_cmd:
|
|
31
|
-
- bundle exec rspec
|
|
32
|
-
|
|
33
|
-
env:
|
|
34
|
-
RAILS_ENV: test
|
|
35
|
-
|
|
36
|
-
name: ${{ matrix.os }} - Ruby ${{ matrix.ruby }} - ${{ matrix.test_cmd }}
|
|
37
|
-
steps:
|
|
38
|
-
- name: Checkout code
|
|
39
|
-
uses: actions/checkout@v2
|
|
40
|
-
|
|
41
|
-
- name: Setup Ruby
|
|
42
|
-
uses: ruby/setup-ruby@v1
|
|
43
|
-
with:
|
|
44
|
-
ruby-version: ${{ matrix.ruby }}
|
|
45
|
-
bundler-cache: true
|
|
46
|
-
|
|
47
|
-
- name: ${{ matrix.test_cmd }}
|
|
48
|
-
run: |
|
|
49
|
-
echo "${CMD}"
|
|
50
|
-
bash -c "${CMD}"
|
|
51
|
-
env:
|
|
52
|
-
CMD: ${{ matrix.test_cmd }}
|
|
12
|
+
build:
|
|
13
|
+
uses: rapid7/metasploit-framework/.github/workflows/shared_gem_verify.yml@master
|
data/README.md
CHANGED
data/lib/rex/sslscan/scanner.rb
CHANGED
|
@@ -16,17 +16,20 @@ class Scanner
|
|
|
16
16
|
|
|
17
17
|
attr_reader :supported_versions
|
|
18
18
|
attr_reader :sslv2
|
|
19
|
+
attr_reader :tls_server_name_indication
|
|
19
20
|
|
|
20
21
|
# Initializes the scanner object
|
|
21
22
|
# @param host [String] IP address or hostname to scan
|
|
22
23
|
# @param port [Integer] Port number to scan, default: 443
|
|
23
24
|
# @param timeout [Integer] Timeout for connections, in seconds. default: 5
|
|
25
|
+
# @param tls_server_name_indication [String,nil] TLS Server Name Indication (SNI)
|
|
24
26
|
# @raise [StandardError] Raised when the configuration is invalid
|
|
25
|
-
def initialize(host,port = 443,context = {},timeout=5)
|
|
27
|
+
def initialize(host,port = 443,context = {},timeout=5,tls_server_name_indication: nil)
|
|
26
28
|
@host = host
|
|
27
29
|
@port = port
|
|
28
30
|
@timeout = timeout
|
|
29
31
|
@context = context
|
|
32
|
+
@tls_server_name_indication = tls_server_name_indication
|
|
30
33
|
if check_opensslv2 == true
|
|
31
34
|
@supported_versions = [:SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
|
|
32
35
|
@sslv2 = true
|
|
@@ -55,7 +58,7 @@ class Scanner
|
|
|
55
58
|
scan_result.openssl_sslv2 = sslv2
|
|
56
59
|
# If we can't get any SSL connection, then don't bother testing
|
|
57
60
|
# individual ciphers.
|
|
58
|
-
if test_ssl == :rejected and test_tls == :rejected
|
|
61
|
+
if test_ssl == :rejected and test_tls(versions: supported_tls_versions) == :rejected
|
|
59
62
|
return scan_result
|
|
60
63
|
end
|
|
61
64
|
|
|
@@ -106,24 +109,29 @@ class Scanner
|
|
|
106
109
|
return :accepted
|
|
107
110
|
end
|
|
108
111
|
|
|
109
|
-
def test_tls
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
112
|
+
def test_tls(versions: [:TLSv1])
|
|
113
|
+
supported_version = versions.find do |version|
|
|
114
|
+
begin
|
|
115
|
+
scan_client = Rex::Socket::Tcp.create(
|
|
116
|
+
'Context' => @context,
|
|
117
|
+
'PeerHost' => @host,
|
|
118
|
+
'PeerPort' => @port,
|
|
119
|
+
'PeerHostname' => @tls_server_name_indication,
|
|
120
|
+
'SSL' => true,
|
|
121
|
+
'SSLVersion' => version,
|
|
122
|
+
'Timeout' => @timeout
|
|
123
|
+
)
|
|
124
|
+
version
|
|
125
|
+
rescue ::Exception => e
|
|
126
|
+
nil
|
|
127
|
+
ensure
|
|
128
|
+
if scan_client
|
|
129
|
+
scan_client.close
|
|
130
|
+
end
|
|
124
131
|
end
|
|
125
132
|
end
|
|
126
|
-
|
|
133
|
+
|
|
134
|
+
supported_version ? :accepted : :rejected
|
|
127
135
|
end
|
|
128
136
|
|
|
129
137
|
# Tests the specified SSL Version and Cipher against the configured target
|
|
@@ -137,6 +145,7 @@ class Scanner
|
|
|
137
145
|
'Context' => @context,
|
|
138
146
|
'PeerHost' => @host,
|
|
139
147
|
'PeerPort' => @port,
|
|
148
|
+
'PeerHostname' => @tls_server_name_indication,
|
|
140
149
|
'SSL' => true,
|
|
141
150
|
'SSLVersion' => ssl_version,
|
|
142
151
|
'SSLCipher' => cipher,
|
|
@@ -164,6 +173,7 @@ class Scanner
|
|
|
164
173
|
scan_client = Rex::Socket::Tcp.create(
|
|
165
174
|
'PeerHost' => @host,
|
|
166
175
|
'PeerPort' => @port,
|
|
176
|
+
'PeerHostname' => @tls_server_name_indication,
|
|
167
177
|
'SSL' => true,
|
|
168
178
|
'SSLVersion' => ssl_version,
|
|
169
179
|
'SSLCipher' => cipher,
|
|
@@ -187,6 +197,10 @@ class Scanner
|
|
|
187
197
|
|
|
188
198
|
protected
|
|
189
199
|
|
|
200
|
+
def supported_tls_versions
|
|
201
|
+
@supported_versions.select { |v| v.to_s.start_with?('TLS') }
|
|
202
|
+
end
|
|
203
|
+
|
|
190
204
|
# Validates that the SSL Version and Cipher are valid both seperately and
|
|
191
205
|
# together as part of an SSL Context.
|
|
192
206
|
# @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1)
|
data/lib/rex/sslscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,39 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rex-sslscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Metasploit Hackers
|
|
8
|
+
autorequire:
|
|
8
9
|
bindir: exe
|
|
9
|
-
cert_chain:
|
|
10
|
-
-
|
|
11
|
-
-----BEGIN CERTIFICATE-----
|
|
12
|
-
MIIERDCCAqygAwIBAgIBATANBgkqhkiG9w0BAQsFADAmMSQwIgYDVQQDDBttc2Zk
|
|
13
|
-
ZXYvREM9bWV0YXNwbG9pdC9EQz1jb20wHhcNMjMxMDMwMTYwNDI1WhcNMjUxMDI5
|
|
14
|
-
MTYwNDI1WjAmMSQwIgYDVQQDDBttc2ZkZXYvREM9bWV0YXNwbG9pdC9EQz1jb20w
|
|
15
|
-
ggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDZN/EKv+yVjwiKWvjAVhjF
|
|
16
|
-
aWNYI0E9bJ5d1qKd29omRYX9a+OOKBCu5+394fyF5RjwU4mYGr2iopX9ixRJrWXH
|
|
17
|
-
ojs70tEvV1CmvP9rhz7JKzQQoJOkinrz4d+StIylxVxVdgm7DeiB3ruTwvl7qKUv
|
|
18
|
-
piWzhrBFiVU6XIEAwq6wNEmnv2D+Omyf4h0Tf99hc6G0QmBnU3XydqvnZ+AzUbBV
|
|
19
|
-
24RH3+NQoigLbvK4M5aOeYhk19di58hznebOw6twHzNczshrBeMFQp985ScNgsvF
|
|
20
|
-
rL+7HNNwpcpngERwZfzDNn7iYN5X3cyvTcykShtsuPMa5zXsYo42LZrsTF87DW38
|
|
21
|
-
D8sxL6Dgdqu25Mltdw9m+iD4rHSfb1KJYEoNO+WwBJLO2Y4d6G1CR66tVeWsZspb
|
|
22
|
-
zneOVC+sDuil7hOm+6a7Y2yrrRyT6IfL/07DywjPAIRUp5+Jn8ZrkWRNo2AOwWBG
|
|
23
|
-
k5gz7SfJPHuyVnPlxoMA0MTFCUnnnbyHu882TGoJGgMCAwEAAaN9MHswCQYDVR0T
|
|
24
|
-
BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFIQfNa4E889ZE334cwU7eNu2hScH
|
|
25
|
-
MCAGA1UdEQQZMBeBFW1zZmRldkBtZXRhc3Bsb2l0LmNvbTAgBgNVHRIEGTAXgRVt
|
|
26
|
-
c2ZkZXZAbWV0YXNwbG9pdC5jb20wDQYJKoZIhvcNAQELBQADggGBAMfzvKcV27p7
|
|
27
|
-
pctmpW2JmIXLMrjNLyGJAxELH/t9pJueXdga7uj2fJkYQDbwGw5x4MGyFqhqJLH4
|
|
28
|
-
l/qsUF3PyAXDTSWLVaqXQVWO+IIHxecG0XjPXTNudzMU0hzqbqiBKvsW7/a3V5BP
|
|
29
|
-
SWlFzrFkoXWlPouFpoakyYMJjpW4SGdPzRv7pM4OhXtkXpHiRvx5985FrHgHlI89
|
|
30
|
-
NSIuIUbp8zqk4hP1i9MV0Lc/vTf2gOmo+RHnjqG1NiYfMCYyY/Mcd4W36kGOl468
|
|
31
|
-
I8VDTwgCufkAzFu7BJ5yCOueqtDcuq+d3YhAyU7NI4+Ja8EwazOnB+07sWhKpg7z
|
|
32
|
-
yuQ1mWYPmZfVQpoSVv1CvXsoqJYXVPBBLOacKKSj8ArVG6pPn9Bej7IOQdblaFjl
|
|
33
|
-
DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
|
|
34
|
-
Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
|
|
35
|
-
-----END CERTIFICATE-----
|
|
36
|
-
date: 2025-02-13 00:00:00.000000000 Z
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2025-05-10 00:00:00.000000000 Z
|
|
37
12
|
dependencies:
|
|
38
13
|
- !ruby/object:Gem::Dependency
|
|
39
14
|
name: rake
|
|
@@ -133,6 +108,7 @@ files:
|
|
|
133
108
|
homepage: https://github.com/rapid7/rex-sslscan
|
|
134
109
|
licenses: []
|
|
135
110
|
metadata: {}
|
|
111
|
+
post_install_message:
|
|
136
112
|
rdoc_options: []
|
|
137
113
|
require_paths:
|
|
138
114
|
- lib
|
|
@@ -147,7 +123,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
147
123
|
- !ruby/object:Gem::Version
|
|
148
124
|
version: '0'
|
|
149
125
|
requirements: []
|
|
150
|
-
rubygems_version: 3.
|
|
126
|
+
rubygems_version: 3.4.19
|
|
127
|
+
signing_key:
|
|
151
128
|
specification_version: 4
|
|
152
129
|
summary: Ruby Exploitation(REX) Library for scanning the SSL/TLS capabilities of a
|
|
153
130
|
server
|
checksums.yaml.gz.sig
DELETED
data.tar.gz.sig
DELETED
|
Binary file
|
metadata.gz.sig
DELETED
|
Binary file
|