rex-sslscan 0.1.4 → 0.1.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 944b36ec941d7703a1db9c9bf24608fda0e5d1ea
-  data.tar.gz: a5b72f8806f8496bc8eb92a33b72a3411148a679
+  metadata.gz: 64e6a97ef539869e079f677c3b394096286e2913
+  data.tar.gz: b5b03d4b04ba4455fa2da9f3125067bc7f96d771
 SHA512:
-  metadata.gz: 9513fa3626cd8792f1791c2f3f93ddec1aa7d0af1362c482705488357f750d25d9f66e1441ab9be891a733ddd97971d415a3f8d352805a013763e16ac69fb0c8
-  data.tar.gz: 3dc88346570a88ee404720803dd5f10e709af5c05bfb65c3e4bfdb3ed49adc138a0f2d680c12c570e05dead58c604d9e9f9797ee3ee99f2fc6a1a6f78b5cdd55
+  metadata.gz: 2f4171a9cc51b961ec1caa294c39512a23552088ba225316c44df6aabf73c07df2153c3754e809e172dd34d23301f7a264a43f757d6eb2f4e503f0b23f31f71c
+  data.tar.gz: 9499756e69163fefc5042fefb23d282e579d4dc79ea8b6fffd43629e530ac7a6b0d6171744e05e4173a1dc98f81249d5768d4581c12c6ffbf47343174ad85162

checksums.yaml.gz.sig

@@ -1,2 +1 @@
-��)��
-"
�G��Ȗ\k���B���T�ƣClZ��ƭ�T��N}�:��_��$�T��~�!�:�T�v���n��o�]u_�-��9:8A���u���\6���8�X��L_p'k\��˘T|4��6x�w��n��e&�fM��m�i?oj���������À�_��b��Nw!����m�:e{��m濹���p���N���CL�dz�
�~,�j+��~ލ���
`C�~�//a�Lp hN���
+p�mֳ��O��z'kl�$N<)87KT�O��%�6XK� e�ܢ�`��_�Cd�ڿ���r䤹�5g�q<Rv2g�B��)�o���8Z��CE���Z�pK����
�;����R��J�@>:��#��}݄��ǐnuz����ۑޫ���1�6{���яF��&�G�Uc�ԯ̥`�rX���v86y�����d�z��^,>�ު��bOJ�p8�5������:��Ʈ�1\ɔ\�9��m�HH��o|E�(b�Hp�±~y

data/Gemfile

@@ -2,3 +2,6 @@ source 'https://rubygems.org'
 
 # Specify your gem's dependencies in rex-sslscan.gemspec
 gemspec
+
+
+gem 'pry'

data/lib/rex/sslscan.rb

@@ -1,3 +1,4 @@
+require 'rex/core'
 require "rex/sslscan/version"
 require 'rex/sslscan/scanner'
 require 'rex/sslscan/version'

data/lib/rex/sslscan/result.rb

@@ -15,7 +15,7 @@ class Result
   def initialize()
     @cert = nil
     @ciphers = Set.new
-    @supported_versions = [:SSLv2, :SSLv3, :TLSv1]
+    @supported_versions = [:SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
     @deprecated_weak_ciphers = [
       'ECDHE-RSA-DES-CBC3-SHA',
       'ECDHE-ECDSA-DES-CBC3-SHA',
@@ -32,7 +32,9 @@ class Result
       'EXP-EDH-DSS-DES-CBC-SHA',
       'EXP-DES-CBC-SHA',
       'EXP-RC2-CBC-MD5',
-      'EXP-RC4-MD5'
+      'EXP-RC4-MD5',
+      'EXP-RC4-MD5',
+      'DES-CBC-SHA'
     ]
   end
 
@@ -107,8 +109,16 @@ class Result
     !(accepted(:TLSv1).empty?)
   end
 
+  def supports_tlsv1_1?
+    !(accepted(:TLSv1_1).empty?)
+  end
+
+  def supports_tlsv1_2?
+    !(accepted(:TLSv1_2).empty?)
+  end
+
   def supports_ssl?
-    supports_sslv2? or supports_sslv3? or supports_tlsv1?
+    supports_sslv2? or supports_sslv3? or supports_tlsv1? or supports_tlsv1_1? or supports_tlsv1_2?
   end
 
   def supports_weak_ciphers?
@@ -118,7 +128,9 @@ class Result
   def standards_compliant?
     if supports_ssl?
       return false if supports_sslv2?
+      return false if supports_sslv3?
       return false if supports_weak_ciphers?
+      return false if supports_tlsv1?
     end
     true
   end
@@ -132,8 +144,7 @@ class Result
     unless @supported_versions.include? version
       raise ArgumentError, "Must be a supported SSL Version"
     end
-    unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include?(cipher) \
-        || @deprecated_weak_ciphers.include?(cipher)
+    unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include?(cipher) || @deprecated_weak_ciphers.include?(cipher)
       raise ArgumentError, "Must be a valid SSL Cipher for #{version}!"
     end
     unless key_length.kind_of? Integer
@@ -200,7 +211,7 @@ class Result
       case version
       when :all
         return @ciphers.select{|cipher| cipher[:status] == state}
-      when :SSLv2, :SSLv3, :TLSv1
+      when :SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2
         return @ciphers.select{|cipher| cipher[:status] == state and cipher[:version] == version}
       else
         raise ArgumentError, "Invalid SSL Version Supplied: #{version}"

data/lib/rex/sslscan/scanner.rb

@@ -6,6 +6,9 @@ module Rex::SSLScan
 
 class Scanner
 
+  class InvalidCipher < StandardError
+  end
+
   attr_accessor :context
   attr_accessor :host
   attr_accessor :port
@@ -25,10 +28,10 @@ class Scanner
     @timeout    = timeout
     @context    = context
     if check_opensslv2 == true
-      @supported_versions = [:SSLv2, :SSLv3, :TLSv1]
+      @supported_versions = [:SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
       @sslv2 = true
     else
-      @supported_versions = [:SSLv3, :TLSv1]
+      @supported_versions = [:SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
       @sslv2 = false
     end
     raise StandardError, "The scanner configuration is invalid" unless valid?
@@ -56,16 +59,30 @@ class Scanner
       return scan_result
     end
 
+    threads = []
+    ciphers = Queue.new
     @supported_versions.each do |ssl_version|
       sslctx = OpenSSL::SSL::SSLContext.new(ssl_version)
       sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length|
-        status = test_cipher(ssl_version, cipher_name)
-        scan_result.add_cipher(ssl_version, cipher_name, key_length, status)
-        if status == :accepted and scan_result.cert.nil?
-          scan_result.cert = get_cert(ssl_version, cipher_name)
+        threads << Thread.new do
+          begin
+            status = test_cipher(ssl_version, cipher_name)
+            ciphers << [ssl_version, cipher_name, key_length, status]
+            if status == :accepted and scan_result.cert.nil?
+              scan_result.cert = get_cert(ssl_version, cipher_name)
+            end
+          rescue Rex::SSLScan::Scanner::InvalidCipher
+            next
+          end
         end
       end
     end
+    threads.each { |thr| thr.join }
+
+    until ciphers.empty? do
+      cipher = ciphers.pop
+      scan_result.add_cipher(*cipher)
+    end
     scan_result
   end
 
@@ -185,7 +202,7 @@ class Scanner
       raise StandardError, "Your OS hates freedom! Your OpenSSL libs are compiled without SSLv2 support!"
     else
       unless OpenSSL::SSL::SSLContext.new(ssl_version).ciphers.flatten.include? cipher
-        raise StandardError, "Must be a valid SSL Cipher for #{ssl_version}!"
+        raise InvalidCipher, "Must be a valid SSL Cipher for #{ssl_version}!"
       end
     end
   end

data/lib/rex/sslscan/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Sslscan
-    VERSION = "0.1.4"
+    VERSION = "0.1.5"
   end
 end

data/rex-sslscan.gemspec

@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
 
+  spec.add_runtime_dependency "rex-core"
   spec.add_runtime_dependency "rex-text"
   spec.add_runtime_dependency "rex-socket"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-sslscan
 version: !ruby/object:Gem::Version
-  version: 0.1.4
+  version: 0.1.5
 platform: ruby
 authors:
 - David Maloney
@@ -88,7 +88,7 @@ cert_chain:
   G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
   8mVuTXnyJOKRJA==
   -----END CERTIFICATE-----
-date: 2017-05-11 00:00:00.000000000 Z
+date: 2017-08-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -132,6 +132,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rex-core
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rex-text
   requirement: !ruby/object:Gem::Requirement