rex-sslscan 0.1.12 → 0.1.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -0
- data/lib/rex/sslscan/scanner.rb +32 -18
- data/lib/rex/sslscan/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cef4452d76a846d5eba655bd26b54eaf4dc395c460159dbc63513cf2132cc849
|
|
4
|
+
data.tar.gz: 22297a7682033968b7289572fa14744b18c93a7adc5a83f107739741587dc05b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 02dc4ff4d97bf79b3b7a098c010583933d12ab241c9b84929bec7888c90d75a75dbee9e5038b68fea4dbe8236e99e0d2d825067e76ab71cf4a07564a3c3ea9fc
|
|
7
|
+
data.tar.gz: b4678f9fe1770c3374c8601d3bc5d7128edb347b86f424655fb9c93b498f635f6b16507929685e5b555dddfb042076604962347c37095ec0a027820f9faabc6b
|
data/README.md
CHANGED
data/lib/rex/sslscan/scanner.rb
CHANGED
|
@@ -16,17 +16,20 @@ class Scanner
|
|
|
16
16
|
|
|
17
17
|
attr_reader :supported_versions
|
|
18
18
|
attr_reader :sslv2
|
|
19
|
+
attr_reader :tls_server_name_indication
|
|
19
20
|
|
|
20
21
|
# Initializes the scanner object
|
|
21
22
|
# @param host [String] IP address or hostname to scan
|
|
22
23
|
# @param port [Integer] Port number to scan, default: 443
|
|
23
24
|
# @param timeout [Integer] Timeout for connections, in seconds. default: 5
|
|
25
|
+
# @param tls_server_name_indication [String,nil] TLS Server Name Indication (SNI)
|
|
24
26
|
# @raise [StandardError] Raised when the configuration is invalid
|
|
25
|
-
def initialize(host,port = 443,context = {},timeout=5)
|
|
27
|
+
def initialize(host,port = 443,context = {},timeout=5,tls_server_name_indication: nil)
|
|
26
28
|
@host = host
|
|
27
29
|
@port = port
|
|
28
30
|
@timeout = timeout
|
|
29
31
|
@context = context
|
|
32
|
+
@tls_server_name_indication = tls_server_name_indication
|
|
30
33
|
if check_opensslv2 == true
|
|
31
34
|
@supported_versions = [:SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
|
|
32
35
|
@sslv2 = true
|
|
@@ -55,7 +58,7 @@ class Scanner
|
|
|
55
58
|
scan_result.openssl_sslv2 = sslv2
|
|
56
59
|
# If we can't get any SSL connection, then don't bother testing
|
|
57
60
|
# individual ciphers.
|
|
58
|
-
if test_ssl == :rejected and test_tls == :rejected
|
|
61
|
+
if test_ssl == :rejected and test_tls(versions: supported_tls_versions) == :rejected
|
|
59
62
|
return scan_result
|
|
60
63
|
end
|
|
61
64
|
|
|
@@ -106,24 +109,29 @@ class Scanner
|
|
|
106
109
|
return :accepted
|
|
107
110
|
end
|
|
108
111
|
|
|
109
|
-
def test_tls
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
122
|
-
|
|
123
|
-
|
|
112
|
+
def test_tls(versions: [:TLSv1])
|
|
113
|
+
supported_version = versions.find do |version|
|
|
114
|
+
begin
|
|
115
|
+
scan_client = Rex::Socket::Tcp.create(
|
|
116
|
+
'Context' => @context,
|
|
117
|
+
'PeerHost' => @host,
|
|
118
|
+
'PeerPort' => @port,
|
|
119
|
+
'PeerHostname' => @tls_server_name_indication,
|
|
120
|
+
'SSL' => true,
|
|
121
|
+
'SSLVersion' => version,
|
|
122
|
+
'Timeout' => @timeout
|
|
123
|
+
)
|
|
124
|
+
version
|
|
125
|
+
rescue ::Exception => e
|
|
126
|
+
nil
|
|
127
|
+
ensure
|
|
128
|
+
if scan_client
|
|
129
|
+
scan_client.close
|
|
130
|
+
end
|
|
124
131
|
end
|
|
125
132
|
end
|
|
126
|
-
|
|
133
|
+
|
|
134
|
+
supported_version ? :accepted : :rejected
|
|
127
135
|
end
|
|
128
136
|
|
|
129
137
|
# Tests the specified SSL Version and Cipher against the configured target
|
|
@@ -137,6 +145,7 @@ class Scanner
|
|
|
137
145
|
'Context' => @context,
|
|
138
146
|
'PeerHost' => @host,
|
|
139
147
|
'PeerPort' => @port,
|
|
148
|
+
'PeerHostname' => @tls_server_name_indication,
|
|
140
149
|
'SSL' => true,
|
|
141
150
|
'SSLVersion' => ssl_version,
|
|
142
151
|
'SSLCipher' => cipher,
|
|
@@ -164,6 +173,7 @@ class Scanner
|
|
|
164
173
|
scan_client = Rex::Socket::Tcp.create(
|
|
165
174
|
'PeerHost' => @host,
|
|
166
175
|
'PeerPort' => @port,
|
|
176
|
+
'PeerHostname' => @tls_server_name_indication,
|
|
167
177
|
'SSL' => true,
|
|
168
178
|
'SSLVersion' => ssl_version,
|
|
169
179
|
'SSLCipher' => cipher,
|
|
@@ -187,6 +197,10 @@ class Scanner
|
|
|
187
197
|
|
|
188
198
|
protected
|
|
189
199
|
|
|
200
|
+
def supported_tls_versions
|
|
201
|
+
@supported_versions.select { |v| v.to_s.start_with?('TLS') }
|
|
202
|
+
end
|
|
203
|
+
|
|
190
204
|
# Validates that the SSL Version and Cipher are valid both seperately and
|
|
191
205
|
# together as part of an SSL Context.
|
|
192
206
|
# @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1)
|
data/lib/rex/sslscan/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rex-sslscan
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.13
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Metasploit Hackers
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2025-05-
|
|
11
|
+
date: 2025-05-10 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rake
|