rex-sslscan 0.1.4 → 0.1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +1 -2
- data.tar.gz.sig +0 -0
- data/Gemfile +3 -0
- data/lib/rex/sslscan.rb +1 -0
- data/lib/rex/sslscan/result.rb +17 -6
- data/lib/rex/sslscan/scanner.rb +24 -7
- data/lib/rex/sslscan/version.rb +1 -1
- data/rex-sslscan.gemspec +1 -0
- metadata +16 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 64e6a97ef539869e079f677c3b394096286e2913
|
4
|
+
data.tar.gz: b5b03d4b04ba4455fa2da9f3125067bc7f96d771
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2f4171a9cc51b961ec1caa294c39512a23552088ba225316c44df6aabf73c07df2153c3754e809e172dd34d23301f7a264a43f757d6eb2f4e503f0b23f31f71c
|
7
|
+
data.tar.gz: 9499756e69163fefc5042fefb23d282e579d4dc79ea8b6fffd43629e530ac7a6b0d6171744e05e4173a1dc98f81249d5768d4581c12c6ffbf47343174ad85162
|
checksums.yaml.gz.sig
CHANGED
@@ -1,2 +1 @@
|
|
1
|
-
��)��
|
2
|
-
"�G��Ȗ\k���B���T�ƣClZ��ƭ�T��N}�:��_��$�T��~�!�:�T�v���n��o�]u_�-��9:8A���u���\6���8�X��L_p'k\��˘T|4��6x�w��n��e&�fM��m�i?oj���������À�_��b��Nw!����m�:e{��m濹���p���N���CL�dz��~,�j+��~ލ���`C�~�//a�Lp hN���
|
1
|
+
p�mֳ��O��z'kl�$N<)87KT�O��%�6XK� e�ܢ�`��_�Cd�ڿ���r䤹�5g�q<Rv2g�B��)�o���8Z��CE���Z�pK�����;����R��J�@>:��#��}݄��ǐnuz����ۑޫ���1�6{���яF��&�G�Uc�ԯ̥`�rX���v86y�����d�z��^,>�ު��bOJ�p8�5������:��Ʈ�1\ɔ\�9��m�HH��o|E�(b�Hp�±~y
|
data.tar.gz.sig
CHANGED
Binary file
|
data/Gemfile
CHANGED
data/lib/rex/sslscan.rb
CHANGED
data/lib/rex/sslscan/result.rb
CHANGED
@@ -15,7 +15,7 @@ class Result
|
|
15
15
|
def initialize()
|
16
16
|
@cert = nil
|
17
17
|
@ciphers = Set.new
|
18
|
-
@supported_versions = [:SSLv2, :SSLv3, :TLSv1]
|
18
|
+
@supported_versions = [:SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
|
19
19
|
@deprecated_weak_ciphers = [
|
20
20
|
'ECDHE-RSA-DES-CBC3-SHA',
|
21
21
|
'ECDHE-ECDSA-DES-CBC3-SHA',
|
@@ -32,7 +32,9 @@ class Result
|
|
32
32
|
'EXP-EDH-DSS-DES-CBC-SHA',
|
33
33
|
'EXP-DES-CBC-SHA',
|
34
34
|
'EXP-RC2-CBC-MD5',
|
35
|
-
'EXP-RC4-MD5'
|
35
|
+
'EXP-RC4-MD5',
|
36
|
+
'EXP-RC4-MD5',
|
37
|
+
'DES-CBC-SHA'
|
36
38
|
]
|
37
39
|
end
|
38
40
|
|
@@ -107,8 +109,16 @@ class Result
|
|
107
109
|
!(accepted(:TLSv1).empty?)
|
108
110
|
end
|
109
111
|
|
112
|
+
def supports_tlsv1_1?
|
113
|
+
!(accepted(:TLSv1_1).empty?)
|
114
|
+
end
|
115
|
+
|
116
|
+
def supports_tlsv1_2?
|
117
|
+
!(accepted(:TLSv1_2).empty?)
|
118
|
+
end
|
119
|
+
|
110
120
|
def supports_ssl?
|
111
|
-
supports_sslv2? or supports_sslv3? or supports_tlsv1?
|
121
|
+
supports_sslv2? or supports_sslv3? or supports_tlsv1? or supports_tlsv1_1? or supports_tlsv1_2?
|
112
122
|
end
|
113
123
|
|
114
124
|
def supports_weak_ciphers?
|
@@ -118,7 +128,9 @@ class Result
|
|
118
128
|
def standards_compliant?
|
119
129
|
if supports_ssl?
|
120
130
|
return false if supports_sslv2?
|
131
|
+
return false if supports_sslv3?
|
121
132
|
return false if supports_weak_ciphers?
|
133
|
+
return false if supports_tlsv1?
|
122
134
|
end
|
123
135
|
true
|
124
136
|
end
|
@@ -132,8 +144,7 @@ class Result
|
|
132
144
|
unless @supported_versions.include? version
|
133
145
|
raise ArgumentError, "Must be a supported SSL Version"
|
134
146
|
end
|
135
|
-
unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include?(cipher)
|
136
|
-
|| @deprecated_weak_ciphers.include?(cipher)
|
147
|
+
unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include?(cipher) || @deprecated_weak_ciphers.include?(cipher)
|
137
148
|
raise ArgumentError, "Must be a valid SSL Cipher for #{version}!"
|
138
149
|
end
|
139
150
|
unless key_length.kind_of? Integer
|
@@ -200,7 +211,7 @@ class Result
|
|
200
211
|
case version
|
201
212
|
when :all
|
202
213
|
return @ciphers.select{|cipher| cipher[:status] == state}
|
203
|
-
when :SSLv2, :SSLv3, :TLSv1
|
214
|
+
when :SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2
|
204
215
|
return @ciphers.select{|cipher| cipher[:status] == state and cipher[:version] == version}
|
205
216
|
else
|
206
217
|
raise ArgumentError, "Invalid SSL Version Supplied: #{version}"
|
data/lib/rex/sslscan/scanner.rb
CHANGED
@@ -6,6 +6,9 @@ module Rex::SSLScan
|
|
6
6
|
|
7
7
|
class Scanner
|
8
8
|
|
9
|
+
class InvalidCipher < StandardError
|
10
|
+
end
|
11
|
+
|
9
12
|
attr_accessor :context
|
10
13
|
attr_accessor :host
|
11
14
|
attr_accessor :port
|
@@ -25,10 +28,10 @@ class Scanner
|
|
25
28
|
@timeout = timeout
|
26
29
|
@context = context
|
27
30
|
if check_opensslv2 == true
|
28
|
-
@supported_versions = [:SSLv2, :SSLv3, :TLSv1]
|
31
|
+
@supported_versions = [:SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
|
29
32
|
@sslv2 = true
|
30
33
|
else
|
31
|
-
@supported_versions = [:SSLv3, :TLSv1]
|
34
|
+
@supported_versions = [:SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
|
32
35
|
@sslv2 = false
|
33
36
|
end
|
34
37
|
raise StandardError, "The scanner configuration is invalid" unless valid?
|
@@ -56,16 +59,30 @@ class Scanner
|
|
56
59
|
return scan_result
|
57
60
|
end
|
58
61
|
|
62
|
+
threads = []
|
63
|
+
ciphers = Queue.new
|
59
64
|
@supported_versions.each do |ssl_version|
|
60
65
|
sslctx = OpenSSL::SSL::SSLContext.new(ssl_version)
|
61
66
|
sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
67
|
+
threads << Thread.new do
|
68
|
+
begin
|
69
|
+
status = test_cipher(ssl_version, cipher_name)
|
70
|
+
ciphers << [ssl_version, cipher_name, key_length, status]
|
71
|
+
if status == :accepted and scan_result.cert.nil?
|
72
|
+
scan_result.cert = get_cert(ssl_version, cipher_name)
|
73
|
+
end
|
74
|
+
rescue Rex::SSLScan::Scanner::InvalidCipher
|
75
|
+
next
|
76
|
+
end
|
66
77
|
end
|
67
78
|
end
|
68
79
|
end
|
80
|
+
threads.each { |thr| thr.join }
|
81
|
+
|
82
|
+
until ciphers.empty? do
|
83
|
+
cipher = ciphers.pop
|
84
|
+
scan_result.add_cipher(*cipher)
|
85
|
+
end
|
69
86
|
scan_result
|
70
87
|
end
|
71
88
|
|
@@ -185,7 +202,7 @@ class Scanner
|
|
185
202
|
raise StandardError, "Your OS hates freedom! Your OpenSSL libs are compiled without SSLv2 support!"
|
186
203
|
else
|
187
204
|
unless OpenSSL::SSL::SSLContext.new(ssl_version).ciphers.flatten.include? cipher
|
188
|
-
raise
|
205
|
+
raise InvalidCipher, "Must be a valid SSL Cipher for #{ssl_version}!"
|
189
206
|
end
|
190
207
|
end
|
191
208
|
end
|
data/lib/rex/sslscan/version.rb
CHANGED
data/rex-sslscan.gemspec
CHANGED
@@ -26,6 +26,7 @@ Gem::Specification.new do |spec|
|
|
26
26
|
spec.add_development_dependency "rake", "~> 10.0"
|
27
27
|
spec.add_development_dependency "rspec", "~> 3.0"
|
28
28
|
|
29
|
+
spec.add_runtime_dependency "rex-core"
|
29
30
|
spec.add_runtime_dependency "rex-text"
|
30
31
|
spec.add_runtime_dependency "rex-socket"
|
31
32
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rex-sslscan
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- David Maloney
|
@@ -88,7 +88,7 @@ cert_chain:
|
|
88
88
|
G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
|
89
89
|
8mVuTXnyJOKRJA==
|
90
90
|
-----END CERTIFICATE-----
|
91
|
-
date: 2017-
|
91
|
+
date: 2017-08-16 00:00:00.000000000 Z
|
92
92
|
dependencies:
|
93
93
|
- !ruby/object:Gem::Dependency
|
94
94
|
name: bundler
|
@@ -132,6 +132,20 @@ dependencies:
|
|
132
132
|
- - "~>"
|
133
133
|
- !ruby/object:Gem::Version
|
134
134
|
version: '3.0'
|
135
|
+
- !ruby/object:Gem::Dependency
|
136
|
+
name: rex-core
|
137
|
+
requirement: !ruby/object:Gem::Requirement
|
138
|
+
requirements:
|
139
|
+
- - ">="
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: '0'
|
142
|
+
type: :runtime
|
143
|
+
prerelease: false
|
144
|
+
version_requirements: !ruby/object:Gem::Requirement
|
145
|
+
requirements:
|
146
|
+
- - ">="
|
147
|
+
- !ruby/object:Gem::Version
|
148
|
+
version: '0'
|
135
149
|
- !ruby/object:Gem::Dependency
|
136
150
|
name: rex-text
|
137
151
|
requirement: !ruby/object:Gem::Requirement
|
metadata.gz.sig
CHANGED
Binary file
|