ruby-sslyze 0.1.0

data/lib/sslyze/key_exchange.rb

@@ -0,0 +1,106 @@
+module SSLyze
+  #
+  # Key exchange information.
+  #
+  class KeyExchange
+
+    #
+    # Initializes the key exchange information.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<keyExchange>` information.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # @return [String]
+    #
+    def a
+      @a ||= @node['A']
+    end
+
+    #
+    # @return [String]
+    #
+    def b
+      @b ||= @node['B']
+    end
+
+    #
+    # @return [Integer]
+    #
+    def cofactor
+      @cofactor ||= @node['Cofactor'].to_i
+    end
+
+    #
+    # @return [String]
+    #
+    def field_type
+      @field_type ||= @node['Field_Type']
+    end
+
+    #
+    # @return [String]
+    #
+    def generator
+      @generator ||= @node['Generator']
+    end
+
+    #
+    # @return [Symbol]
+    #
+    def generator_type
+      @generator ||= @node['GeneratorType'].to_sym
+    end
+
+    #
+    # @return [Integer]
+    #
+    def group_size
+      @group_size ||= @node['GroupSize'].to_i
+    end
+
+    #
+    # @return [String]
+    #
+    def prime
+      @prime ||= @node['Prime']
+    end
+
+    #
+    # @return [String]
+    #
+    def seed
+      @seed ||= @node['Seed']
+    end
+
+    #
+    # @return [:DH, :ECDHE]
+    #
+    def type
+      @type ||= @node['Type'].to_sym
+    end
+
+    #
+    # Determines if DH key exchange was used.
+    #
+    # @return [Boolean]
+    #
+    def dh?
+      type == :DH
+    end
+
+    #
+    # Determines if ECDHE key exchange was used.
+    #
+    # @return [Boolean]
+    #
+    def ecdhe?
+      type == :ECDHE
+    end
+
+  end
+end

data/lib/sslyze/ocsp_response.rb

@@ -0,0 +1,87 @@
+require 'sslyze/types'
+
+require 'time'
+
+module SSLyze
+  #
+  # Represents the `<ocspResponse>` XML element.
+  #
+  class OCSPResponse
+
+    include Types
+
+    #
+    # Initializes the OCSP response.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<ocspResponse>` XML element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # Specifies whether the response was trusted.
+    #
+    # @return [Boolean]
+    #
+    def trusted?
+      Boolean[@node['isTrustedByMozillaCAStore']]
+    end
+
+    #
+    # The response type.
+    #
+    # @return [String]
+    #
+    def type
+      @type ||= @node.at('responseType').inner_text
+    end
+
+    #
+    # The responder ID.
+    #
+    # @return [String]
+    #
+    def responder_id
+      @id ||= @node.at('responderID').inner_text
+    end
+
+    #
+    # The OCSP version.
+    #
+    # @return [Integer]
+    #
+    def version
+      @version ||= @node.at('version').inner_text.to_i
+    end
+
+    #
+    # The response status.
+    #
+    # @return [Symbol]
+    #
+    def status
+      @status ||= @node.at('responseStatus').inner_text.to_sym
+    end
+
+    #
+    # Determines whether the OCSP response was a success.
+    #
+    # @return [Boolean]
+    #
+    def successful?
+      status == :successful
+    end
+
+    #
+    # When the response was produced.
+    #
+    # @return [Time]
+    #
+    def produced_at
+      @produced_at ||= Time.parse(@node.at('producedAt').inner_text)
+    end
+
+  end
+end

data/lib/sslyze/program.rb

@@ -0,0 +1,66 @@
+require 'sslyze/task'
+
+require 'rprogram/program'
+
+module SSLyze
+  #
+  # Represents the `sslyze.py` command line utility.
+  #
+  class Program < RProgram::Program
+
+    name_program 'sslyze.py'
+
+    #
+    # Finds the `sslyze.py` script and runs it.
+    #
+    # @param [Hash{Symbol => Object}] options
+    #   Additional options for `sslyze.py`.
+    #
+    # @param [Hash{Symbol => Object}] exec_options
+    #   Additional exec-options.
+    #
+    # @yield [task]
+    #   If a block is given, it will be passed a task object
+    #   used to specify options for `sslyze.py`.
+    #
+    # @yieldparam [Task] task
+    #   The sslyze task object.
+    #
+    # @return [Boolean]
+    #   Specifies whether the command exited normally.
+    #
+    # @see http://rubydoc.info/gems/rprogram/0.3.0/RProgram/Program#run-instance_method
+    #   For additional exec-options.
+    #
+    def self.analyze(options={},exec_options={},&block)
+      find.analyze(options,exec_options,&block)
+    end
+
+    #
+    # Runs `sslyze.py`.
+    #
+    # @param [Hash{Symbol => Object}] options
+    #   Additional options for `sslyze.py`.
+    #
+    # @param [Hash{Symbol => Object}] exec_options
+    #   Additional exec-options.
+    #
+    # @yield [task]
+    #   If a block is given, it will be passed a task object
+    #   used to specify options for `sslyze.py`.
+    #
+    # @yieldparam [Task] task
+    #   The sslyze task object.
+    #
+    # @return [Boolean]
+    #   Specifies whether the command exited normally.
+    #
+    # @see http://rubydoc.info/gems/rprogram/0.3.0/RProgram/Program#run-instance_method
+    #   For additional exec-options.
+    #
+    def analyze(options={},exec_options={},&block)
+      run_task(Task.new(options,&block),exec_options)
+    end
+
+  end
+end

data/lib/sslyze/protocol.rb

@@ -0,0 +1,133 @@
+require 'sslyze/cipher_suite'
+
+module SSLyze
+  #
+  # Represents the `<sslv2>`, `<sslv3>`, `<tls1>`, `<tls1_1>`, `<tlsv1_2>`
+  # XML elements.
+  #
+  class Protocol
+
+    # SSL protocol name.
+    #
+    # @return [Symbol]
+    attr_reader :name
+
+    #
+    # Initializes the protocol.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The XML element.
+    #
+    def initialize(node)
+      @node = node
+      @name = @node.name.to_sym
+    end
+
+    #
+    # Descriptive title.
+    #
+    # @return [String]
+    #
+    def title
+      @title ||= @node['title']
+    end
+
+    #
+    # @raise [NotImplemnetedError]
+    #
+    # @todo figure out what `<errors />` contains.
+    #
+    def each_error
+      raise(NotImplementedError,"#{__method__} not implemented")
+    end
+
+    #
+    # Enumerates over every rejected cipher suite.
+    #
+    # @yield [cipher_suite]
+    #
+    # @yieldparam [CipherSuite] cipher_suite
+    #
+    # @return [Enumerator]
+    #
+    def each_rejected_cipher_suite
+      return enum_for(__method__) unless block_given?
+
+      @node.search('rejectedCipherSuites/cipherSuite').each do |cipher_suite|
+        yield CipherSuite.new(cipher_suite)
+      end
+    end
+
+    #
+    # The rejected cipher suites.
+    #
+    # @return [Array<CipherSuite>]
+    #
+    def rejected_cipher_suites
+      each_rejected_cipher_suite.to_a
+    end
+
+    #
+    # Enumerates over every accepted cipher suite.
+    #
+    # @yield [cipher_suite]
+    #
+    # @yieldparam [CipherSuite] cipher_suite
+    #
+    # @return [Enumerator]
+    #
+    def each_accepted_cipher_suite
+      return enum_for(__method__) unless block_given?
+
+      @node.search('acceptedCipherSuites/cipherSuite').each do |cipher_suite|
+        yield CipherSuite.new(cipher_suite)
+      end
+    end
+
+    #
+    # The accepted cipher suites.
+    #
+    # @return [Array<CipherSuite>]
+    #
+    def accepted_cipher_suites
+      each_accepted_cipher_suite.to_a
+    end
+
+    #
+    # Enumerates over every preferred cipher suite.
+    #
+    # @yield [cipher_suite]
+    #
+    # @yieldparam [CipherSuite] cipher_suite
+    #
+    # @return [Enumerator]
+    #
+    def each_preferred_cipher_suite
+      return enum_for(__method__) unless block_given?
+
+      @node.search('preferredCipherSuites/cipherSuite').each do |cipher_suite|
+        yield CipherSuite.new(cipher_suite)
+      end
+    end
+
+    #
+    # The preferred cipher suites.
+    #
+    # @return [Array<CipherSuite>]
+    #
+    def preferred_cipher_suites
+      each_preferred_cipher_suite.to_a
+    end
+
+    #
+    # Determines whether the protocol is supported.
+    #
+    # @return [Boolean]
+    #   Specifies whether any cipher suite was accepted.
+    #
+    def supported?
+      each_accepted_cipher_suite.any?
+    end
+
+  end
+end

data/lib/sslyze/target.rb

@@ -0,0 +1,295 @@
+require 'sslyze/types'
+require 'sslyze/cert_info'
+require 'sslyze/protocol'
+
+module SSLyze
+  #
+  # Represents the `<target>` XML element.
+  #
+  class Target
+
+    include Types
+
+    #
+    # Initializes the target.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<target>` XML element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # The host name of the target.
+    #
+    # @return [String]
+    #
+    def host
+      @host ||= @node['host']
+    end
+
+    #
+    # The IP address of the target.
+    #
+    # @return [String]
+    #
+    def ip
+      @ip ||= @node['ip']
+    end
+
+    #
+    # The port number that was scanned.
+    #
+    # @return [Integer]
+    #
+    def port
+      @port ||= @node['port'].to_i
+    end
+
+    #
+    # Certificate information.
+    #
+    # @return [CertInfo, nil]
+    #
+    def cert_info
+      @cert_info ||= if (certinfo = @node.at('certinfo'))
+                       CertInfo.new(certinfo)
+                     end
+    end
+
+    #
+    # Which compression algorithms are supported.
+    #
+    # @return [Hash{Symbol => Boolean}]
+    #   The algorithm name and support status.
+    #
+    def compression
+      unless @compression
+        @compression = {}
+
+        @node.search('compression/compressionMethod').map do |compression|
+          type      = compression['type'].downcase.to_sym
+          supported = Boolean[compression['isSupported']]
+
+          @compression[type] = supported
+        end
+      end
+
+      return @compression
+    end
+
+    #
+    # Specifies whether the service was vulnerable to Heartbleed.
+    #
+    # @return [Boolean, nil]
+    #
+    def heartbleed?
+      if (heartbleed = @node.at('heartbleed/openSslHeartbleed'))
+        Boolean[heartbleed['isVulnerable']]
+      end
+    end
+
+    #
+    # Represents the `<sessionRenegotiation>` XML element.
+    #
+    class SessionRenegotiation < Struct.new(:client_initiated, :secure)
+
+      def client_initiated?
+        client_initiated == true
+      end
+
+      def secure?
+        secure == true
+      end
+
+    end
+
+    #
+    # Specifies whether the service supports Session Renegotiation.
+    #
+    # @return [SessionRenegotiation, nil]
+    # 
+    def session_renegotiation
+      @session_renegotiation ||= (
+        if (sessionRenegotiation = @node.at('reneg/sessionRenegotiation'))
+
+          SessionRenegotiation.new(
+            Boolean[sessionRenegotiation['canBeClientInitiated']],
+            Boolean[sessionRenegotiation['isSecure']]
+          )
+        end
+      )
+    end
+
+    #
+    # SSLv2 protocol information.
+    #
+    # @return [Protocol, nil]
+    #
+    def sslv2
+      @sslv2 ||= if (node = @node.at('sslv2'))
+                   Protocol.new(node)
+                 end
+    end
+
+    #
+    # SSLv3 protocol information.
+    #
+    # @return [Protocol, nil]
+    #
+    def sslv3
+      @sslv3 ||= if (node = @node.at('sslv3'))
+                   Protocol.new(node)
+                 end
+    end
+
+    #
+    # TLSv1 protocol information.
+    #
+    # @return [Protocol, nil]
+    #
+    def tlsv1
+      @tlsv1 ||= if (node = @node.at('tlsv1'))
+                   Protocol.new(node)
+                 end
+    end
+
+    #
+    # TLSv1.1 protocol information.
+    #
+    # @return [Protocol, nil]
+    #
+    def tlsv1_1
+      @tlsv1_1 ||= if (node = @node.at('tlsv1_1'))
+                     Protocol.new(node)
+                   end
+    end
+
+    #
+    # TLSv1.2 protocol information.
+    #
+    # @return [Protocol, nil]
+    #
+    def tlsv1_2
+      @tlsv1_2 ||= if (node = @node.at('tlsv1_2'))
+                     Protocol.new(node)
+                   end
+    end
+
+    #
+    # Iterates over every SSL protocol.
+    #
+    # @yield [protocol]
+    #   The given block will be passed each SSL protocol.
+    #
+    # @yieldparam [Protocol] protocol
+    #   A SSL protocol.
+    #
+    # @return [Enumerator]
+    #   If a no block was given, an Enumerator will be returned.
+    #
+    # @see {#sslv2}, {#sslv3}
+    #
+    def each_ssl_protocol
+      return enum_for(__method__) unless block_given?
+
+      yield sslv2 if sslv2
+      yield sslv3 if sslv3
+    end
+
+    #
+    # All supported SSL protocols.
+    #
+    # @return [Array<Protocol>]
+    #
+    def ssl_protocols
+      each_ssl_protocol.to_a
+    end
+
+    #
+    # Iterates over every TLS protocol.
+    #
+    # @yield [protocol]
+    #   The given block will be passed each TLS protocol.
+    #
+    # @yieldparam [Protocol] protocol
+    #   A TLS protocol.
+    #
+    # @return [Enumerator]
+    #   If a no block was given, an Enumerator will be returned.
+    #
+    # @see {#tlsv1}, {#tlsv1_1}, {#tlsv1_2}
+    #
+    def each_tls_protocol
+      return enum_for(__method__) unless block_given?
+
+      yield tlsv1 if tlsv1
+      yield tlsv1_1 if tlsv1_1
+      yield tlsv1_2 if tlsv1_2
+    end
+
+    #
+    # All supported TLS protocols.
+    #
+    # @return [Array<Protocol>]
+    #
+    def tls_protocols
+      each_tls_protocol.to_a
+    end
+
+    #
+    # Iterates over every SSL/TLS protocol.
+    #
+    # @yield [protocol]
+    #   The given block will be passed each SSL/TLS protocol.
+    #
+    # @yieldparam [Protocol] protocol
+    #   A SSL/TLS protocol.
+    #
+    # @return [Enumerator]
+    #   If a no block was given, an Enumerator will be returned.
+    #
+    # @see {#sslv2}, {#sslv3}, {#tlsv1}, {#tlsv1_1}, {#tlsv1_2}
+    #
+    def each_protocol(&block)
+      return enum_for(__method__) unless block
+
+      each_ssl_protocol(&block)
+      each_tls_protocol(&block)
+    end
+
+    #
+    # All supported SSL/TLS protocols.
+    #
+    # @return [Array<Protocol>]
+    #
+    def protocols
+      each_protocol.to_a
+    end
+
+    #
+    # Convert the target to a String.
+    #
+    # @return [String]
+    #   The host and port.
+    #
+    def to_s
+      "#{host}:#{port}"
+    end
+
+    #
+    # Compares the other target to this target.
+    #
+    # @param [Target] other
+    #   The other target.
+    #
+    # @return [Boolean]
+    #   Whether the other target has the same host and port.
+    #
+    def ==(other)
+      other.kind_of?(self.class) && other.host == host && other.port == port
+    end
+
+  end
+end