ssl_scan 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 50673d3e4606c2493184377cd66f2db894497d6f
-  data.tar.gz: ad1ba5de18c080d1c3a242eee07547be7480a784
+  metadata.gz: ee1b01a1ed01a07e0c4f9bdadf2629fba62cec7c
+  data.tar.gz: 7baa900e8e512ac129a19672dc6011ee6611e522
 SHA512:
-  metadata.gz: 61212e9922e16b59635a12da8794fb25899a5be0a92b17d70aba9e98be1d535091a06ed47857d19000ef5a95168bc0f3d584612ac0cb59013efb80ba42ce9f3b
-  data.tar.gz: 4392e0d06c46fe83fe2b2f119c830399c746b0f3cc6875f741f882e3ce8b24a2c6f95b1fb035acaeefd98a5ad401cca95819c8e2da3dd558dbd1882f74b38e3b
+  metadata.gz: c9bef799b8620cf82a8b3b1ac388a5ad74a752b3c0e0c434eacc13740261b9f870ab4a4d91f5d76f5860499b421e069689ff56516da4b8648ebe98f5bc4973ae
+  data.tar.gz: 56c3419bfbd31b857b3b1594c7f8877f74952bca6fe9374e8e86a35da98869256d02ef78673a974caffa2bf2fe4fd2f4512ce7b615bf720fe99be56f39c01611

data/bin/ssl_scan

@@ -1,4 +1,17 @@
 #!/usr/bin/env ruby
 
 $LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
-require 'ssl_scan/client'
+require 'ssl_scan/main'
+
+
+# register interrupt handlers
+trap("TERM") do
+  exit(1)
+end
+
+trap("QUIT") do
+  exit(1)
+end
+
+app = SSLScan::Main.new
+app.run(ARGV.length, ARGV)

data/lib/ssl_scan/commands/command.rb

@@ -0,0 +1,31 @@
+module SSLScan
+  module Commands
+    class Command
+      attr_accessor :results, :options
+
+      def initialize
+        @results = []
+      end
+
+      def execute
+        raise "Implement"
+      end
+
+      # Display Methods
+      def display_header(host, port=443)
+        printf "\nTesting SSL server #{host} on port #{port}"
+      end
+
+      def display_ciphers(scanner=nil)
+        printf "\nSupported Server Cipher(s):\n"
+        scanner.scan do |ssl_version, cipher_name, alg_length, status|
+          unless options.no_failed && status == :failed
+            printf "%12s %10s %10s %s\n", status, ssl_version, "#{alg_length} bits",  cipher_name
+          end
+        end
+        scanner
+      end
+
+    end
+  end
+end

data/lib/ssl_scan/commands/host.rb

@@ -0,0 +1,27 @@
+module SSLScan
+  module Commands
+    class Host < Command
+      attr_accessor :hostname, :options
+
+      def initialize(hostname, options)
+        super()
+        @hostname = hostname
+        @options  = options
+      end
+
+      def execute
+        parts = hostname.split(":")
+        if parts.length == 2
+          display_header(parts[0], parts[1])
+          scanner = SSLScan::Scanner.new(parts[0], parts[1].to_i)
+        else
+          display_header(parts[0])
+          scanner = SSLScan::Scanner.new(parts[0])
+        end
+        display_ciphers(scanner)
+        @results << scanner.results
+      end
+
+    end # Host
+  end # Commands
+end # SSLScan

data/lib/ssl_scan/commands/only_certain_ssl.rb

@@ -0,0 +1,13 @@
+module SSLScan
+  module Commands
+    class OnlyCertainSSL < Command
+
+      attr_accessor :results, :sslv2, :sslv3, :tlsv1
+
+      def initialize(opts={})
+        super()
+      end
+
+    end # OnlyCertainSSL
+  end # Commands
+end # SSLScan

data/lib/ssl_scan/commands/targets.rb

@@ -0,0 +1,31 @@
+module SSLScan
+  module Commands
+    class Targets < Command
+
+      attr_accessor :file, :hosts
+
+      def initialize(filename="", options)
+        super()
+        @file = File.read(filename)
+        @hosts = @file.split("\n").map(&:strip).select { |h| h.length > 0 }
+        @options = options
+      end
+
+      def execute
+        hosts.each do |host|
+          parts = host.split(":")
+          if parts.length == 2
+            display_header(parts[0], parts[1])
+            scanner = SSLScan::Scanner.new(parts[0], parts[1].to_i)
+          else
+            display_header(host)
+            scanner = SSLScan::Scanner.new(parts[0])
+          end
+          display_ciphers(scanner)
+          @results << scanner.results
+        end
+      end
+
+    end
+  end
+end

data/lib/ssl_scan/main.rb

@@ -0,0 +1,157 @@
+require "ssl_scan/compat"
+require "ssl_scan/version"
+require "ssl_scan/scanner"
+require "ssl_scan/result"
+require "openssl"
+require "optparse"
+require "ostruct"
+
+require "ssl_scan/commands/command"
+require "ssl_scan/commands/targets"
+require "ssl_scan/commands/only_certain_ssl"
+require "ssl_scan/commands/host"
+
+module SSLScan
+  class Main
+
+    EXIT_SUCCESS = 0
+    EXIT_FAILURE = 1
+
+    WEBSITE   = "https://www.testcloud.de"
+    COPYRIGHT = "Copyright (C) John Faucett #{Time.now.year}"
+
+    attr_accessor :options
+
+    def main(argc, argv)
+      @options = self.class.parse_options(argv)
+
+      if options.file
+        command = SSLScan::Commands::Targets.new(options.file)
+        command.execute
+      else
+        valid = true
+        port  = 443
+        error_msg = "Host invalid"
+        begin
+          host = argv.last
+          if !host
+            error_msg = "Host not given"
+            valid = false
+          else
+            host_parts = host.split(":")
+            host = host_parts.first
+            port = host_parts.last.to_i if host_parts.last != host
+            ::Socket.gethostbyname(host)
+          end
+        rescue ::SocketError => ex
+          error_msg = ex.message
+          valid = false
+        end
+
+        unless valid
+          printf("Error: %s\n", error_msg)
+          exit(EXIT_FAILURE)
+        end
+
+        if (options.only_ssl2 || options.only_ssl3 || options.only_tls1 )
+          command = SSLScan::Commands::OnlyCertainSSL.new(options)
+          command.execute
+        else
+          command = SSLScan::Commands::Host.new(argv.last)
+          command.execute
+        end
+      end
+
+      show_certificate(command.results.first.cert)
+    end
+
+    alias_method :run, :main
+
+    def self.show_version_info
+      printf("ssl_scan version %s\n%s\n%s\n", VERSION::STRING, WEBSITE, COPYRIGHT)
+    end
+
+    def show_certificate(cert)
+      printf("SSL Certificate:\n")
+      printf("  Version: %d\n", cert.version)
+      printf("  Serial Number: %s\n", cert.serial.to_s(16))
+      printf("  Signature Algorithm: %s\n", cert.signature_algorithm)
+      printf("  Issuer: %s\n", cert.issuer.to_s)
+      printf("  Not valid before: %s\n", cert.not_before.to_s)
+      printf("  Not valid after: %s\n", cert.not_after.to_s)
+      printf("  Subject: %s\n", cert.subject.to_s)
+      printf("  %s", cert.public_key.to_text)
+
+      # TODO: Implement extensions (see: cert.extensions)
+    end
+
+    def self.parse_options(args)
+      options = OpenStruct.new
+      options.file = false
+      options.no_failed = false
+      options.only_ssl2 = false
+      options.only_ssl3 = false
+      options.only_tls1 = false
+
+      opts = OptionParser.new do |opts|
+        opts.banner = "Command: ssl_scan [options] [host:port | host]"
+
+        opts.separator ""
+        opts.separator "Options:"
+
+        # File containing list of hosts to check
+        opts.on( "-t", 
+                 "--targets FILE",
+                 "A file containing a list of hosts to check with syntax ( host | host:port).") do |filename|
+          options.file = filename
+        end
+
+        # List only accepted ciphers
+        opts.on( "--no-failed",
+                 "List only accepted ciphers.") do
+          options.no_failed = true
+        end
+
+        opts.on( "--ssl2",
+                 "Only check SSLv2 ciphers.") do
+          options.only_ssl2 = true
+        end
+
+        opts.on( "--ssl3",
+                 "Only check SSLv3 ciphers.") do
+          options.only_ssl3 = true
+        end
+
+        opts.on( "--tls1",
+                 "Only check TLSv1 ciphers.") do
+          options.only_tls1 = true
+        end
+
+        opts.on( "-d",
+                 "--debug",
+                 "Print any SSL errors to stderr.") do
+          OpenSSL.debug = true
+        end
+
+        opts.on_tail( "-h",
+                      "--help",
+                      "Display the help text you are now reading.") do
+          puts opts
+          exit(EXIT_SUCCESS)
+        end
+
+        opts.on_tail( "-v",
+                      "--version",
+                      "Display the program version.") do
+          show_version_info
+          exit(EXIT_SUCCESS)
+        end
+
+      end
+
+      opts.parse!(args)
+      options.freeze
+    end
+
+  end
+end

data/lib/ssl_scan/scanner.rb

@@ -12,6 +12,7 @@ class Scanner
 
   attr_reader :supported_versions
   attr_reader :peer_supported_versions
+  attr_reader :results
   attr_reader :sslv2
 
   # Initializes the scanner object
@@ -70,7 +71,7 @@ class Scanner
         end
 
         if block_given?
-          yield(ssl_version, cipher_name, key_length, status, scan_result.cert)
+          yield(ssl_version, cipher_name, alg_length, status, scan_result.cert)
         end
         
       end
@@ -80,6 +81,7 @@ class Scanner
       psv << :SSLv3 if scan_result.supports_sslv3?
       psv << :TLSv1 if scan_result.supports_tlsv1?
     end
+    @results = scan_result
     scan_result
   end
 
@@ -164,7 +166,11 @@ class Scanner
         'Timeout'    => @timeout
       )
     rescue ::Exception => e
-      return :rejected
+      if e.kind_of?(Errno::ECONNRESET)
+        return :failed
+      else
+        return :rejected
+      end
     ensure
       if scan_client
         scan_client.close

data/lib/ssl_scan/version.rb

@@ -2,7 +2,7 @@ module SSLScan
   module VERSION
     MAJOR = 0
     MINOR = 0
-    PATCH = 1
+    PATCH = 2
 
     STRING = [MAJOR,MINOR,PATCH].join('.')
   end

data/lib/ssl_scan.rb

@@ -5,7 +5,6 @@ require "ssl_scan/version"
 require "ssl_scan/compat"
 require "ssl_scan/scanner"
 require "ssl_scan/result"
-require "ssl_scan/client"
 
 module SSLScan
 end

data/sslscan.gemspec

@@ -10,7 +10,7 @@ Gem::Specification.new do |spec|
   spec.email         = ["jwaterfaucett@gmail.com"]
   spec.summary       = %q{Ruby SSL Scanner}
   spec.description   = %q{An SSL Scanner Library and Utility in pure Ruby}
-  spec.homepage      = ""
+  spec.homepage      = "https://github.com/jwaterfaucett/ssl_scan"
   spec.license       = "MIT"
 
   spec.files         = `git ls-files -z`.split("\x0")

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssl_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - John Faucett
@@ -53,7 +53,10 @@ files:
 - Rakefile
 - bin/ssl_scan
 - lib/ssl_scan.rb
-- lib/ssl_scan/client.rb
+- lib/ssl_scan/commands/command.rb
+- lib/ssl_scan/commands/host.rb
+- lib/ssl_scan/commands/only_certain_ssl.rb
+- lib/ssl_scan/commands/targets.rb
 - lib/ssl_scan/compat.rb
 - lib/ssl_scan/exceptions.rb
 - lib/ssl_scan/io/bidirectional_pipe.rb
@@ -62,6 +65,7 @@ files:
 - lib/ssl_scan/io/stream.rb
 - lib/ssl_scan/io/stream_abstraction.rb
 - lib/ssl_scan/io/stream_server.rb
+- lib/ssl_scan/main.rb
 - lib/ssl_scan/result.rb
 - lib/ssl_scan/scanner.rb
 - lib/ssl_scan/socket.rb
@@ -80,7 +84,7 @@ files:
 - lib/ssl_scan/sync/thread_safe.rb
 - lib/ssl_scan/version.rb
 - sslscan.gemspec
-homepage: ''
+homepage: https://github.com/jwaterfaucett/ssl_scan
 licenses:
 - MIT
 metadata: {}