ssl_scan 0.0.5 → 0.0.6

data/lib/ssl_scan.rb

@@ -4,6 +4,7 @@ require "openssl"
 require "ssl_scan/version"
 require "ssl_scan/compat"
 require "ssl_scan/result"
+require "ssl_scan/util"
 require "timeout"
 require "thread"
 require "ssl_scan/sync/thread_safe"

data/lib/ssl_scan/commands/command.rb

@@ -1,9 +1,8 @@
-require "stringio"
-
 module SSLScan
   module Commands
     class Command
       attr_accessor :results, :options, :stream, :errors
+      include FastGettext::Translation
 
       def initialize(results=[], stream=nil)
         @results = results
@@ -17,11 +16,11 @@ module SSLScan
 
       # Display Methods
       def write_header(host, port=443)
-        stream.printf "\nTesting SSL server #{host} on port #{port}"
+        stream.printf _("\nTesting SSL server %{host} on port %{port}\n") % { host: host, port: port }
       end
 
       def write_preferred_ciphers(scanner)
-        stream.printf("\nServer Preferred Cipher(s)\n")
+        stream.printf _("\nServer Preferred Cipher(s)\n")
         ciphers = scanner.get_preferred_ciphers
         ciphers.each do |c|
           if c.length > 1 && !c[1].empty?
@@ -32,7 +31,7 @@ module SSLScan
       end
 
       def write_ciphers(scanner=nil)
-        stream.printf "\nSupported Server Cipher(s):\n"
+        stream.printf _("\nSupported Server Cipher(s):\n")
 
         sslv = options.only_ssl2 || options.only_ssl3 || options.only_tls1 || false
         

data/lib/ssl_scan/commands/host.rb

@@ -29,9 +29,14 @@ module SSLScan
           write_header(parts[0])
         end
 
-        write_ciphers(scanner)
-        write_preferred_ciphers(scanner)
-        @results << scanner.results
+        if options.only_cert
+          scanner.get_first_valid_cert
+          @results << scanner.results
+        else
+          write_ciphers(scanner)
+          write_preferred_ciphers(scanner)
+          @results << scanner.results
+        end
       end
 
     end # Host

data/lib/ssl_scan/compat.rb

@@ -56,6 +56,10 @@ def self.is_linux
   @@is_linux = (RUBY_PLATFORM =~ /linux/) ? true : false
 end
 
+def self.is_debian
+  return self.is_linux && File.exists?('/etc/debian_version')
+end
+
 def self.is_bsdi
   return @@is_bsdi if @@is_bsdi
   @@is_bsdi = (RUBY_PLATFORM =~ /bsdi/i) ? true : false

data/lib/ssl_scan/main.rb

@@ -1,11 +1,7 @@
-# require "ssl_scan/compat"
-# require "ssl_scan/version"
-# require "ssl_scan/scanner"
-# require "ssl_scan/result"
-
 require "ssl_scan/version"
 require "ssl_scan/compat"
 require "ssl_scan/result"
+require "ssl_scan/util"
 require "timeout"
 require "thread"
 require "ssl_scan/sync/thread_safe"
@@ -18,19 +14,42 @@ require "ssl_scan/scanner"
 require "openssl"
 require "optparse"
 require "ostruct"
+require "fast_gettext"
 
 require "ssl_scan/commands/command"
 require "ssl_scan/commands/host"
 
+# 
+# Setup Translations
+# 
+FastGettext.add_text_domain('ssl_scan', path: File.join(SSLScan::Util::ROOT, 'locale'))
+FastGettext.text_domain = 'ssl_scan'
+FastGettext.available_locales = ['en', 'de']
+active_locale = "en"
+['LC_ALL', 'LANG', 'LANGUAGE'].each do |env_lang|
+  lang = ENV[env_lang]
+  if lang
+    lang = lang[0..1]
+    if FastGettext.available_locales.include?(lang)
+      active_locale = lang
+      break
+    end
+  end
+end
+FastGettext.locale = active_locale
+
+
 module SSLScan
   class Main
 
+    include FastGettext::Translation
+
     EXIT_SUCCESS = 0
     EXIT_FAILURE = 1
 
-    SYNTAX    = "ssl_scan [Options] [host:port | host]"
+    SYNTAX    = _("ssl_scan [Options] [host:port | host]")
     WEBSITE   = "https://www.testcloud.de"
-    COPYRIGHT = "Copyright (C) John Faucett #{Time.now.year}"
+    COPYRIGHT = _("Copyright (C) John Faucett %{year}") % { year: Time.now.year }
 
     BANNER =<<EOH
         _                    
@@ -47,10 +66,10 @@ EOH
     def check_host(host, die_on_fail=true)
       valid = true
       port  = 443
-      error_msg = "Host invalid"
+      error_msg = _("Host invalid")
       begin
         if !host
-          error_msg = "Host not given"
+          error_msg = _("Host not given")
           valid = false
         else
           host_parts = host.split(":")
@@ -64,7 +83,7 @@ EOH
       end
 
       unless valid
-        printf("Error: %s\n", error_msg)
+        printf _("Error: %{error}\n") % { error: error_msg }
         exit(EXIT_FAILURE) unless !die_on_fail
       end
       return valid
@@ -106,7 +125,7 @@ EOH
     alias_method :run, :main
 
     def self.version_info
-      sprintf("ssl_scan version %s\n%s\n%s\n", VERSION::STRING, WEBSITE, COPYRIGHT)
+      _("ssl_scan version %{version}\n%{web}\n%{copy}\n") % { version: VERSION::STRING, web: WEBSITE, copy: COPYRIGHT}
     end
 
     def show_results(host, results)
@@ -114,13 +133,18 @@ EOH
       unless result_set.empty?
         result_set.each do |result|
           show_certificate(result.cert)
+
+          # TODO: Implement certificate verification
+          printf _("Verify Certificate:")
+          printf _("  NOT IMPLEMENTED")
+          printf("\n")
         end
       end
     end
 
     def show_certificate(cert)
-      printf("SSL Certificate:\n")
-      printf("  Version: %d\n", cert.version)
+      printf _("SSL Certificate:\n")
+      printf _("  Version: %{version}\n") % { version: cert.version }
       printf("  Serial Number: %s\n", cert.serial.to_s(16))
       printf("  Signature Algorithm: %s\n", cert.signature_algorithm)
       printf("  Issuer: %s\n", cert.issuer.to_s)
@@ -129,7 +153,34 @@ EOH
       printf("  Subject: %s\n", cert.subject.to_s)
       printf("  %s", cert.public_key.to_text)
 
-      # TODO: Implement extensions (see: cert.extensions)
+      unless cert.extensions.empty?
+        puts _("X509v3 Extensions:")
+        cert.extensions.each do |extension|
+          case extension.oid
+          when 'keyUsage'
+            puts _("  X509v3 Key Usage: critical") if extension.critical?
+          when 'certificatePolicies'
+            puts _("  X509v3 Certificate Policies:")
+          when 'subjectAltName'
+            puts _("  X509v3 Subject Alternative Name:")
+          when 'basicConstraints'
+            puts _("  X509v3 Basic Constraints:")
+          when 'extendedKeyUsage'
+            puts _("  X509v3 Extended Key Usage:")
+          when 'crlDistributionPoints'
+            puts _("  X509v3 CRL Distribution Points:")
+          when 'authorityInfoAccess'
+            puts _("  Authority Information Access:")
+          when 'subjectKeyIdentifier'
+            puts _("  X509v3 Subject Key Identifier:")
+          when 'authorityKeyIdentifier'
+            puts _("  X509v3 Authority Key Identifier:")
+          else
+            puts extension.oid
+          end
+          puts _("    %{value}") % { value: extension.value }
+        end
+      end
     end
 
     def show_command_errors(host, errors)
@@ -143,6 +194,7 @@ EOH
       options.only_ssl2 = false
       options.only_ssl3 = false
       options.only_tls1 = false
+      options.only_cert = false
 
       opts = OptionParser.new do |opts|
         opts.banner = sprintf("%s%s", BANNER, version_info)
@@ -155,8 +207,8 @@ EOH
 
         # File containing list of hosts to check
         opts.on( "-t", 
-                 "--targets FILE",
-                 "A file containing a list of hosts to check with syntax ( host | host:port).") do |filename|
+                 _("--targets FILE"),
+                 _("A file containing a list of hosts to check with syntax ( host | host:port).")) do |filename|
           options.file = filename
         end
 
@@ -181,6 +233,12 @@ EOH
           options.only_tls1 = :TLSv1
         end
 
+        opts.on( "-c",
+                 "--cert",
+                 "Only get the server certificate") do
+          options.only_cert = true
+        end
+
         opts.on( "-d",
                  "--debug",
                  "Print any SSL errors to stderr.") do

data/lib/ssl_scan/result.rb

@@ -7,10 +7,12 @@ module SSLScan
 
     attr_reader :ciphers
     attr_reader :supported_versions
+    attr_reader :peer_verified
 
     def initialize()
       @cert = nil
       @ciphers = Set.new
+      @peer_verified = false
       @supported_versions = [:SSLv2, :SSLv3, :TLSv1]
     end
 

data/lib/ssl_scan/scanner.rb

@@ -88,8 +88,9 @@ class Scanner
       return scan_result
     end
 
-      sslctx = OpenSSL::SSL::SSLContext.new(ssl_version)
-      sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length|
+    sslctx = OpenSSL::SSL::SSLContext.new(ssl_version)
+    sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length|
+
       status = test_cipher(ssl_version, cipher_name)
       scan_result.add_cipher(ssl_version, cipher_name, key_length, status)
       if status == :accepted and scan_result.cert.nil?
@@ -121,6 +122,10 @@ class Scanner
           'Timeout'    => @timeout
         )
         ssl_versions[ssl_version] = scan_client.cipher
+
+        if scan_client
+          scan_client.close
+        end
       rescue => ex
         ssl_versions.delete(ssl_version)
       end
@@ -128,6 +133,36 @@ class Scanner
     ssl_versions
   end
 
+
+  def get_first_valid_cert
+    scan_result = SSLScan::Result.new
+    scan_result.openssl_sslv2 = sslv2
+    @supported_versions.each do |ssl_version|
+      begin
+        scan_client = SSLScan::Socket::Tcp.create(
+          'Context'    => @context,
+          'PeerHost'   => @host,
+          'PeerPort'   => @port,
+          'SSL'        => true,
+          'SSLVersion' => ssl_version,
+          'Timeout'    => @timeout
+        )
+        cipher_name = scan_client.cipher[0]
+        key_length  = scan_client.cipher[3]
+        status = test_cipher(ssl_version, cipher_name)
+        scan_result.add_cipher(ssl_version, cipher_name, key_length, status)
+        if status == :accepted and scan_result.cert.nil?
+          scan_result.cert = get_cert(ssl_version, cipher_name)
+          break
+        end
+      rescue => ex
+        # noop
+      end
+    end
+    @results = scan_result
+    scan_result
+  end
+
   def test_ssl
     begin
       scan_client = SSLScan::Socket::Tcp.create(

data/lib/ssl_scan/util.rb

@@ -0,0 +1,7 @@
+module SSLScan
+  module Util
+
+    ROOT = File.expand_path("../../../", __FILE__)
+
+  end
+end

data/lib/ssl_scan/version.rb

@@ -2,7 +2,7 @@ module SSLScan
   module VERSION
     MAJOR = 0
     MINOR = 0
-    PATCH = 5
+    PATCH = 6
 
     STRING = [MAJOR,MINOR,PATCH].join('.')
   end

data/locale/de/ssl_scan.po

@@ -0,0 +1,46 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2014 John Faucett
+# This file is distributed under the same license as the app package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: ssl_scan 0.0.5\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2013-09-29 17:49-0700\n"
+"PO-Revision-Date: 2013-09-29 17:49-0700\n"
+"Last-Translator: John Faucett <jwaterfaucett@gmail.com>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+msgid "Host invalid"
+msgstr "Host ungültig"
+
+msgid "Error: %{error}\n"
+msgstr "Fehler: %{error}\n"
+
+msgid "Host not given"
+msgstr "Host wurde nicht angegeben"
+
+msgid "ssl_scan [Options] [host:port | host]"
+msgstr "ssl_scan [Optionen] [host:port | host]"
+
+msgid "Copyright (C) John Faucett %{year}"
+msgstr "Copyright (C) John Faucett %{year}"
+
+msgid "SSL Certificate:\n"
+msgstr "SSL Zertifikat:\n"
+
+msgid "  Version: %{version}\n"
+msgstr "  Version: %{version}\n"
+
+msgid "A file containing a list of hosts to check with syntax ( host | host:port)."
+msgstr "Eine Datei die eine Liste der zu überprüfenden Hosts enthält ( host | host:port)."
+
+msgid "--targets FILE"
+msgstr "--targets DATEI"

data/locale/en/ssl_scan.po

@@ -0,0 +1,34 @@
+# SOME DESCRIPTIVE TITLE.
+# Copyright (C) 2014 John Faucett
+# This file is distributed under the same license as the app package.
+# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: ssl_scan 0.0.5\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2013-09-29 17:49-0700\n"
+"PO-Revision-Date: 2013-09-29 17:49-0700\n"
+"Last-Translator: John Faucett <jwaterfaucett@gmail.com>\n"
+"Language-Team: LANGUAGE <LL@li.org>\n"
+"Language: \n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=INTEGER; plural=EXPRESSION;\n"
+
+msgid "Host invalid"
+msgstr "Host invalid"
+
+msgid "Error: %{error}\n"
+msgstr "Error: %{error}\n"
+
+msgid "Host not given"
+msgstr "Host not given"
+
+msgid "ssl_scan [Options] [host:port | host]"
+msgstr "ssl_scan [Options] [host:port | host]"
+
+msgid "Copyright (C) John Faucett %{year}"
+msgstr "Copyright (C) John Faucett %{year}"

data/sslscan.gemspec

@@ -18,7 +18,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
+  spec.add_runtime_dependency "fast_gettext", "~> 0.8"
+
   spec.add_development_dependency "bundler", "~> 1.5"
   spec.add_development_dependency "rake"
-  spec.add_development_dependency "rspec", "~> 3.0.0"
+  spec.add_development_dependency "rspec", "~> 3.0"
+  spec.add_development_dependency "gettext"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ssl_scan
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - John Faucett
@@ -10,6 +10,20 @@ bindir: bin
 cert_chain: []
 date: 2014-06-05 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: fast_gettext
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.8'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -44,14 +58,28 @@ dependencies:
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: gettext
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: An SSL Scanner Library and Utility in pure Ruby
 email:
 - jwaterfaucett@gmail.com
@@ -67,6 +95,7 @@ files:
 - README.md
 - Rakefile
 - bin/ssl_scan
+- data/cacert.pem
 - lib/ssl_scan.rb
 - lib/ssl_scan/commands/command.rb
 - lib/ssl_scan/commands/host.rb
@@ -95,7 +124,12 @@ files:
 - lib/ssl_scan/socket/tcp_server.rb
 - lib/ssl_scan/socket/udp.rb
 - lib/ssl_scan/sync/thread_safe.rb
+- lib/ssl_scan/util.rb
 - lib/ssl_scan/version.rb
+- locale/de/LC_MESSAGES/ssl_scan.mo
+- locale/de/ssl_scan.po
+- locale/en/LC_MESSAGES/ssl_scan.mo
+- locale/en/ssl_scan.po
 - spec/lib/ssl_scan/scanner_spec.rb
 - spec/spec_helper.rb
 - sslscan.gemspec