ssl_scan 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 50673d3e4606c2493184377cd66f2db894497d6f
+  data.tar.gz: ad1ba5de18c080d1c3a242eee07547be7480a784
+SHA512:
+  metadata.gz: 61212e9922e16b59635a12da8794fb25899a5be0a92b17d70aba9e98be1d535091a06ed47857d19000ef5a95168bc0f3d584612ac0cb59013efb80ba42ce9f3b
+  data.tar.gz: 4392e0d06c46fe83fe2b2f119c830399c746b0f3cc6875f741f882e3ce8b24a2c6f95b1fb035acaeefd98a5ad401cca95819c8e2da3dd558dbd1882f74b38e3b

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in sslscan.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 John Faucett
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,51 @@
+# SSLScan
+
+SSLScan is an extraction of the the sslscan module from the [metasploit-framework](https://github.com/rapid7/metasploit-framework). It provides lower level tools for testing sslv2/3 and tls connections with servers.
+
+However, the sslscan module in metasploit is mainly used for finding weakpoints in SSL armor. What this gem does is adapt some of that functionality to provide ways for the user to debug ssl connections and conversely make ssl connections work - not discover weakpoints. For instance, maybe in your client you are attempting to use SSLv3 to connect to a server and throwing exceptions, you could use this gem to find out that SSLv3 is not supported by the peer and use TLSv1 with the servers preferred cipher instead to allow your client application to still work.
+
+In addition to the goals stated above, this library also provides a pure ruby implementation for [sslscan](http://sourceforge.net/projects/sslscan/), with some added nicities.
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'sslscan'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install sslscan
+
+## Usage
+
+```ruby
+
+require 'ssl_scan'
+scanner = SSLScan::Scanner.new('example.com')
+
+# returns an SSLScan::Result object containing a list of accepted/rejected ciphers, peer_supported ssl versions, etc.
+scanner.scan
+
+# show the ciphers which the server prefers
+scanner.get_preferred_ciphers
+
+# You can also pass a block to the scan function to be able to do things 
+# like write to a socket stream and get some feedback to your users
+# - status can be either accepted or rejected for a particular cipher
+scanner.scan do |ssl_version, cipher, key_length, status, cert|
+  # ...
+end
+```
+
+## Contributing
+
+1. Fork it ( http://github.com/<my-github-username>/sslscan/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/ssl_scan

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+
+$LOAD_PATH.unshift File.expand_path("../../lib", __FILE__)
+require 'ssl_scan/client'

data/lib/ssl_scan/compat.rb

@@ -0,0 +1,388 @@
+# -*- coding: binary -*-
+module SSLScan
+
+###
+#
+# This class provides os-specific functionality
+#
+###
+module Compat
+
+STD_INPUT_HANDLE  = -10
+STD_OUTPUT_HANDLE = -11
+STD_ERROR_HANDLE  = -12
+
+GENERIC_READ    = 0x80000000
+GENERIC_WRITE   = 0x40000000
+GENERIC_EXECUTE = 0x20000000
+
+FILE_SHARE_READ  = 0x00000001
+FILE_SHARE_WRITE = 0x00000002
+OPEN_EXISTING    = 0x00000003
+
+ENABLE_LINE_INPUT = 2
+ENABLE_ECHO_INPUT = 4
+ENABLE_PROCESSED_INPUT = 1
+
+
+
+#
+# Platform detection
+#
+
+@@is_windows = @@is_cygwin = @@is_macosx = @@is_linux = @@is_bsdi = @@is_freebsd = @@is_netbsd = @@is_openbsd = @@is_java = false
+@@loaded_win32api  = false
+@@loaded_tempfile  = false
+@@loaded_fileutils = false
+
+
+def self.is_windows
+  return @@is_windows if @@is_windows
+  @@is_windows = (RUBY_PLATFORM =~ /mswin(32|64)|mingw(32|64)/) ? true : false
+end
+
+def self.is_cygwin
+  return @@is_cygwin if @@is_cygwin
+  @@is_cygwin = (RUBY_PLATFORM =~ /cygwin/) ? true : false
+end
+
+def self.is_macosx
+  return @@is_macosx if @@is_macosx
+  @@is_macosx = (RUBY_PLATFORM =~ /darwin/) ? true : false
+end
+
+def self.is_linux
+  return @@is_linux if @@is_linux
+  @@is_linux = (RUBY_PLATFORM =~ /linux/) ? true : false
+end
+
+def self.is_bsdi
+  return @@is_bsdi if @@is_bsdi
+  @@is_bsdi = (RUBY_PLATFORM =~ /bsdi/i) ? true : false
+end
+
+def self.is_netbsd
+  return @@is_netbsd if @@is_netbsd
+  @@is_netbsd = (RUBY_PLATFORM =~ /netbsd/) ? true : false
+end
+
+def self.is_freebsd
+  return @@is_freebsd if @@is_freebsd
+  @@is_freebsd = (RUBY_PLATFORM =~ /freebsd/) ? true : false
+end
+
+def self.is_openbsd
+  return @@is_openbsd if @@is_openbsd
+  @@is_openbsd = (RUBY_PLATFORM =~ /openbsd/) ? true : false
+end
+
+def self.is_java
+  return @@is_java if @@is_java
+  @@is_java = (RUBY_PLATFORM =~ /java/) ? true : false
+end
+
+def self.is_wow64
+  return false if not is_windows
+  is64 = false
+  begin
+    buff = "\x00" * 4
+    Win32API.new("kernel32","IsWow64Process",['L','P'],'L').call(-1, buff)
+    is64 = (buff.unpack("V")[0]) == 1 ? true : false
+  rescue ::Exception
+  end
+  is64
+end
+
+def self.cygwin_to_win32(path)
+  if(path !~ /^\/cygdrive/)
+    return ::IO.popen("cygpath -w #{path}", "rb").read.strip
+  end
+  dir = path.split("/")
+  dir.shift
+  dir.shift
+  dir[0] = dir[0] + ":"
+  dir.join("\\")
+end
+
+def self.open_file(url='')
+  case RUBY_PLATFORM
+  when /cygwin/
+    path = self.cygwin_to_win32(url)
+    system(["cmd", "cmd"], "/c", "explorer", path)
+  else
+    self.open_browser(url)
+  end
+end
+
+def self.open_browser(url='http://google.com/')
+  case RUBY_PLATFORM
+  when /cygwin/
+    if(url[0,1] == "/")
+      self.open_file(url)
+    end
+    return if not @@loaded_win32api
+    Win32API.new("shell32.dll", "ShellExecute", ["PPPPPL"], "L").call(nil, "open", url, nil, nil, 0)
+  when /mswin32|mingw/
+    return if not @@loaded_win32api
+    Win32API.new("shell32.dll", "ShellExecute", ["PPPPPL"], "L").call(nil, "open", url, nil, nil, 0)
+  when /darwin/
+    system("open #{url}")
+  else
+    # Search through the PATH variable (if it exists) and chose a browser
+    # We are making an assumption about the nature of "PATH" so tread lightly
+    if defined? ENV['PATH']
+      # "xdg-open" is more general than "sensible-browser" and can be useful for lots of
+      # file types -- text files, pcaps, or URLs. It's nearly always
+      # going to use the application the user is expecting. If we're not
+      # on something Debian-based, fall back to likely browsers.
+      ['xdg-open', 'sensible-browser', 'firefox', 'firefox-bin', 'opera', 'konqueror', 'chromium-browser'].each do |browser|
+        ENV['PATH'].split(':').each do |path|
+          # Does the browser exists?
+          if File.exists?("#{path}/#{browser}")
+            system("#{browser} #{url} &")
+            return
+          end
+        end
+      end
+    end
+  end
+end
+
+def self.open_webrtc_browser(url='http://google.com/')
+  found_browser = false
+
+  case RUBY_PLATFORM
+  when /mswin2|mingw|cygwin/
+      paths = [
+        "Google\\Chrome\\Application\\chrome.exe",
+        "Mozilla Firefox\\firefox.exe",
+        "Opera\\launcher.exe"
+      ]
+
+      prog_files = ENV['ProgramFiles']
+      paths = paths.map { |p| "#{prog_files}\\#{p}" }
+
+      # Old chrome path
+      app_data = ENV['APPDATA']
+      paths << "#{app_data}\\Google\\Chrome\\Application\\chrome.exe"
+
+      paths.each do |p|
+        if File.exists?(p)
+          args = (p =~ /chrome\.exe/) ? "--allow-file-access-from-files" : ""
+          system("#{path} #{args} #{url}")
+          found_browser = true
+          break
+        end
+      end
+
+  when /darwin/
+    ['Google Chrome.app', 'Firefox.app'].each do |browser|
+      browser_path = "/Applications/#{browser}"
+      if File.directory?(browser_path)
+        args = (browser_path =~ /Chrome/) ? "--args --allow-file-access-from-files" : ""
+
+        system("open #{url} -a \"#{browser_path}\" #{args} &")
+        found_browser = true
+        break
+      end
+    end
+  else
+    if defined? ENV['PATH']
+      ['chrome', 'chromium', 'firefox', 'opera'].each do |browser|
+        ENV['PATH'].split(':').each do |path|
+          browser_path = "#{path}/#{browser}"
+          if File.exists?(browser_path)
+            args = (browser_path =~ /Chrome/) ? "--allow-file-access-from-files" : ""
+            system("#{browser_path} #{args} #{url} &")
+            found_browser = true
+          end
+        end
+      end
+    end
+  end
+
+  found_browser
+end
+
+def self.open_email(addr)
+  case RUBY_PLATFORM
+  when /mswin32|cygwin/
+    return if not @@loaded_win32api
+    Win32API.new("shell32.dll", "ShellExecute", ["PPPPPL"], "L").call(nil, "open", "mailto:"+addr, nil, nil, 0)
+  when /darwin/
+    system("open mailto:#{addr}")
+  else
+    # ?
+  end
+end
+
+def self.play_sound(path)
+  case RUBY_PLATFORM
+  when /cygwin/
+    path = self.cygwin_to_win32(path)
+    return if not @@loaded_win32api
+    Win32API.new("winmm.dll", "sndPlaySoundA", ["SI"], "I").call(path, 0x20000)
+  when /mswin32/
+    return if not @@loaded_win32api
+    Win32API.new("winmm.dll", "sndPlaySoundA", ["SI"], "I").call(path, 0x20000)
+  when /darwin/
+    system("afplay #{path} >/dev/null 2>&1")
+  else
+    system("aplay #{path} >/dev/null 2>&1")
+  end
+end
+
+def self.getenv(var)
+  if (is_windows and @@loaded_win32api)
+    f = Win32API.new("kernel32", "GetEnvironmentVariable", ["P", "P", "I"], "I")
+    buff = "\x00" * 16384
+    sz = f.call(var, buff, buff.length)
+    return nil if sz == 0
+    buff[0,sz]
+  else
+    ENV[var]
+  end
+end
+
+def self.setenv(var,val)
+  if (is_windows and @@loaded_win32api)
+    f = Win32API.new("kernel32", "SetEnvironmentVariable", ["P", "P"], "I")
+    f.call(var, val + "\x00")
+  else
+    ENV[var]= val
+  end
+end
+
+
+#
+# Obtain the path to our interpreter
+#
+def self.win32_ruby_path
+  return nil if ! (is_windows and @@loaded_win32api)
+  gmh = Win32API.new("kernel32", "GetModuleHandle", ["P"], "L")
+  gmf = Win32API.new("kernel32", "GetModuleFileName", ["LPL"], "L")
+  mod = gmh.call(nil)
+  inf = "\x00" * 1024
+  gmf.call(mod, inf, 1024)
+  inf.unpack("Z*")[0]
+end
+
+#
+# Call WinExec (equiv to system("cmd &"))
+#
+def self.win32_winexec(cmd)
+  return nil if ! (is_windows and @@loaded_win32api)
+  exe = Win32API.new("kernel32", "WinExec", ["PL"], "L")
+  exe.call(cmd, 0)
+end
+
+#
+# Verify the Console2 environment
+#
+def self.win32_console2_verify
+  return nil if ! (is_windows and @@loaded_win32api)
+  buf = "\x00" * 512
+  out = Win32API.new("kernel32", "GetStdHandle", ["L"], "L").call(STD_OUTPUT_HANDLE)
+  res = Win32API.new("kernel32","GetConsoleTitle", ["PL"], "L").call(buf, buf.length-1) rescue 0
+  ( res > 0 and buf.index("Console2 command").nil? ) ? false : true
+end
+
+#
+# Expand a 8.3 path to a full path
+#
+def self.win32_expand_path(path)
+  return nil if ! (is_windows and @@loaded_win32api)
+  glp = Win32API.new('kernel32', 'GetLongPathName', 'PPL', 'L')
+  buf = "\x00" * 260
+  len = glp.call(path, buf, buf.length)
+  buf[0, len]
+end
+
+#
+# Platform independent socket pair
+#
+def self.pipe
+
+  if (! is_windows())
+    # Standard pipes should be fine
+    return ::IO.pipe
+  end
+
+  # Create a socket connection for Windows
+  serv = nil
+  port = 1024
+
+  while (! serv and port < 65535)
+    begin
+      serv = TCPServer.new('127.0.0.1', (port += 1))
+    rescue ::Exception
+    end
+  end
+
+  pipe1 = TCPSocket.new('127.0.0.1', port)
+
+  # Accept the forked child
+  pipe2 = serv.accept
+
+  # Shutdown the server
+  serv.close
+
+  return [pipe1, pipe2]
+end
+
+#
+# Copy a file to a temporary path
+#
+
+def self.temp_copy(path)
+  raise RuntimeError,"missing Tempfile" if not @@loaded_tempfile
+  fd = File.open(path, "rb")
+  tp = Tempfile.new("msftemp")
+  tp.binmode
+  tp.write(fd.read(File.size(path)))
+  tp.close
+  fd.close
+  tp
+end
+
+#
+# Delete an opened temporary file
+#
+
+def self.temp_delete(tp)
+  raise RuntimeError,"missing FileUtils" if not @@loaded_fileutils
+  begin
+    FileUtils.rm(tp.path)
+  rescue
+  end
+end
+
+
+#
+# Initialization
+#
+
+if(is_windows or is_cygwin)
+  begin
+    require "Win32API"
+    @@loaded_win32api = true
+  rescue ::Exception
+  end
+end
+
+begin
+  require "tempfile"
+  @@loaded_tempfile = true
+rescue ::Exception
+end
+
+begin
+  require "fileutils"
+  @@loaded_fileutils = true
+rescue ::Exception
+end
+
+
+
+end
+end