sslscan_steps 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5d0dd9e80db7cb94e7db6e9da21cb0cc6a0de83a811df51e5ab6574d20b7614f
+  data.tar.gz: dafaf2277f509417581f4622281d86ad64e88b58d6ea7ccc8479bbf6cea8c79a
+SHA512:
+  metadata.gz: c38bcfc529fe37b6a98c9ab905d3931b6fddb339bf72a04cef143464bdd274cef8639a6299c39139aff6c1db09f7ef4318b44f7b60ab137ff7489ad95de7ab08
+  data.tar.gz: 1df6ec2430ec5475554211ef50fb0d7387edaf4b7ef403ec7591f88f84cff9502844d4cf520a83dae5945393c4c9245fa86e4580e88a0e8bccc770bec6cfced0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+gemspec
+

data/README.md

@@ -0,0 +1,48 @@
+[![Gem Version](https://badge.fury.io/rb/sslscan_steps.svg)](https://badge.fury.io/rb/sslscan_steps)
+
+# sslscan\_steps
+
+sslscan\_steps provides cucumber step definitions for executing
+SSL/TLS protocol scans with the sslscan tool.
+
+ * [rbsec/sslscan at GitHub](https://github.com/rbsec/sslscan)
+
+It uses the sslscan\_wrapper gem for interaction with sslscan.
+
+## Usage
+
+In your Gemfile:
+
+```ruby
+gem 'sslscan_steps'
+```
+
+In your support/env.rb:
+
+```ruby
+require 'sslscan_steps'
+```
+
+Use the steps in your feature files:
+
+```gherkin
+Feature: SSL/TLS protocol parameters
+  To be a responsible site operator my website must support
+  state-of-the-art encryption protocols.
+
+  Scenario: Host must support strong encryption
+    Given the target host for sslscan is markusbenning.de
+    And the target port for sslscan is 443
+    When the sslscan is executed
+    Then the scanned hostname is markusbenning.de
+    Then the scanned host certificate signature algorithm is sha256WithRSAEncryption
+    Then the scanned host certificate is not self-signed
+    Then the scanned host certificate is not expired
+    Then the scanned host is not vulnerable to heartbleed
+    Then the scanned host must support the cipher ECDHE-RSA-AES128-GCM-SHA256
+    Then the scanned host must support sslversion TLSv1.2
+```
+
+## More Examples
+
+See [features/](tree/master/features).

data/Rakefile

@@ -0,0 +1,14 @@
+require 'rake/clean'
+require 'rubygems'
+require 'rubygems/package_task'
+require 'rdoc/task'                                                                       
+
+spec = eval(File.read('sslscan_steps.gemspec'))
+Gem::PackageTask.new(spec) do |pkg|
+end
+
+Rake::RDocTask.new do |rd|
+  rd.rdoc_files.include("lib/**/*.rb","bin/**/*")
+  rd.title = 'Cucumber step definitions for sslscan'
+end                                                                                       
+

data/lib/sslscan_steps/report_steps.rb

@@ -0,0 +1,75 @@
+require 'sslscan_wrapper'
+
+Given /^the sslscan report file is (.*)$/ do |path|
+  @sslscan_filename = path
+end
+
+When /^the sslscan report is read from the file$/ do
+  content = File.read(@sslscan_filename)
+  @sslscan_report = SslscanWrapper::Report.new(content)
+  expect(@sslscan_report).to be_a(SslscanWrapper::Report)
+end
+
+Then /^the scanned hostname is (.*)$/ do |hostname|
+  expect(@sslscan_report.host).to eq(hostname)
+end
+
+Then /^the scanned port is (\d+)$/ do |port|
+  expect(@sslscan_report.port.to_i).to eq(port.to_i)
+end
+
+Then /^the scanned host supports (no )?compression$/ do |negate|
+  expect(@sslscan_report.compression_supported?).to eq(negate.nil? ? true : false)
+end
+
+Then /^the scanned host supports (no )?renegotiation$/ do |negate|
+  expect(@sslscan_report.renegotiation_supported?).to eq(negate.nil? ? true : false)
+end
+
+Then /^the scanned host supports (no )?secure renegotiation$/ do |negate|
+  expect(@sslscan_report.renegotiation_secure?).to eq(negate.nil? ? true : false)
+end
+
+Then /^the scanned host certificate signature algorithm is (.*)$/ do |alg|
+  expect(@sslscan_report.signature_algorithm).to eq(alg)
+end
+
+Then /^the scanned host certificate subject is (.*)$/ do |subject|
+  expect(@sslscan_report.subject).to eq(subject)
+end
+
+Then /^the scanned host certificate subject altnames are (.*)$/ do |altnames|
+  altnames = nil if altnames == 'empty'
+  expect(@sslscan_report.altnames).to eq(altnames)
+end
+
+Then /^the scanned host certificate issuer is (.*)$/ do |issuer|
+  expect(@sslscan_report.issuer).to eq(issuer)
+end
+
+Then /^the scanned host certificate is (not )?self-signed$/ do |negate|
+  expect(@sslscan_report.self_signed?).to eq(negate.nil? ? true : false)
+end
+
+Then /^the scanned host certificate is (not )?expired$/ do |negate|
+  expect(@sslscan_report.expired?).to eq(negate.nil? ? true : false)
+end
+
+Then /^the scanned host is (not )?vulnerable to heartbleed$/ do |negate|
+  expect(@sslscan_report.heartbleed_vulnerable?).to eq(negate.nil? ? true : false)
+end
+
+Then /^the scanned host must (|not )support the cipher (\S+)$/ do |negate,cipher|
+  expect(@sslscan_report.support_cipher?(cipher)).to eq(negate =~ /not/ ? false : true)
+end
+
+Then /^the scanned host must (|not )support ciphers like (.*)$/ do |negate,regex|
+  list = @sslscan_report.ciphers.select do |cipher|
+    cipher.match(regex)
+  end
+  expect(list.count > 0).to eq(negate =~ /not/ ? false : true)
+end
+
+Then /^the scanned host must (|not )support sslversion (\S+)$/ do |negate,sslversion|
+  expect(@sslscan_report.support_sslversion?(sslversion)).to eq(negate =~ /not/ ? false : true)
+end

data/lib/sslscan_steps/scanner_steps.rb

@@ -0,0 +1,31 @@
+require 'sslscan_wrapper'
+
+Given /^the target host for sslscan is (\S+)$/ do |hostname|
+  @sslscan_host = hostname
+end
+
+Given /^the target port for sslscan is (\d+)$/ do |port|
+  @sslscan_port = port
+end
+
+Given /^the option flag (\S+) for sslscan is set$/ do |flag|
+  @sslscan_flags ||= []
+  @sslscan_flags << flag
+end
+
+Given /^the option parameter (\S+) for sslscan is set to (.*)$/ do |option,value|
+  @sslscan_options ||= {}
+  @sslscan_options[option] = value
+end
+
+When /^the sslscan is executed/ do
+  scanner = SslscanWrapper::Scanner.new
+  @sslscan_options.to_h.each do |k,v|
+    scanner.send("#{k}=", v)
+  end
+  @sslscan_flags.to_a.each do |flag|
+    scanner.send("#{flag}=", true)
+  end
+  @sslscan_report = scanner.scan(@sslscan_host, @sslscan_port)
+end
+

data/lib/sslscan_steps.rb

@@ -0,0 +1,2 @@
+require 'sslscan_steps/scanner_steps'
+require 'sslscan_steps/report_steps'

metadata

@@ -0,0 +1,106 @@
+--- !ruby/object:Gem::Specification
+name: sslscan_steps
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Markus Benning
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-04-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aruba
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '12'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '6'
+- !ruby/object:Gem::Dependency
+  name: sslscan_wrapper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email: ich@markusbenning.de
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- README.md
+- Rakefile
+- lib/sslscan_steps.rb
+- lib/sslscan_steps/report_steps.rb
+- lib/sslscan_steps/scanner_steps.rb
+homepage: https://github.com/benningm/sslscan_steps
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.6
+signing_key: 
+specification_version: 4
+summary: Cucumber step file definitions for sslscan
+test_files: []