sslscan_wrapper 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/sslscan_wrapper/report.rb +67 -43
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 03f023bc03720c2b805c53f8fb96461c9e08f20c004d1ab47a5e7530e37348bd
|
|
4
|
+
data.tar.gz: d54e2450f1ee9807deb1bdf4685a8ba0c8af10fb9d9c2c700cf02bb70e39cd7c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 90dc7681488b7a5ce688521f9e98c1b2447df47b901a50b4a4a3d5052ad2f1199c0759f4ac0ca96d2b09cd246160972a3ac9aed226a4d9991d5ef847c710cc65
|
|
7
|
+
data.tar.gz: d25025101165013b3b9ba08f082f0f837a7b209af464d37b65e6bfdd0c8467ab873871a320fb59f4de77057ab3a8de5bd4d8ea6a5b9e8b182132e68e5f0b0faa
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'nokogiri'
|
|
2
|
+
require 'openssl'
|
|
2
3
|
require 'time'
|
|
3
4
|
|
|
4
5
|
module SslscanWrapper
|
|
@@ -20,59 +21,72 @@ module SslscanWrapper
|
|
|
20
21
|
@doc = Nokogiri::XML(@body)
|
|
21
22
|
end
|
|
22
23
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
def self.attr_first_value_accessor(name, xpath)
|
|
25
|
+
define_method(name) do
|
|
26
|
+
node = @doc.xpath(xpath).first
|
|
27
|
+
node.value unless node.nil?
|
|
28
|
+
end
|
|
26
29
|
end
|
|
27
30
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
+
def self.attr_first_value_boolean_true?(name, xpath)
|
|
32
|
+
define_method(name) do
|
|
33
|
+
node = @doc.xpath(xpath).first
|
|
34
|
+
node.value.to_i == 1 unless node.nil?
|
|
35
|
+
end
|
|
31
36
|
end
|
|
32
37
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
38
|
+
def self.content_first_node_accessor(name, xpath)
|
|
39
|
+
define_method(name) do
|
|
40
|
+
node = @doc.xpath(xpath).first
|
|
41
|
+
node.content unless node.nil?
|
|
42
|
+
end
|
|
36
43
|
end
|
|
37
44
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
45
|
+
def self.content_first_node_boolean_true?(name, xpath)
|
|
46
|
+
define_method(name) do
|
|
47
|
+
node = @doc.xpath(xpath).first
|
|
48
|
+
node.content == 'true' unless node.nil?
|
|
49
|
+
end
|
|
41
50
|
end
|
|
42
51
|
|
|
43
|
-
def
|
|
44
|
-
|
|
52
|
+
def self.all_attr_values_accessor(name, xpath)
|
|
53
|
+
define_method(name) do
|
|
54
|
+
@doc.xpath(xpath).map(&:value)
|
|
55
|
+
end
|
|
45
56
|
end
|
|
46
57
|
|
|
58
|
+
# The hostname of the scanned host
|
|
59
|
+
attr_first_value_accessor :host, '//ssltest/@host'
|
|
60
|
+
|
|
61
|
+
# The port of the scan report
|
|
62
|
+
attr_first_value_accessor :port, '//ssltest/@port'
|
|
63
|
+
|
|
64
|
+
# Is ssl compression supported on target?
|
|
65
|
+
attr_first_value_boolean_true? :compression_supported?, '//compression/@supported'
|
|
66
|
+
|
|
67
|
+
# Does the target support TLS renegotiation?
|
|
68
|
+
attr_first_value_boolean_true? :renegotiation_supported?, '//renegotiation/@supported'
|
|
69
|
+
|
|
70
|
+
# Is the renegotiation secure?
|
|
71
|
+
attr_first_value_boolean_true? :renegotiation_secure?, '//renegotiation/@secure'
|
|
72
|
+
|
|
47
73
|
# Signature algorithm used in the certificate
|
|
48
|
-
|
|
49
|
-
@doc.xpath('//certificate/signature-algorithm').first.content
|
|
50
|
-
end
|
|
74
|
+
content_first_node_accessor :signature_algorithm, '//certificate/signature-algorithm'
|
|
51
75
|
|
|
52
76
|
# Subject of the certificate
|
|
53
|
-
|
|
54
|
-
@doc.xpath('//certificate/subject').first.content
|
|
55
|
-
end
|
|
77
|
+
content_first_node_accessor :subject, '//certificate/subject'
|
|
56
78
|
|
|
57
79
|
# Subject alternative names of the certificate
|
|
58
|
-
|
|
59
|
-
@doc.xpath('//certificate/altnames').first.content
|
|
60
|
-
end
|
|
80
|
+
content_first_node_accessor :altnames, '//certificate/altnames'
|
|
61
81
|
|
|
62
82
|
# Issuer of the certificate
|
|
63
|
-
|
|
64
|
-
@doc.xpath('//certificate/issuer').first.content
|
|
65
|
-
end
|
|
83
|
+
content_first_node_accessor :issuer, '//certificate/issuer'
|
|
66
84
|
|
|
67
85
|
# Is the certificate a self-signed certificate?
|
|
68
|
-
|
|
69
|
-
@doc.xpath('//certificate/self-signed').first.content == 'true'
|
|
70
|
-
end
|
|
86
|
+
content_first_node_boolean_true? :self_signed?, '//certificate/self-signed'
|
|
71
87
|
|
|
72
88
|
# Is the certificate expired?
|
|
73
|
-
|
|
74
|
-
@doc.xpath('//certificate/expired').first.content == 'true'
|
|
75
|
-
end
|
|
89
|
+
content_first_node_boolean_true? :expired?, '//certificate/expired'
|
|
76
90
|
|
|
77
91
|
# Time the certificate starts to be valid
|
|
78
92
|
def not_before
|
|
@@ -87,28 +101,38 @@ module SslscanWrapper
|
|
|
87
101
|
end
|
|
88
102
|
|
|
89
103
|
# Returns a list of supported ciphers
|
|
90
|
-
|
|
91
|
-
@doc.xpath('//cipher/@cipher').map(&:value)
|
|
92
|
-
end
|
|
104
|
+
all_attr_values_accessor :ciphers, '//cipher/@cipher'
|
|
93
105
|
|
|
94
106
|
# Is the cipher supported?
|
|
95
|
-
def
|
|
96
|
-
@doc.xpath("//cipher[@cipher
|
|
107
|
+
def support_cipher?(cipher)
|
|
108
|
+
@doc.xpath("//cipher[@cipher=$cipher]", nil, { cipher: cipher }).count > 0
|
|
97
109
|
end
|
|
98
110
|
|
|
99
111
|
# Returns a list of preferred ciphers
|
|
100
|
-
|
|
101
|
-
@doc.xpath('//cipher[@status="preferred"]/@cipher').map(&:value)
|
|
102
|
-
end
|
|
112
|
+
all_attr_values_accessor :preferred_ciphers, '//cipher[@status="preferred"]/@cipher'
|
|
103
113
|
|
|
104
114
|
# Returns a list of SSL/TLS protocol versions vulnerable to heartbleed
|
|
105
|
-
|
|
106
|
-
@doc.xpath('//heartbleed[@vulnerable="1"]/@sslversion').map(&:value)
|
|
107
|
-
end
|
|
115
|
+
all_attr_values_accessor :heartbleed_vulnerable_sslversions, '//heartbleed[@vulnerable="1"]/@sslversion'
|
|
108
116
|
|
|
109
117
|
# Are there any heartblead vulnerable SSL/TLS protocol versions?
|
|
110
118
|
def heartbleed_vulnerable?
|
|
111
119
|
@doc.xpath('//heartbleed[@vulnerable="1"]').count > 0
|
|
112
120
|
end
|
|
121
|
+
|
|
122
|
+
# Returns a list of supported SSL protocol versions
|
|
123
|
+
def sslversions
|
|
124
|
+
@doc.xpath('//cipher/@sslversion').map(&:value).uniq
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# Check if a SSL protocol version is supported
|
|
128
|
+
def support_sslversion?(version)
|
|
129
|
+
@doc.xpath("//cipher[@sslversion=$version]", nil, { version: version }).count > 0
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
# Return the parsed certificate blob as OpenSSL::X509::Certificate
|
|
133
|
+
def certificate
|
|
134
|
+
node = @doc.xpath('//certificate/certificate-blob').first
|
|
135
|
+
OpenSSL::X509::Certificate.new(node.content) unless node.nil?
|
|
136
|
+
end
|
|
113
137
|
end
|
|
114
138
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sslscan_wrapper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Markus Benning
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04-
|
|
11
|
+
date: 2018-04-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aruba
|