sslscan_wrapper 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/sslscan_wrapper/report.rb +67 -43
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 03f023bc03720c2b805c53f8fb96461c9e08f20c004d1ab47a5e7530e37348bd
|
|
4
|
+
data.tar.gz: d54e2450f1ee9807deb1bdf4685a8ba0c8af10fb9d9c2c700cf02bb70e39cd7c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 90dc7681488b7a5ce688521f9e98c1b2447df47b901a50b4a4a3d5052ad2f1199c0759f4ac0ca96d2b09cd246160972a3ac9aed226a4d9991d5ef847c710cc65
|
|
7
|
+
data.tar.gz: d25025101165013b3b9ba08f082f0f837a7b209af464d37b65e6bfdd0c8467ab873871a320fb59f4de77057ab3a8de5bd4d8ea6a5b9e8b182132e68e5f0b0faa
|
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
require 'nokogiri'
|
|
2
|
+
require 'openssl'
|
|
2
3
|
require 'time'
|
|
3
4
|
|
|
4
5
|
module SslscanWrapper
|
|
@@ -20,59 +21,72 @@ module SslscanWrapper
|
|
|
20
21
|
@doc = Nokogiri::XML(@body)
|
|
21
22
|
end
|
|
22
23
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
def self.attr_first_value_accessor(name, xpath)
|
|
25
|
+
define_method(name) do
|
|
26
|
+
node = @doc.xpath(xpath).first
|
|
27
|
+
node.value unless node.nil?
|
|
28
|
+
end
|
|
26
29
|
end
|
|
27
30
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
+
def self.attr_first_value_boolean_true?(name, xpath)
|
|
32
|
+
define_method(name) do
|
|
33
|
+
node = @doc.xpath(xpath).first
|
|
34
|
+
node.value.to_i == 1 unless node.nil?
|
|
35
|
+
end
|
|
31
36
|
end
|
|
32
37
|
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
38
|
+
def self.content_first_node_accessor(name, xpath)
|
|
39
|
+
define_method(name) do
|
|
40
|
+
node = @doc.xpath(xpath).first
|
|
41
|
+
node.content unless node.nil?
|
|
42
|
+
end
|
|
36
43
|
end
|
|
37
44
|
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
45
|
+
def self.content_first_node_boolean_true?(name, xpath)
|
|
46
|
+
define_method(name) do
|
|
47
|
+
node = @doc.xpath(xpath).first
|
|
48
|
+
node.content == 'true' unless node.nil?
|
|
49
|
+
end
|
|
41
50
|
end
|
|
42
51
|
|
|
43
|
-
def
|
|
44
|
-
|
|
52
|
+
def self.all_attr_values_accessor(name, xpath)
|
|
53
|
+
define_method(name) do
|
|
54
|
+
@doc.xpath(xpath).map(&:value)
|
|
55
|
+
end
|
|
45
56
|
end
|
|
46
57
|
|
|
58
|
+
# The hostname of the scanned host
|
|
59
|
+
attr_first_value_accessor :host, '//ssltest/@host'
|
|
60
|
+
|
|
61
|
+
# The port of the scan report
|
|
62
|
+
attr_first_value_accessor :port, '//ssltest/@port'
|
|
63
|
+
|
|
64
|
+
# Is ssl compression supported on target?
|
|
65
|
+
attr_first_value_boolean_true? :compression_supported?, '//compression/@supported'
|
|
66
|
+
|
|
67
|
+
# Does the target support TLS renegotiation?
|
|
68
|
+
attr_first_value_boolean_true? :renegotiation_supported?, '//renegotiation/@supported'
|
|
69
|
+
|
|
70
|
+
# Is the renegotiation secure?
|
|
71
|
+
attr_first_value_boolean_true? :renegotiation_secure?, '//renegotiation/@secure'
|
|
72
|
+
|
|
47
73
|
# Signature algorithm used in the certificate
|
|
48
|
-
|
|
49
|
-
@doc.xpath('//certificate/signature-algorithm').first.content
|
|
50
|
-
end
|
|
74
|
+
content_first_node_accessor :signature_algorithm, '//certificate/signature-algorithm'
|
|
51
75
|
|
|
52
76
|
# Subject of the certificate
|
|
53
|
-
|
|
54
|
-
@doc.xpath('//certificate/subject').first.content
|
|
55
|
-
end
|
|
77
|
+
content_first_node_accessor :subject, '//certificate/subject'
|
|
56
78
|
|
|
57
79
|
# Subject alternative names of the certificate
|
|
58
|
-
|
|
59
|
-
@doc.xpath('//certificate/altnames').first.content
|
|
60
|
-
end
|
|
80
|
+
content_first_node_accessor :altnames, '//certificate/altnames'
|
|
61
81
|
|
|
62
82
|
# Issuer of the certificate
|
|
63
|
-
|
|
64
|
-
@doc.xpath('//certificate/issuer').first.content
|
|
65
|
-
end
|
|
83
|
+
content_first_node_accessor :issuer, '//certificate/issuer'
|
|
66
84
|
|
|
67
85
|
# Is the certificate a self-signed certificate?
|
|
68
|
-
|
|
69
|
-
@doc.xpath('//certificate/self-signed').first.content == 'true'
|
|
70
|
-
end
|
|
86
|
+
content_first_node_boolean_true? :self_signed?, '//certificate/self-signed'
|
|
71
87
|
|
|
72
88
|
# Is the certificate expired?
|
|
73
|
-
|
|
74
|
-
@doc.xpath('//certificate/expired').first.content == 'true'
|
|
75
|
-
end
|
|
89
|
+
content_first_node_boolean_true? :expired?, '//certificate/expired'
|
|
76
90
|
|
|
77
91
|
# Time the certificate starts to be valid
|
|
78
92
|
def not_before
|
|
@@ -87,28 +101,38 @@ module SslscanWrapper
|
|
|
87
101
|
end
|
|
88
102
|
|
|
89
103
|
# Returns a list of supported ciphers
|
|
90
|
-
|
|
91
|
-
@doc.xpath('//cipher/@cipher').map(&:value)
|
|
92
|
-
end
|
|
104
|
+
all_attr_values_accessor :ciphers, '//cipher/@cipher'
|
|
93
105
|
|
|
94
106
|
# Is the cipher supported?
|
|
95
|
-
def
|
|
96
|
-
@doc.xpath("//cipher[@cipher
|
|
107
|
+
def support_cipher?(cipher)
|
|
108
|
+
@doc.xpath("//cipher[@cipher=$cipher]", nil, { cipher: cipher }).count > 0
|
|
97
109
|
end
|
|
98
110
|
|
|
99
111
|
# Returns a list of preferred ciphers
|
|
100
|
-
|
|
101
|
-
@doc.xpath('//cipher[@status="preferred"]/@cipher').map(&:value)
|
|
102
|
-
end
|
|
112
|
+
all_attr_values_accessor :preferred_ciphers, '//cipher[@status="preferred"]/@cipher'
|
|
103
113
|
|
|
104
114
|
# Returns a list of SSL/TLS protocol versions vulnerable to heartbleed
|
|
105
|
-
|
|
106
|
-
@doc.xpath('//heartbleed[@vulnerable="1"]/@sslversion').map(&:value)
|
|
107
|
-
end
|
|
115
|
+
all_attr_values_accessor :heartbleed_vulnerable_sslversions, '//heartbleed[@vulnerable="1"]/@sslversion'
|
|
108
116
|
|
|
109
117
|
# Are there any heartblead vulnerable SSL/TLS protocol versions?
|
|
110
118
|
def heartbleed_vulnerable?
|
|
111
119
|
@doc.xpath('//heartbleed[@vulnerable="1"]').count > 0
|
|
112
120
|
end
|
|
121
|
+
|
|
122
|
+
# Returns a list of supported SSL protocol versions
|
|
123
|
+
def sslversions
|
|
124
|
+
@doc.xpath('//cipher/@sslversion').map(&:value).uniq
|
|
125
|
+
end
|
|
126
|
+
|
|
127
|
+
# Check if a SSL protocol version is supported
|
|
128
|
+
def support_sslversion?(version)
|
|
129
|
+
@doc.xpath("//cipher[@sslversion=$version]", nil, { version: version }).count > 0
|
|
130
|
+
end
|
|
131
|
+
|
|
132
|
+
# Return the parsed certificate blob as OpenSSL::X509::Certificate
|
|
133
|
+
def certificate
|
|
134
|
+
node = @doc.xpath('//certificate/certificate-blob').first
|
|
135
|
+
OpenSSL::X509::Certificate.new(node.content) unless node.nil?
|
|
136
|
+
end
|
|
113
137
|
end
|
|
114
138
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: sslscan_wrapper
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Markus Benning
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-04-
|
|
11
|
+
date: 2018-04-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aruba
|