sslscan_wrapper 0.0.1 → 0.0.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sslscan_wrapper/report.rb +67 -43
  3. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 17102ec6e6de9081e6b60fd9c8c87b9402a48fbdb9835504e186c72446acc751
4
- data.tar.gz: fd6a13ba469b548cecc3334ef7912602040622591ecc85fe35042487a4e60390
3
+ metadata.gz: 03f023bc03720c2b805c53f8fb96461c9e08f20c004d1ab47a5e7530e37348bd
4
+ data.tar.gz: d54e2450f1ee9807deb1bdf4685a8ba0c8af10fb9d9c2c700cf02bb70e39cd7c
5
5
  SHA512:
6
- metadata.gz: 110da3e2aa079522204b497810c4dd73604ca9a6cc94c87c5f5774b311a35669f89646cbc9fcbfd6b18ca54c258a1a601269a26f77a37c4faebf2e3cd397016d
7
- data.tar.gz: 3561cca8da3ab70d813955657afb89070b27e86467634a58247ccd2feb48356ed03704018d9303c7a6bdf5bd0df4f6b10fa953d04749ec183a327c8c8e5e7468
6
+ metadata.gz: 90dc7681488b7a5ce688521f9e98c1b2447df47b901a50b4a4a3d5052ad2f1199c0759f4ac0ca96d2b09cd246160972a3ac9aed226a4d9991d5ef847c710cc65
7
+ data.tar.gz: d25025101165013b3b9ba08f082f0f837a7b209af464d37b65e6bfdd0c8467ab873871a320fb59f4de77057ab3a8de5bd4d8ea6a5b9e8b182132e68e5f0b0faa
@@ -1,4 +1,5 @@
1
1
  require 'nokogiri'
2
+ require 'openssl'
2
3
  require 'time'
3
4
 
4
5
  module SslscanWrapper
@@ -20,59 +21,72 @@ module SslscanWrapper
20
21
  @doc = Nokogiri::XML(@body)
21
22
  end
22
23
 
23
- # The hostname of the scanned host
24
- def host
25
- @doc.xpath('//ssltest/@host').first.value
24
+ def self.attr_first_value_accessor(name, xpath)
25
+ define_method(name) do
26
+ node = @doc.xpath(xpath).first
27
+ node.value unless node.nil?
28
+ end
26
29
  end
27
30
 
28
- # The port of the scan report
29
- def port
30
- @doc.xpath('//ssltest/@port').first.value
31
+ def self.attr_first_value_boolean_true?(name, xpath)
32
+ define_method(name) do
33
+ node = @doc.xpath(xpath).first
34
+ node.value.to_i == 1 unless node.nil?
35
+ end
31
36
  end
32
37
 
33
- # Is ssl compression supported on target?
34
- def compression_supported?
35
- @doc.xpath('//compression/@supported').first.value == '1'
38
+ def self.content_first_node_accessor(name, xpath)
39
+ define_method(name) do
40
+ node = @doc.xpath(xpath).first
41
+ node.content unless node.nil?
42
+ end
36
43
  end
37
44
 
38
- # Does the target support TLS renegotiation?
39
- def renegotiation_supported?
40
- @doc.xpath('//renegotiation/@supported').first.value == '1'
45
+ def self.content_first_node_boolean_true?(name, xpath)
46
+ define_method(name) do
47
+ node = @doc.xpath(xpath).first
48
+ node.content == 'true' unless node.nil?
49
+ end
41
50
  end
42
51
 
43
- def renegotiation_secure?
44
- @doc.xpath('//renegotiation/@secure').first.value == '1'
52
+ def self.all_attr_values_accessor(name, xpath)
53
+ define_method(name) do
54
+ @doc.xpath(xpath).map(&:value)
55
+ end
45
56
  end
46
57
 
58
+ # The hostname of the scanned host
59
+ attr_first_value_accessor :host, '//ssltest/@host'
60
+
61
+ # The port of the scan report
62
+ attr_first_value_accessor :port, '//ssltest/@port'
63
+
64
+ # Is ssl compression supported on target?
65
+ attr_first_value_boolean_true? :compression_supported?, '//compression/@supported'
66
+
67
+ # Does the target support TLS renegotiation?
68
+ attr_first_value_boolean_true? :renegotiation_supported?, '//renegotiation/@supported'
69
+
70
+ # Is the renegotiation secure?
71
+ attr_first_value_boolean_true? :renegotiation_secure?, '//renegotiation/@secure'
72
+
47
73
  # Signature algorithm used in the certificate
48
- def signature_algorithm
49
- @doc.xpath('//certificate/signature-algorithm').first.content
50
- end
74
+ content_first_node_accessor :signature_algorithm, '//certificate/signature-algorithm'
51
75
 
52
76
  # Subject of the certificate
53
- def subject
54
- @doc.xpath('//certificate/subject').first.content
55
- end
77
+ content_first_node_accessor :subject, '//certificate/subject'
56
78
 
57
79
  # Subject alternative names of the certificate
58
- def altnames
59
- @doc.xpath('//certificate/altnames').first.content
60
- end
80
+ content_first_node_accessor :altnames, '//certificate/altnames'
61
81
 
62
82
  # Issuer of the certificate
63
- def issuer
64
- @doc.xpath('//certificate/issuer').first.content
65
- end
83
+ content_first_node_accessor :issuer, '//certificate/issuer'
66
84
 
67
85
  # Is the certificate a self-signed certificate?
68
- def self_signed?
69
- @doc.xpath('//certificate/self-signed').first.content == 'true'
70
- end
86
+ content_first_node_boolean_true? :self_signed?, '//certificate/self-signed'
71
87
 
72
88
  # Is the certificate expired?
73
- def expired?
74
- @doc.xpath('//certificate/expired').first.content == 'true'
75
- end
89
+ content_first_node_boolean_true? :expired?, '//certificate/expired'
76
90
 
77
91
  # Time the certificate starts to be valid
78
92
  def not_before
@@ -87,28 +101,38 @@ module SslscanWrapper
87
101
  end
88
102
 
89
103
  # Returns a list of supported ciphers
90
- def ciphers
91
- @doc.xpath('//cipher/@cipher').map(&:value)
92
- end
104
+ all_attr_values_accessor :ciphers, '//cipher/@cipher'
93
105
 
94
106
  # Is the cipher supported?
95
- def cipher_supported?(cipher)
96
- @doc.xpath("//cipher[@cipher=\"#{cipher}\"]").count > 0
107
+ def support_cipher?(cipher)
108
+ @doc.xpath("//cipher[@cipher=$cipher]", nil, { cipher: cipher }).count > 0
97
109
  end
98
110
 
99
111
  # Returns a list of preferred ciphers
100
- def preferred_ciphers
101
- @doc.xpath('//cipher[@status="preferred"]/@cipher').map(&:value)
102
- end
112
+ all_attr_values_accessor :preferred_ciphers, '//cipher[@status="preferred"]/@cipher'
103
113
 
104
114
  # Returns a list of SSL/TLS protocol versions vulnerable to heartbleed
105
- def heartbleed_vulnerable_sslversions
106
- @doc.xpath('//heartbleed[@vulnerable="1"]/@sslversion').map(&:value)
107
- end
115
+ all_attr_values_accessor :heartbleed_vulnerable_sslversions, '//heartbleed[@vulnerable="1"]/@sslversion'
108
116
 
109
117
  # Are there any heartblead vulnerable SSL/TLS protocol versions?
110
118
  def heartbleed_vulnerable?
111
119
  @doc.xpath('//heartbleed[@vulnerable="1"]').count > 0
112
120
  end
121
+
122
+ # Returns a list of supported SSL protocol versions
123
+ def sslversions
124
+ @doc.xpath('//cipher/@sslversion').map(&:value).uniq
125
+ end
126
+
127
+ # Check if a SSL protocol version is supported
128
+ def support_sslversion?(version)
129
+ @doc.xpath("//cipher[@sslversion=$version]", nil, { version: version }).count > 0
130
+ end
131
+
132
+ # Return the parsed certificate blob as OpenSSL::X509::Certificate
133
+ def certificate
134
+ node = @doc.xpath('//certificate/certificate-blob').first
135
+ OpenSSL::X509::Certificate.new(node.content) unless node.nil?
136
+ end
113
137
  end
114
138
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sslscan_wrapper
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Markus Benning
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-04-04 00:00:00.000000000 Z
11
+ date: 2018-04-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aruba