tls-map 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/tls-map +1 -2
- data/lib/tls_map/app/extractor/extractor.rb +52 -3
- data/lib/tls_map/app/iana.rb +1 -1
- data/lib/tls_map/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9a5e60ee77231b59e8aaa082690fc1db2b7d9f8b48947bb11a0cfdbb2085758c
|
4
|
+
data.tar.gz: 6e5b46e91409a47d069cca537cb443757838ba4477de1c60ebd1afcb11b76cfd
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 566a759275f83244886d4491f1e5689b544f2dc8a70ad0effb1b88fa920657fe74289759a693b85050dd1ba68ccf48763aa55ab780d588bdaef199bcabd9ed07
|
7
|
+
data.tar.gz: 9d6854c4656b2ea9c6a27b16cf6a37d28d67784abb7da90c9af9fbe8b888357d84a76fd9c2a316678536fb561758c26246207011dd9350fef5c5f1c3cd808c67
|
data/bin/tls-map
CHANGED
@@ -2,7 +2,6 @@
|
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
# Ruby internal
|
5
|
-
require 'pp'
|
6
5
|
# Project internal
|
7
6
|
require 'tls_map'
|
8
7
|
require 'tls_map/cli/cli'
|
@@ -42,7 +41,7 @@ doc = <<~DOCOPT
|
|
42
41
|
|
43
42
|
Extract options: (offline) extract ciphers from external tools output file
|
44
43
|
<filename> The external tool output file
|
45
|
-
<format> Supported formats: sslyze, sslscan2, testssl, ssllabs-scan (check the documentation for the expected file format)
|
44
|
+
<format> Supported formats: sslyze, sslscan2, testssl, ssllabs-scan, tlsx (check the documentation for the expected file format)
|
46
45
|
--only-weak Show only ciphers with a security level equal to weak or insecure (hide secure and recommended) (work only with TLS not SSL).
|
47
46
|
--hide-weak Hide ciphers with a security level equal to weak or insecure (show only secure and recommended) (work only with TLS not SSL).
|
48
47
|
|
@@ -12,11 +12,13 @@ module TLSmap
|
|
12
12
|
# External tools output data extractor
|
13
13
|
#
|
14
14
|
# Output files from [SSLyze][1] (JSON), [sslscan2][2] (XML), [testssl.sh][3] (JSON), [ssllabs-scan][4] (JSON)
|
15
|
+
# , [tlsx][5] (JSON)
|
15
16
|
#
|
16
17
|
# [1]:https://github.com/nabla-c0d3/sslyze
|
17
18
|
# [2]:https://github.com/rbsec/sslscan
|
18
19
|
# [3]:https://github.com/drwetter/testssl.sh
|
19
20
|
# [4]:https://github.com/ssllabs/ssllabs-scan
|
21
|
+
# [5]:https://github.com/projectdiscovery/tlsx
|
20
22
|
#
|
21
23
|
# Example of commands:
|
22
24
|
#
|
@@ -27,6 +29,7 @@ module TLSmap
|
|
27
29
|
# - json-pretty is the only supported format, default json or csv, html won't work
|
28
30
|
# - `ssllabs-scan --quiet example.org > example.org.json`
|
29
31
|
# - The default output is the only supported format, using `-json-flat` won't work
|
32
|
+
# - `tlsx -u example.org -cipher-enum -o example.org.json -j -sm ctls`
|
30
33
|
class Extractor
|
31
34
|
# Get the list of ciphers extracted from the tool output file
|
32
35
|
# @return [Array<String>] Cipher array (IANA names)
|
@@ -74,7 +77,7 @@ module TLSmap
|
|
74
77
|
end
|
75
78
|
|
76
79
|
# Extract the ciphers from the tool output file
|
77
|
-
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`
|
80
|
+
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`, `tlsx`
|
78
81
|
# @param file [String] Path of the tool output file, beware of the format expected. See {TLSmap::App::Extractor}
|
79
82
|
# @return [Array<String>] Cipher array (IANA names)
|
80
83
|
def parse(tool, file)
|
@@ -89,11 +92,12 @@ module TLSmap
|
|
89
92
|
'sslyze' => 'sslyze --json_out=example.org.json example.org',
|
90
93
|
'sslscan2' => 'sslscan2 --show-cipher-ids --xml=example.org.xml example.org',
|
91
94
|
'testssl' => 'testssl --jsonfile-pretty example.org.json --mapping no-openssl --cipher-per-proto example.org',
|
92
|
-
'ssllabs-scan' => 'ssllabs-scan --quiet example.org > example.org.json'
|
95
|
+
'ssllabs-scan' => 'ssllabs-scan --quiet example.org > example.org.json',
|
96
|
+
'tlsx' => 'tlsx -u example.org -cipher-enum -o example.org.json -j -sm ctls'
|
93
97
|
}.freeze
|
94
98
|
|
95
99
|
# Get the external tool command used to generate the expected result format
|
96
|
-
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`
|
100
|
+
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`, `tlsx`
|
97
101
|
# @return [String] external tool command used to generate the expected result format used in input of the extract
|
98
102
|
# command (CLI) / {parse} method (library)
|
99
103
|
def helper(tool)
|
@@ -271,6 +275,51 @@ module TLSmap
|
|
271
275
|
protected :extract_cipher, :id2prot
|
272
276
|
end
|
273
277
|
end
|
278
|
+
|
279
|
+
# Parsing tlsx
|
280
|
+
class Tlsx
|
281
|
+
class << self
|
282
|
+
# Extract the ciphers from the tlsx output file
|
283
|
+
# @param file [String] Path of the tlsx output file, beware of the format expected.
|
284
|
+
# See {TLSmap::App::Extractor}
|
285
|
+
# @return [Array<String>] Cipher array (IANA names)
|
286
|
+
def parse(file)
|
287
|
+
data = Utils.json_load_file(file)
|
288
|
+
extract_cipher(data)
|
289
|
+
end
|
290
|
+
|
291
|
+
# Extract the ciphers from the tlsx output file
|
292
|
+
# @param json_data [Hash] Ruby hash of the parsed JSON
|
293
|
+
# @return [Array<String>] Cipher array (IANA names)
|
294
|
+
def extract_cipher(json_data) # rubocop:disable Metrics/MethodLength
|
295
|
+
raw = {
|
296
|
+
'SSL2.0' => [], 'SSL3.0' => [],
|
297
|
+
'TLS1.0' => [], 'TLS1.1' => [], 'TLS1.2' => [], 'TLS1.3' => []
|
298
|
+
}
|
299
|
+
json_data['cipher_enum'].each do |version|
|
300
|
+
next if version['ciphers'].nil?
|
301
|
+
|
302
|
+
version['ciphers'].each do |cipher|
|
303
|
+
raw[id2prot(version['version'])].push(cipher)
|
304
|
+
end
|
305
|
+
end
|
306
|
+
raw.transform_values(&:uniq)
|
307
|
+
end
|
308
|
+
|
309
|
+
# Convert tlsx protocol id to protocol name in TLSmap format
|
310
|
+
# @param id [String] tlsx protocol id
|
311
|
+
# @return [String] protocol name in TLSmap format
|
312
|
+
def id2prot(id)
|
313
|
+
prot = {
|
314
|
+
'ssl30' => 'SSL3.0', 'tls10' => 'TLS1.0',
|
315
|
+
'tls11' => 'TLS1.1', 'tls12' => 'TLS1.2', 'tls13' => 'TLS1.3'
|
316
|
+
}
|
317
|
+
prot[id]
|
318
|
+
end
|
319
|
+
|
320
|
+
protected :extract_cipher, :id2prot
|
321
|
+
end
|
322
|
+
end
|
274
323
|
end
|
275
324
|
end
|
276
325
|
end
|
data/lib/tls_map/app/iana.rb
CHANGED
@@ -27,7 +27,7 @@ module TLSmap
|
|
27
27
|
end
|
28
28
|
|
29
29
|
def parse_iana
|
30
|
-
CSV.foreach(@iana_file.path,
|
30
|
+
CSV.foreach(@iana_file.path, headers: true, header_converters: :symbol) do |alg|
|
31
31
|
codepoint = codepoint_iana(alg[:value])
|
32
32
|
description = desc_iana(alg[:description])
|
33
33
|
@tls_map << { codepoint: codepoint, iana: description } unless codepoint.nil? || description.nil?
|
data/lib/tls_map/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tls-map
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Alexandre ZANNI
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: docopt
|
@@ -54,7 +54,7 @@ dependencies:
|
|
54
54
|
version: '3.2'
|
55
55
|
description: 'CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL,
|
56
56
|
GnuTLS, NSS;get information and vulnerabilities about cipher suites;extract cipher
|
57
|
-
suites from external tools: SSLyze, sslscan2, testssl.sh, ssllabs-scan'
|
57
|
+
suites from external tools: SSLyze, sslscan2, testssl.sh, ssllabs-scan, tlsx'
|
58
58
|
email: alexandre.zanni@engineer.com
|
59
59
|
executables:
|
60
60
|
- tls-map
|
@@ -104,14 +104,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
104
104
|
version: 2.6.0
|
105
105
|
- - "<"
|
106
106
|
- !ruby/object:Gem::Version
|
107
|
-
version: '3.
|
107
|
+
version: '3.3'
|
108
108
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
109
109
|
requirements:
|
110
110
|
- - ">="
|
111
111
|
- !ruby/object:Gem::Version
|
112
112
|
version: '0'
|
113
113
|
requirements: []
|
114
|
-
rubygems_version: 3.
|
114
|
+
rubygems_version: 3.4.1
|
115
115
|
signing_key:
|
116
116
|
specification_version: 4
|
117
117
|
summary: CLI & library for TLS cipher suites manipulation
|