tls-map 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/tls-map +1 -2
- data/lib/tls_map/app/extractor/extractor.rb +52 -3
- data/lib/tls_map/app/iana.rb +1 -1
- data/lib/tls_map/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9a5e60ee77231b59e8aaa082690fc1db2b7d9f8b48947bb11a0cfdbb2085758c
|
|
4
|
+
data.tar.gz: 6e5b46e91409a47d069cca537cb443757838ba4477de1c60ebd1afcb11b76cfd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 566a759275f83244886d4491f1e5689b544f2dc8a70ad0effb1b88fa920657fe74289759a693b85050dd1ba68ccf48763aa55ab780d588bdaef199bcabd9ed07
|
|
7
|
+
data.tar.gz: 9d6854c4656b2ea9c6a27b16cf6a37d28d67784abb7da90c9af9fbe8b888357d84a76fd9c2a316678536fb561758c26246207011dd9350fef5c5f1c3cd808c67
|
data/bin/tls-map
CHANGED
|
@@ -2,7 +2,6 @@
|
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
# Ruby internal
|
|
5
|
-
require 'pp'
|
|
6
5
|
# Project internal
|
|
7
6
|
require 'tls_map'
|
|
8
7
|
require 'tls_map/cli/cli'
|
|
@@ -42,7 +41,7 @@ doc = <<~DOCOPT
|
|
|
42
41
|
|
|
43
42
|
Extract options: (offline) extract ciphers from external tools output file
|
|
44
43
|
<filename> The external tool output file
|
|
45
|
-
<format> Supported formats: sslyze, sslscan2, testssl, ssllabs-scan (check the documentation for the expected file format)
|
|
44
|
+
<format> Supported formats: sslyze, sslscan2, testssl, ssllabs-scan, tlsx (check the documentation for the expected file format)
|
|
46
45
|
--only-weak Show only ciphers with a security level equal to weak or insecure (hide secure and recommended) (work only with TLS not SSL).
|
|
47
46
|
--hide-weak Hide ciphers with a security level equal to weak or insecure (show only secure and recommended) (work only with TLS not SSL).
|
|
48
47
|
|
|
@@ -12,11 +12,13 @@ module TLSmap
|
|
|
12
12
|
# External tools output data extractor
|
|
13
13
|
#
|
|
14
14
|
# Output files from [SSLyze][1] (JSON), [sslscan2][2] (XML), [testssl.sh][3] (JSON), [ssllabs-scan][4] (JSON)
|
|
15
|
+
# , [tlsx][5] (JSON)
|
|
15
16
|
#
|
|
16
17
|
# [1]:https://github.com/nabla-c0d3/sslyze
|
|
17
18
|
# [2]:https://github.com/rbsec/sslscan
|
|
18
19
|
# [3]:https://github.com/drwetter/testssl.sh
|
|
19
20
|
# [4]:https://github.com/ssllabs/ssllabs-scan
|
|
21
|
+
# [5]:https://github.com/projectdiscovery/tlsx
|
|
20
22
|
#
|
|
21
23
|
# Example of commands:
|
|
22
24
|
#
|
|
@@ -27,6 +29,7 @@ module TLSmap
|
|
|
27
29
|
# - json-pretty is the only supported format, default json or csv, html won't work
|
|
28
30
|
# - `ssllabs-scan --quiet example.org > example.org.json`
|
|
29
31
|
# - The default output is the only supported format, using `-json-flat` won't work
|
|
32
|
+
# - `tlsx -u example.org -cipher-enum -o example.org.json -j -sm ctls`
|
|
30
33
|
class Extractor
|
|
31
34
|
# Get the list of ciphers extracted from the tool output file
|
|
32
35
|
# @return [Array<String>] Cipher array (IANA names)
|
|
@@ -74,7 +77,7 @@ module TLSmap
|
|
|
74
77
|
end
|
|
75
78
|
|
|
76
79
|
# Extract the ciphers from the tool output file
|
|
77
|
-
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`
|
|
80
|
+
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`, `tlsx`
|
|
78
81
|
# @param file [String] Path of the tool output file, beware of the format expected. See {TLSmap::App::Extractor}
|
|
79
82
|
# @return [Array<String>] Cipher array (IANA names)
|
|
80
83
|
def parse(tool, file)
|
|
@@ -89,11 +92,12 @@ module TLSmap
|
|
|
89
92
|
'sslyze' => 'sslyze --json_out=example.org.json example.org',
|
|
90
93
|
'sslscan2' => 'sslscan2 --show-cipher-ids --xml=example.org.xml example.org',
|
|
91
94
|
'testssl' => 'testssl --jsonfile-pretty example.org.json --mapping no-openssl --cipher-per-proto example.org',
|
|
92
|
-
'ssllabs-scan' => 'ssllabs-scan --quiet example.org > example.org.json'
|
|
95
|
+
'ssllabs-scan' => 'ssllabs-scan --quiet example.org > example.org.json',
|
|
96
|
+
'tlsx' => 'tlsx -u example.org -cipher-enum -o example.org.json -j -sm ctls'
|
|
93
97
|
}.freeze
|
|
94
98
|
|
|
95
99
|
# Get the external tool command used to generate the expected result format
|
|
96
|
-
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`
|
|
100
|
+
# @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`, `tlsx`
|
|
97
101
|
# @return [String] external tool command used to generate the expected result format used in input of the extract
|
|
98
102
|
# command (CLI) / {parse} method (library)
|
|
99
103
|
def helper(tool)
|
|
@@ -271,6 +275,51 @@ module TLSmap
|
|
|
271
275
|
protected :extract_cipher, :id2prot
|
|
272
276
|
end
|
|
273
277
|
end
|
|
278
|
+
|
|
279
|
+
# Parsing tlsx
|
|
280
|
+
class Tlsx
|
|
281
|
+
class << self
|
|
282
|
+
# Extract the ciphers from the tlsx output file
|
|
283
|
+
# @param file [String] Path of the tlsx output file, beware of the format expected.
|
|
284
|
+
# See {TLSmap::App::Extractor}
|
|
285
|
+
# @return [Array<String>] Cipher array (IANA names)
|
|
286
|
+
def parse(file)
|
|
287
|
+
data = Utils.json_load_file(file)
|
|
288
|
+
extract_cipher(data)
|
|
289
|
+
end
|
|
290
|
+
|
|
291
|
+
# Extract the ciphers from the tlsx output file
|
|
292
|
+
# @param json_data [Hash] Ruby hash of the parsed JSON
|
|
293
|
+
# @return [Array<String>] Cipher array (IANA names)
|
|
294
|
+
def extract_cipher(json_data) # rubocop:disable Metrics/MethodLength
|
|
295
|
+
raw = {
|
|
296
|
+
'SSL2.0' => [], 'SSL3.0' => [],
|
|
297
|
+
'TLS1.0' => [], 'TLS1.1' => [], 'TLS1.2' => [], 'TLS1.3' => []
|
|
298
|
+
}
|
|
299
|
+
json_data['cipher_enum'].each do |version|
|
|
300
|
+
next if version['ciphers'].nil?
|
|
301
|
+
|
|
302
|
+
version['ciphers'].each do |cipher|
|
|
303
|
+
raw[id2prot(version['version'])].push(cipher)
|
|
304
|
+
end
|
|
305
|
+
end
|
|
306
|
+
raw.transform_values(&:uniq)
|
|
307
|
+
end
|
|
308
|
+
|
|
309
|
+
# Convert tlsx protocol id to protocol name in TLSmap format
|
|
310
|
+
# @param id [String] tlsx protocol id
|
|
311
|
+
# @return [String] protocol name in TLSmap format
|
|
312
|
+
def id2prot(id)
|
|
313
|
+
prot = {
|
|
314
|
+
'ssl30' => 'SSL3.0', 'tls10' => 'TLS1.0',
|
|
315
|
+
'tls11' => 'TLS1.1', 'tls12' => 'TLS1.2', 'tls13' => 'TLS1.3'
|
|
316
|
+
}
|
|
317
|
+
prot[id]
|
|
318
|
+
end
|
|
319
|
+
|
|
320
|
+
protected :extract_cipher, :id2prot
|
|
321
|
+
end
|
|
322
|
+
end
|
|
274
323
|
end
|
|
275
324
|
end
|
|
276
325
|
end
|
data/lib/tls_map/app/iana.rb
CHANGED
|
@@ -27,7 +27,7 @@ module TLSmap
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def parse_iana
|
|
30
|
-
CSV.foreach(@iana_file.path,
|
|
30
|
+
CSV.foreach(@iana_file.path, headers: true, header_converters: :symbol) do |alg|
|
|
31
31
|
codepoint = codepoint_iana(alg[:value])
|
|
32
32
|
description = desc_iana(alg[:description])
|
|
33
33
|
@tls_map << { codepoint: codepoint, iana: description } unless codepoint.nil? || description.nil?
|
data/lib/tls_map/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tls-map
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-01-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: docopt
|
|
@@ -54,7 +54,7 @@ dependencies:
|
|
|
54
54
|
version: '3.2'
|
|
55
55
|
description: 'CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL,
|
|
56
56
|
GnuTLS, NSS;get information and vulnerabilities about cipher suites;extract cipher
|
|
57
|
-
suites from external tools: SSLyze, sslscan2, testssl.sh, ssllabs-scan'
|
|
57
|
+
suites from external tools: SSLyze, sslscan2, testssl.sh, ssllabs-scan, tlsx'
|
|
58
58
|
email: alexandre.zanni@engineer.com
|
|
59
59
|
executables:
|
|
60
60
|
- tls-map
|
|
@@ -104,14 +104,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
104
104
|
version: 2.6.0
|
|
105
105
|
- - "<"
|
|
106
106
|
- !ruby/object:Gem::Version
|
|
107
|
-
version: '3.
|
|
107
|
+
version: '3.3'
|
|
108
108
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
109
109
|
requirements:
|
|
110
110
|
- - ">="
|
|
111
111
|
- !ruby/object:Gem::Version
|
|
112
112
|
version: '0'
|
|
113
113
|
requirements: []
|
|
114
|
-
rubygems_version: 3.
|
|
114
|
+
rubygems_version: 3.4.1
|
|
115
115
|
signing_key:
|
|
116
116
|
specification_version: 4
|
|
117
117
|
summary: CLI & library for TLS cipher suites manipulation
|