tls-map 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d94873d0b6f9c1274ca7ae4b4510cbbfb5351fb71b31d5fd6b7b51a700810b5
-  data.tar.gz: c706973ad2b5b944ad41b72447ad2b5b6fd0d6cd8e7697ed2e0441598c905157
+  metadata.gz: 9a5e60ee77231b59e8aaa082690fc1db2b7d9f8b48947bb11a0cfdbb2085758c
+  data.tar.gz: 6e5b46e91409a47d069cca537cb443757838ba4477de1c60ebd1afcb11b76cfd
 SHA512:
-  metadata.gz: 36abc411fbfb1139a1abce1795dc76dad40baf48a801ff52302e0f13a5e8d62f484a68e024523417f6d926b9a175043d0256b15a3840f5b1ed3e1a90d26a7f65
-  data.tar.gz: c0274a56daae44a2192e761bc782ec87ec71d2616738ed8053f8e1e2beb8a6bce7d6e95d694356f72d3ae891c69d5b210e78f9b84f2bd308016205f70b9e852d
+  metadata.gz: 566a759275f83244886d4491f1e5689b544f2dc8a70ad0effb1b88fa920657fe74289759a693b85050dd1ba68ccf48763aa55ab780d588bdaef199bcabd9ed07
+  data.tar.gz: 9d6854c4656b2ea9c6a27b16cf6a37d28d67784abb7da90c9af9fbe8b888357d84a76fd9c2a316678536fb561758c26246207011dd9350fef5c5f1c3cd808c67

data/bin/tls-map

@@ -2,7 +2,6 @@
 # frozen_string_literal: true
 
 # Ruby internal
-require 'pp'
 # Project internal
 require 'tls_map'
 require 'tls_map/cli/cli'
@@ -42,7 +41,7 @@ doc = <<~DOCOPT
 
   Extract options: (offline) extract ciphers from external tools output file
     <filename>              The external tool output file
-    <format>                Supported formats: sslyze, sslscan2, testssl, ssllabs-scan (check the documentation for the expected file format)
+    <format>                Supported formats: sslyze, sslscan2, testssl, ssllabs-scan, tlsx (check the documentation for the expected file format)
     --only-weak             Show only ciphers with a security level equal to weak or insecure (hide secure and recommended) (work only with TLS not SSL).
     --hide-weak             Hide ciphers with a security level equal to weak or insecure (show only secure and recommended) (work only with TLS not SSL).
 

data/lib/tls_map/app/extractor/extractor.rb

@@ -12,11 +12,13 @@ module TLSmap
     # External tools output data extractor
     #
     # Output files from [SSLyze][1] (JSON), [sslscan2][2] (XML), [testssl.sh][3] (JSON), [ssllabs-scan][4] (JSON)
+    # , [tlsx][5] (JSON)
     #
     # [1]:https://github.com/nabla-c0d3/sslyze
     # [2]:https://github.com/rbsec/sslscan
     # [3]:https://github.com/drwetter/testssl.sh
     # [4]:https://github.com/ssllabs/ssllabs-scan
+    # [5]:https://github.com/projectdiscovery/tlsx
     #
     # Example of commands:
     #
@@ -27,6 +29,7 @@ module TLSmap
     #   - json-pretty is the only supported format, default json or csv, html won't work
     # - `ssllabs-scan --quiet example.org > example.org.json`
     #   - The default output is the only supported format, using `-json-flat` won't work
+    # - `tlsx -u example.org -cipher-enum -o example.org.json -j -sm ctls`
     class Extractor
       # Get the list of ciphers extracted from the tool output file
       # @return [Array<String>] Cipher array (IANA names)
@@ -74,7 +77,7 @@ module TLSmap
       end
 
       # Extract the ciphers from the tool output file
-      # @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`
+      # @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`, `tlsx`
       # @param file [String] Path of the tool output file, beware of the format expected. See {TLSmap::App::Extractor}
       # @return [Array<String>] Cipher array (IANA names)
       def parse(tool, file)
@@ -89,11 +92,12 @@ module TLSmap
         'sslyze' => 'sslyze --json_out=example.org.json example.org',
         'sslscan2' => 'sslscan2 --show-cipher-ids --xml=example.org.xml example.org',
         'testssl' => 'testssl --jsonfile-pretty example.org.json --mapping no-openssl --cipher-per-proto example.org',
-        'ssllabs-scan' => 'ssllabs-scan --quiet example.org > example.org.json'
+        'ssllabs-scan' => 'ssllabs-scan --quiet example.org > example.org.json',
+        'tlsx' => 'tlsx -u example.org -cipher-enum -o example.org.json -j -sm ctls'
       }.freeze
 
       # Get the external tool command used to generate the expected result format
-      # @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`
+      # @param tool [String] Possible values: `sslyze`, `sslscan2`, `testssl`, `ssllabs-scan`, `tlsx`
       # @return [String] external tool command used to generate the expected result format used in input of the extract
       #   command (CLI) / {parse} method (library)
       def helper(tool)
@@ -271,6 +275,51 @@ module TLSmap
           protected :extract_cipher, :id2prot
         end
       end
+
+      # Parsing tlsx
+      class Tlsx
+        class << self
+          # Extract the ciphers from the tlsx output file
+          # @param file [String] Path of the tlsx output file, beware of the format expected.
+          #   See {TLSmap::App::Extractor}
+          # @return [Array<String>] Cipher array (IANA names)
+          def parse(file)
+            data = Utils.json_load_file(file)
+            extract_cipher(data)
+          end
+
+          # Extract the ciphers from the tlsx output file
+          # @param json_data [Hash] Ruby hash of the parsed JSON
+          # @return [Array<String>] Cipher array (IANA names)
+          def extract_cipher(json_data) # rubocop:disable Metrics/MethodLength
+            raw = {
+              'SSL2.0' => [], 'SSL3.0' => [],
+              'TLS1.0' => [], 'TLS1.1' => [], 'TLS1.2' => [], 'TLS1.3' => []
+            }
+            json_data['cipher_enum'].each do |version|
+              next if version['ciphers'].nil?
+
+              version['ciphers'].each do |cipher|
+                raw[id2prot(version['version'])].push(cipher)
+              end
+            end
+            raw.transform_values(&:uniq)
+          end
+
+          # Convert tlsx protocol id to protocol name in TLSmap format
+          # @param id [String] tlsx protocol id
+          # @return [String] protocol name in TLSmap format
+          def id2prot(id)
+            prot = {
+              'ssl30' => 'SSL3.0', 'tls10' => 'TLS1.0',
+              'tls11' => 'TLS1.1', 'tls12' => 'TLS1.2', 'tls13' => 'TLS1.3'
+            }
+            prot[id]
+          end
+
+          protected :extract_cipher, :id2prot
+        end
+      end
     end
   end
 end

data/lib/tls_map/app/iana.rb

@@ -27,7 +27,7 @@ module TLSmap
     end
 
     def parse_iana
-      CSV.foreach(@iana_file.path, **{ headers: true, header_converters: :symbol }) do |alg|
+      CSV.foreach(@iana_file.path, headers: true, header_converters: :symbol) do |alg|
         codepoint = codepoint_iana(alg[:value])
         description = desc_iana(alg[:description])
         @tls_map << { codepoint: codepoint, iana: description } unless codepoint.nil? || description.nil?

data/lib/tls_map/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TLSmap
-  VERSION = '2.1.0'
+  VERSION = '2.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: tls-map
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - Alexandre ZANNI
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-01-31 00:00:00.000000000 Z
+date: 2023-01-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: docopt
@@ -54,7 +54,7 @@ dependencies:
         version: '3.2'
 description: 'CLI & library for mapping TLS cipher algorithm names: IANA, OpenSSL,
   GnuTLS, NSS;get information and vulnerabilities about cipher suites;extract cipher
-  suites from external tools: SSLyze, sslscan2, testssl.sh, ssllabs-scan'
+  suites from external tools: SSLyze, sslscan2, testssl.sh, ssllabs-scan, tlsx'
 email: alexandre.zanni@engineer.com
 executables:
 - tls-map
@@ -104,14 +104,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: 2.6.0
   - - "<"
     - !ruby/object:Gem::Version
-      version: '3.2'
+      version: '3.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.1
 signing_key:
 specification_version: 4
 summary: CLI & library for TLS cipher suites manipulation