tls-map 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/bin/tls-map +33 -13
- data/data/extended.marshal +0 -0
- data/lib/tls_map/cli/cli.rb +1 -1
- data/lib/tls_map/version.rb +1 -1
- metadata +4 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c3bfd94194d2ff746b82e4f08e02efa5a223dc7b1cf235efe6a1537803c76761
|
|
4
|
+
data.tar.gz: c7fb814d57ceb1d1d072d4821f382d615e271223687cc51978b0644e6a092418
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 362bc13419886123f2877836b60f0f9f859d84a8bc54a1ec99cb0befddbd3eb3e5cfe09cbf2c4c2a0dd76ba860461985ada8bb710f0b8271593e28fa1ffb9e9f
|
|
7
|
+
data.tar.gz: 549250c7ad98e4ff866bea895a161c58d4827e5ae9a388ce61fb44e3a41bbf56f790d261507e8b39cab65003dbc4f7a64af1f823ee00fed96a41047eeb586f46
|
data/bin/tls-map
CHANGED
|
@@ -12,43 +12,44 @@ require 'paint'
|
|
|
12
12
|
# can't specify 2 options with the same name even if used in different commands
|
|
13
13
|
# https://github.com/docopt/docopt/issues/296#issuecomment-857477191
|
|
14
14
|
doc = <<~DOCOPT
|
|
15
|
-
TLS map #{TLSmap::VERSION}
|
|
15
|
+
#{Paint['TLS map', :bold, '#81c8b6']} #{Paint[TLSmap::VERSION, :bold]}
|
|
16
16
|
|
|
17
|
-
Usage:
|
|
17
|
+
#{Paint['Usage:', '#81c8b6']}
|
|
18
18
|
tls-map search <criteria> <term> [-o <output> --force -e -a] [--no-color --debug]
|
|
19
|
-
tls-map bulk <criteria> <file> [-q <output> --force] [--no-color --debug]
|
|
19
|
+
tls-map bulk <criteria> <file> [(-q <output> | --audit) --force] [--no-color --debug]
|
|
20
20
|
tls-map export <filename> <format> [--force] [--debug]
|
|
21
21
|
tls-map extract <filename> <format> [--no-color --debug [--only-weak | --hide-weak]]
|
|
22
22
|
tls-map update [--with-extended] [--debug]
|
|
23
23
|
tls-map -h | --help
|
|
24
24
|
tls-map --version
|
|
25
25
|
|
|
26
|
-
Search options: (offline) search and translate cipher names between SSL/TLS libraries
|
|
26
|
+
#{Paint['Search options:', '#81c8b6']} #{Paint['(offline) search and translate cipher names between SSL/TLS libraries', :underline]}
|
|
27
27
|
<criteria> The type of term. Accepted values: codepoint, iana, openssl, gnutls, nss.
|
|
28
28
|
<term> The cipher algorithm name.
|
|
29
29
|
-o, --output <output> Displayed fields. Accepted values: all, codepoint, iana, openssl, gnutls, nss. [default: all]
|
|
30
30
|
-e, --extended (Online) Display additional information about the cipher (requires output = all or iana)
|
|
31
31
|
-a, --acronym (Online) Display full acronym name (requires -e / --extended option)
|
|
32
32
|
|
|
33
|
-
Bulk options: (offline) search and translate cipher names between SSL/TLS libraries in bulk
|
|
33
|
+
#{Paint['Bulk options:', '#81c8b6']} #{Paint['(offline) search and translate cipher names between SSL/TLS libraries in bulk', :underline]}
|
|
34
34
|
<criteria> The type of term. Accepted values: codepoint, iana, openssl, gnutls, nss.
|
|
35
35
|
<file> File containing the cipher algorithm names, one per line.
|
|
36
36
|
-q, --output2 <output> Displayed fields. Accepted values: codepoint, iana, openssl, gnutls, nss. [default: iana]
|
|
37
|
+
--audit Highlight weak (security level equal to weak or insecure) cipher suites. (work only with TLS not SSL).
|
|
37
38
|
|
|
38
|
-
Export options: (offline) export the list of all ciphers (mapping) in various formats
|
|
39
|
+
#{Paint['Export options:', '#81c8b6']} #{Paint['(offline) export the list of all ciphers (mapping) in various formats', :underline]}
|
|
39
40
|
<filename> The output file name to write to.
|
|
40
41
|
<format> Supported formats: markdown (a markdown table), json_pretty (expanded JSON), json_compact (minified JSON), marshal (Ruby marshalized hash).
|
|
41
42
|
|
|
42
|
-
Extract options: (offline) extract ciphers from external tools output file
|
|
43
|
+
#{Paint['Extract options:', '#81c8b6']} #{Paint['(offline) extract ciphers from external tools output file', :underline]}
|
|
43
44
|
<filename> The external tool output file
|
|
44
45
|
<format> Supported formats: sslyze, sslscan2, testssl, ssllabs-scan, tlsx (check the documentation for the expected file format)
|
|
45
46
|
--only-weak Show only ciphers with a security level equal to weak or insecure (hide secure and recommended) (work only with TLS not SSL).
|
|
46
47
|
--hide-weak Hide ciphers with a security level equal to weak or insecure (show only secure and recommended) (work only with TLS not SSL).
|
|
47
48
|
|
|
48
|
-
Update options: (online) DANGEROUS, will break database integrity, force option will be required
|
|
49
|
+
#{Paint['Update options:', '#81c8b6']} #{Paint['(online) DANGEROUS, will break database integrity, force option will be required', :underline]}
|
|
49
50
|
--with-extended (Online) Also save extended information used by search --extended option.
|
|
50
51
|
|
|
51
|
-
Other options:
|
|
52
|
+
#{Paint['Other options:', '#81c8b6']}
|
|
52
53
|
--force Force parsing even if integrity check failed (DANGEROUS, may result in command execution vulnerability)
|
|
53
54
|
--no-color Disable colorized output
|
|
54
55
|
--debug Display arguments
|
|
@@ -88,7 +89,7 @@ begin
|
|
|
88
89
|
puts "#{Paint[dic[k], :magenta]}: #{Paint[v, sec_lvl[v][:color]]}"
|
|
89
90
|
else
|
|
90
91
|
print "#{Paint[dic[k], :magenta]}: #{Paint[v, :white]}"
|
|
91
|
-
print " (#{tmext_i.translate_acronym(v)})" if args['--acronym'] && !tmext_i.translate_acronym(v).nil?
|
|
92
|
+
print " (#{tmext_i.translate_acronym(v)})" if args['--acronym'] && !tmext_i.translate_acronym(v).nil?
|
|
92
93
|
puts
|
|
93
94
|
end
|
|
94
95
|
end
|
|
@@ -98,7 +99,23 @@ begin
|
|
|
98
99
|
res = cli.bulk_search(args['<criteria>'].to_sym, args['<file>'], args['--output2'].to_sym)
|
|
99
100
|
puts Paint['No match found', :red] if res.empty?
|
|
100
101
|
res.each do |h|
|
|
101
|
-
|
|
102
|
+
cs = h[args['--output2'].to_sym] # cipher suite
|
|
103
|
+
next if cs.nil?
|
|
104
|
+
|
|
105
|
+
if args['--audit']
|
|
106
|
+
cliext = TLSmap::CLI::Extended.new
|
|
107
|
+
ci = TLSmap::App::Cipher.new(:iana, cs, enhanced_data: cliext.enhanced_data)
|
|
108
|
+
if ci.should_i_use?
|
|
109
|
+
print Paint[cs, :green]
|
|
110
|
+
else
|
|
111
|
+
print Paint[cs, :red]
|
|
112
|
+
print ' -- '
|
|
113
|
+
print Paint['weak', :red, :bold]
|
|
114
|
+
end
|
|
115
|
+
puts
|
|
116
|
+
else
|
|
117
|
+
puts Paint[cs, :green]
|
|
118
|
+
end
|
|
102
119
|
end
|
|
103
120
|
elsif args['export']
|
|
104
121
|
cli = TLSmap::CLI.new(args['--force'])
|
|
@@ -112,8 +129,11 @@ begin
|
|
|
112
129
|
cliext = TLSmap::CLI::Extended.new
|
|
113
130
|
v.each do |alg|
|
|
114
131
|
ci = TLSmap::App::Cipher.new(:iana, alg, enhanced_data: cliext.enhanced_data)
|
|
115
|
-
|
|
116
|
-
|
|
132
|
+
next unless (args['--only-weak'] && !ci.should_i_use?) ||
|
|
133
|
+
(args['--hide-weak'] && ci.should_i_use?)
|
|
134
|
+
|
|
135
|
+
print Paint["#{k} ", :blue] unless v.empty?
|
|
136
|
+
puts Paint[alg, :white]
|
|
117
137
|
end
|
|
118
138
|
else
|
|
119
139
|
puts Paint[k, :blue] unless v.empty?
|
data/data/extended.marshal
CHANGED
|
Binary file
|
data/lib/tls_map/cli/cli.rb
CHANGED
|
@@ -56,7 +56,7 @@ module TLSmap
|
|
|
56
56
|
|
|
57
57
|
# Offline version of {App::Extended}
|
|
58
58
|
class Extended < App::Extended
|
|
59
|
-
INTEGRITY = '
|
|
59
|
+
INTEGRITY = '3236733f1d5b69f4230adaa726faeb2f4ba4e88aa59a72880cc822c43ed37b73' # sha2-256
|
|
60
60
|
|
|
61
61
|
# Load and parse data from marshalized hash (`data/extended.marshal`).
|
|
62
62
|
# It must match the integrity check for security purpose.
|
data/lib/tls_map/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tls-map
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 2025-02-01 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: csv
|
|
@@ -108,7 +107,6 @@ metadata:
|
|
|
108
107
|
source_code_uri: https://github.com/noraj/tls-map/
|
|
109
108
|
funding_uri: https://github.com/sponsors/noraj
|
|
110
109
|
rubygems_mfa_required: 'true'
|
|
111
|
-
post_install_message:
|
|
112
110
|
rdoc_options: []
|
|
113
111
|
require_paths:
|
|
114
112
|
- lib
|
|
@@ -116,7 +114,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
116
114
|
requirements:
|
|
117
115
|
- - ">="
|
|
118
116
|
- !ruby/object:Gem::Version
|
|
119
|
-
version: 3.
|
|
117
|
+
version: 3.1.0
|
|
120
118
|
- - "<"
|
|
121
119
|
- !ruby/object:Gem::Version
|
|
122
120
|
version: '4.0'
|
|
@@ -126,8 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
126
124
|
- !ruby/object:Gem::Version
|
|
127
125
|
version: '0'
|
|
128
126
|
requirements: []
|
|
129
|
-
rubygems_version: 3.
|
|
130
|
-
signing_key:
|
|
127
|
+
rubygems_version: 3.6.2
|
|
131
128
|
specification_version: 4
|
|
132
129
|
summary: CLI & library for TLS cipher suites manipulation
|
|
133
130
|
test_files: []
|