tls-map 3.0.0 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/bin/tls-map +33 -13
- data/data/extended.marshal +0 -0
- data/lib/tls_map/cli/cli.rb +1 -1
- data/lib/tls_map/version.rb +1 -1
- metadata +4 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c3bfd94194d2ff746b82e4f08e02efa5a223dc7b1cf235efe6a1537803c76761
|
|
4
|
+
data.tar.gz: c7fb814d57ceb1d1d072d4821f382d615e271223687cc51978b0644e6a092418
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 362bc13419886123f2877836b60f0f9f859d84a8bc54a1ec99cb0befddbd3eb3e5cfe09cbf2c4c2a0dd76ba860461985ada8bb710f0b8271593e28fa1ffb9e9f
|
|
7
|
+
data.tar.gz: 549250c7ad98e4ff866bea895a161c58d4827e5ae9a388ce61fb44e3a41bbf56f790d261507e8b39cab65003dbc4f7a64af1f823ee00fed96a41047eeb586f46
|
data/bin/tls-map
CHANGED
|
@@ -12,43 +12,44 @@ require 'paint'
|
|
|
12
12
|
# can't specify 2 options with the same name even if used in different commands
|
|
13
13
|
# https://github.com/docopt/docopt/issues/296#issuecomment-857477191
|
|
14
14
|
doc = <<~DOCOPT
|
|
15
|
-
TLS map #{TLSmap::VERSION}
|
|
15
|
+
#{Paint['TLS map', :bold, '#81c8b6']} #{Paint[TLSmap::VERSION, :bold]}
|
|
16
16
|
|
|
17
|
-
Usage:
|
|
17
|
+
#{Paint['Usage:', '#81c8b6']}
|
|
18
18
|
tls-map search <criteria> <term> [-o <output> --force -e -a] [--no-color --debug]
|
|
19
|
-
tls-map bulk <criteria> <file> [-q <output> --force] [--no-color --debug]
|
|
19
|
+
tls-map bulk <criteria> <file> [(-q <output> | --audit) --force] [--no-color --debug]
|
|
20
20
|
tls-map export <filename> <format> [--force] [--debug]
|
|
21
21
|
tls-map extract <filename> <format> [--no-color --debug [--only-weak | --hide-weak]]
|
|
22
22
|
tls-map update [--with-extended] [--debug]
|
|
23
23
|
tls-map -h | --help
|
|
24
24
|
tls-map --version
|
|
25
25
|
|
|
26
|
-
Search options: (offline) search and translate cipher names between SSL/TLS libraries
|
|
26
|
+
#{Paint['Search options:', '#81c8b6']} #{Paint['(offline) search and translate cipher names between SSL/TLS libraries', :underline]}
|
|
27
27
|
<criteria> The type of term. Accepted values: codepoint, iana, openssl, gnutls, nss.
|
|
28
28
|
<term> The cipher algorithm name.
|
|
29
29
|
-o, --output <output> Displayed fields. Accepted values: all, codepoint, iana, openssl, gnutls, nss. [default: all]
|
|
30
30
|
-e, --extended (Online) Display additional information about the cipher (requires output = all or iana)
|
|
31
31
|
-a, --acronym (Online) Display full acronym name (requires -e / --extended option)
|
|
32
32
|
|
|
33
|
-
Bulk options: (offline) search and translate cipher names between SSL/TLS libraries in bulk
|
|
33
|
+
#{Paint['Bulk options:', '#81c8b6']} #{Paint['(offline) search and translate cipher names between SSL/TLS libraries in bulk', :underline]}
|
|
34
34
|
<criteria> The type of term. Accepted values: codepoint, iana, openssl, gnutls, nss.
|
|
35
35
|
<file> File containing the cipher algorithm names, one per line.
|
|
36
36
|
-q, --output2 <output> Displayed fields. Accepted values: codepoint, iana, openssl, gnutls, nss. [default: iana]
|
|
37
|
+
--audit Highlight weak (security level equal to weak or insecure) cipher suites. (work only with TLS not SSL).
|
|
37
38
|
|
|
38
|
-
Export options: (offline) export the list of all ciphers (mapping) in various formats
|
|
39
|
+
#{Paint['Export options:', '#81c8b6']} #{Paint['(offline) export the list of all ciphers (mapping) in various formats', :underline]}
|
|
39
40
|
<filename> The output file name to write to.
|
|
40
41
|
<format> Supported formats: markdown (a markdown table), json_pretty (expanded JSON), json_compact (minified JSON), marshal (Ruby marshalized hash).
|
|
41
42
|
|
|
42
|
-
Extract options: (offline) extract ciphers from external tools output file
|
|
43
|
+
#{Paint['Extract options:', '#81c8b6']} #{Paint['(offline) extract ciphers from external tools output file', :underline]}
|
|
43
44
|
<filename> The external tool output file
|
|
44
45
|
<format> Supported formats: sslyze, sslscan2, testssl, ssllabs-scan, tlsx (check the documentation for the expected file format)
|
|
45
46
|
--only-weak Show only ciphers with a security level equal to weak or insecure (hide secure and recommended) (work only with TLS not SSL).
|
|
46
47
|
--hide-weak Hide ciphers with a security level equal to weak or insecure (show only secure and recommended) (work only with TLS not SSL).
|
|
47
48
|
|
|
48
|
-
Update options: (online) DANGEROUS, will break database integrity, force option will be required
|
|
49
|
+
#{Paint['Update options:', '#81c8b6']} #{Paint['(online) DANGEROUS, will break database integrity, force option will be required', :underline]}
|
|
49
50
|
--with-extended (Online) Also save extended information used by search --extended option.
|
|
50
51
|
|
|
51
|
-
Other options:
|
|
52
|
+
#{Paint['Other options:', '#81c8b6']}
|
|
52
53
|
--force Force parsing even if integrity check failed (DANGEROUS, may result in command execution vulnerability)
|
|
53
54
|
--no-color Disable colorized output
|
|
54
55
|
--debug Display arguments
|
|
@@ -88,7 +89,7 @@ begin
|
|
|
88
89
|
puts "#{Paint[dic[k], :magenta]}: #{Paint[v, sec_lvl[v][:color]]}"
|
|
89
90
|
else
|
|
90
91
|
print "#{Paint[dic[k], :magenta]}: #{Paint[v, :white]}"
|
|
91
|
-
print " (#{tmext_i.translate_acronym(v)})" if args['--acronym'] && !tmext_i.translate_acronym(v).nil?
|
|
92
|
+
print " (#{tmext_i.translate_acronym(v)})" if args['--acronym'] && !tmext_i.translate_acronym(v).nil?
|
|
92
93
|
puts
|
|
93
94
|
end
|
|
94
95
|
end
|
|
@@ -98,7 +99,23 @@ begin
|
|
|
98
99
|
res = cli.bulk_search(args['<criteria>'].to_sym, args['<file>'], args['--output2'].to_sym)
|
|
99
100
|
puts Paint['No match found', :red] if res.empty?
|
|
100
101
|
res.each do |h|
|
|
101
|
-
|
|
102
|
+
cs = h[args['--output2'].to_sym] # cipher suite
|
|
103
|
+
next if cs.nil?
|
|
104
|
+
|
|
105
|
+
if args['--audit']
|
|
106
|
+
cliext = TLSmap::CLI::Extended.new
|
|
107
|
+
ci = TLSmap::App::Cipher.new(:iana, cs, enhanced_data: cliext.enhanced_data)
|
|
108
|
+
if ci.should_i_use?
|
|
109
|
+
print Paint[cs, :green]
|
|
110
|
+
else
|
|
111
|
+
print Paint[cs, :red]
|
|
112
|
+
print ' -- '
|
|
113
|
+
print Paint['weak', :red, :bold]
|
|
114
|
+
end
|
|
115
|
+
puts
|
|
116
|
+
else
|
|
117
|
+
puts Paint[cs, :green]
|
|
118
|
+
end
|
|
102
119
|
end
|
|
103
120
|
elsif args['export']
|
|
104
121
|
cli = TLSmap::CLI.new(args['--force'])
|
|
@@ -112,8 +129,11 @@ begin
|
|
|
112
129
|
cliext = TLSmap::CLI::Extended.new
|
|
113
130
|
v.each do |alg|
|
|
114
131
|
ci = TLSmap::App::Cipher.new(:iana, alg, enhanced_data: cliext.enhanced_data)
|
|
115
|
-
|
|
116
|
-
|
|
132
|
+
next unless (args['--only-weak'] && !ci.should_i_use?) ||
|
|
133
|
+
(args['--hide-weak'] && ci.should_i_use?)
|
|
134
|
+
|
|
135
|
+
print Paint["#{k} ", :blue] unless v.empty?
|
|
136
|
+
puts Paint[alg, :white]
|
|
117
137
|
end
|
|
118
138
|
else
|
|
119
139
|
puts Paint[k, :blue] unless v.empty?
|
data/data/extended.marshal
CHANGED
|
Binary file
|
data/lib/tls_map/cli/cli.rb
CHANGED
|
@@ -56,7 +56,7 @@ module TLSmap
|
|
|
56
56
|
|
|
57
57
|
# Offline version of {App::Extended}
|
|
58
58
|
class Extended < App::Extended
|
|
59
|
-
INTEGRITY = '
|
|
59
|
+
INTEGRITY = '3236733f1d5b69f4230adaa726faeb2f4ba4e88aa59a72880cc822c43ed37b73' # sha2-256
|
|
60
60
|
|
|
61
61
|
# Load and parse data from marshalized hash (`data/extended.marshal`).
|
|
62
62
|
# It must match the integrity check for security purpose.
|
data/lib/tls_map/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: tls-map
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexandre ZANNI
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 2025-02-01 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
14
13
|
name: csv
|
|
@@ -108,7 +107,6 @@ metadata:
|
|
|
108
107
|
source_code_uri: https://github.com/noraj/tls-map/
|
|
109
108
|
funding_uri: https://github.com/sponsors/noraj
|
|
110
109
|
rubygems_mfa_required: 'true'
|
|
111
|
-
post_install_message:
|
|
112
110
|
rdoc_options: []
|
|
113
111
|
require_paths:
|
|
114
112
|
- lib
|
|
@@ -116,7 +114,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
116
114
|
requirements:
|
|
117
115
|
- - ">="
|
|
118
116
|
- !ruby/object:Gem::Version
|
|
119
|
-
version: 3.
|
|
117
|
+
version: 3.1.0
|
|
120
118
|
- - "<"
|
|
121
119
|
- !ruby/object:Gem::Version
|
|
122
120
|
version: '4.0'
|
|
@@ -126,8 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
126
124
|
- !ruby/object:Gem::Version
|
|
127
125
|
version: '0'
|
|
128
126
|
requirements: []
|
|
129
|
-
rubygems_version: 3.
|
|
130
|
-
signing_key:
|
|
127
|
+
rubygems_version: 3.6.2
|
|
131
128
|
specification_version: 4
|
|
132
129
|
summary: CLI & library for TLS cipher suites manipulation
|
|
133
130
|
test_files: []
|