yawast 0.3.0.beta1 → 0.3.0.beta2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1 -0
- data/README.md +5 -4
- data/bin/yawast +3 -3
- data/lib/scanner/apache.rb +1 -1
- data/lib/scanner/core.rb +2 -2
- data/lib/scanner/generic.rb +1 -1
- data/lib/scanner/iis.rb +2 -2
- data/lib/scanner/nginx.rb +1 -1
- data/lib/scanner/php.rb +1 -1
- data/lib/scanner/ssl.rb +3 -3
- data/lib/scanner/ssl_labs.rb +2 -2
- data/lib/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: acaf00690ddc7c68663b94e73a5eb2b0eb51c080
|
|
4
|
+
data.tar.gz: 4a85fddd2486d54ac441f0b487fef339006ff7e9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a38229adaec840c4837bd53d063453a4ca755bcd666a7d9aeab00857119b61a70a5fbc9a57ddb8ca457f7c4253ccb5dd6d93afc61a6b6b35ec6fe89c2205e3cf
|
|
7
|
+
data.tar.gz: 70f4418e59b3ce272d46b53bc3b5b0bbba7300a916f5ac027c39158848fdd9a5939244b3cb52f250d490251dd657af24ce2d4f389d429d6128e4915dfba8af5d
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
* [#61](https://github.com/adamcaudill/yawast/issues/61) - SSL Session Count: force 3DES suites
|
|
4
4
|
* [#23](https://github.com/adamcaudill/yawast/issues/23) - Add check for HTTP to HTTPS redirect
|
|
5
|
+
* [#63](https://github.com/adamcaudill/yawast/issues/63) - Rename `--sslsessioncount` to `--tdessessioncount`
|
|
5
6
|
|
|
6
7
|
## 0.2.2 - 2016-08-07
|
|
7
8
|
|
data/README.md
CHANGED
|
@@ -80,6 +80,7 @@ Checks for the following SSL issues are performed:
|
|
|
80
80
|
* SHA1 Signature
|
|
81
81
|
* RC4 Cipher Suites
|
|
82
82
|
* Weak (< 128 bit) Cipher Suites
|
|
83
|
+
* SWEET32
|
|
83
84
|
|
|
84
85
|
In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others.
|
|
85
86
|
|
|
@@ -180,9 +181,9 @@ This mode is the most comprehensive, and contains far more data than the Interna
|
|
|
180
181
|
|
|
181
182
|
### Usage
|
|
182
183
|
|
|
183
|
-
* Standard scan: `./yawast scan <url> [--internalssl] [--nossl] [--nociphers] [--dir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
|
|
184
|
-
* HEAD-only scan: `./yawast head <url> [--internalssl] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
|
|
185
|
-
* SSL information: `./yawast ssl <url> [--internalssl] [--nociphers]`
|
|
184
|
+
* Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
|
|
185
|
+
* HEAD-only scan: `./yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
|
|
186
|
+
* SSL information: `./yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]`
|
|
186
187
|
* CMS detection: `./yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]`
|
|
187
188
|
|
|
188
189
|
For detailed information, just call `./yawast -h` to see the help page. To see information for a specific command, call `./yawast -h <command>` for full details.
|
|
@@ -204,7 +205,7 @@ For authenticated testing, YAWAST allows you to specify a cookie to be passed vi
|
|
|
204
205
|
Using `scan` - the normal go-to option, here's what you get when scanning my website:
|
|
205
206
|
|
|
206
207
|
```
|
|
207
|
-
$yawast scan https://adamcaudill.com --dir --
|
|
208
|
+
$yawast scan https://adamcaudill.com --dir --tdessessioncount
|
|
208
209
|
__ _____ _ _ ___ _____ _____
|
|
209
210
|
\ \ / / _ \| | | |/ _ \ / ___|_ _|
|
|
210
211
|
\ V / /_\ \ | | / /_\ \\ `--. | |
|
data/bin/yawast
CHANGED
|
@@ -16,7 +16,7 @@ command :scan do |c|
|
|
|
16
16
|
c.option '--nossl', 'Disables SSL checks'
|
|
17
17
|
c.option '--nociphers', 'Disables check for supported ciphers (only with --internalssl)'
|
|
18
18
|
c.option '--internalssl', 'Disable SSL Labs integration'
|
|
19
|
-
c.option '--
|
|
19
|
+
c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
|
|
20
20
|
c.option '--dir', 'Enables directory search'
|
|
21
21
|
c.option '--dirrecursive', 'Recursive directory search (only with --dir)'
|
|
22
22
|
c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
|
|
@@ -34,7 +34,7 @@ command :head do |c|
|
|
|
34
34
|
c.option '--nossl', 'Disables SSL checks'
|
|
35
35
|
c.option '--nociphers', 'Disables check for supported ciphers (only with --internalssl)'
|
|
36
36
|
c.option '--internalssl', 'Disable SSL Labs integration'
|
|
37
|
-
c.option '--
|
|
37
|
+
c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
|
|
38
38
|
c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
|
|
39
39
|
c.option '--cookie STRING', String, 'Session cookie'
|
|
40
40
|
|
|
@@ -49,7 +49,7 @@ command :ssl do |c|
|
|
|
49
49
|
|
|
50
50
|
c.option '--nociphers', 'Disables check for supported ciphers (only with --internalssl)'
|
|
51
51
|
c.option '--internalssl', 'Disable SSL Labs integration'
|
|
52
|
-
c.option '--
|
|
52
|
+
c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
|
|
53
53
|
|
|
54
54
|
c.action do |args, options|
|
|
55
55
|
Yawast::Commands::Ssl.process(args, options)
|
data/lib/scanner/apache.rb
CHANGED
data/lib/scanner/core.rb
CHANGED
|
@@ -111,9 +111,9 @@ module Yawast
|
|
|
111
111
|
head = Yawast::Shared::Http.head(@uri) if head == nil
|
|
112
112
|
|
|
113
113
|
if options.internalssl
|
|
114
|
-
Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.
|
|
114
|
+
Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
|
|
115
115
|
else
|
|
116
|
-
Yawast::Scanner::SslLabs.info(@uri, options.
|
|
116
|
+
Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
|
|
117
117
|
end
|
|
118
118
|
|
|
119
119
|
Yawast::Scanner::Ssl.check_hsts(head)
|
data/lib/scanner/generic.rb
CHANGED
|
@@ -273,7 +273,7 @@ module Yawast
|
|
|
273
273
|
headers = Yawast::Shared::Http.get_headers
|
|
274
274
|
res = req.request(Trace.new('/', headers))
|
|
275
275
|
|
|
276
|
-
if res.body.include?
|
|
276
|
+
if res.body.include?('TRACE / HTTP/1.1') && res.code == '200'
|
|
277
277
|
Yawast::Utilities.puts_warn 'HTTP TRACE Enabled'
|
|
278
278
|
puts "\t\t\"curl -X TRACE #{uri}\""
|
|
279
279
|
|
data/lib/scanner/iis.rb
CHANGED
|
@@ -3,7 +3,7 @@ module Yawast
|
|
|
3
3
|
class Iis
|
|
4
4
|
def self.check_banner(banner)
|
|
5
5
|
#don't bother if this doesn't include IIS
|
|
6
|
-
return
|
|
6
|
+
return unless banner.include? 'Microsoft-IIS/'
|
|
7
7
|
@iis = true
|
|
8
8
|
|
|
9
9
|
Yawast::Utilities.puts_warn "IIS Version: #{banner}"
|
|
@@ -11,7 +11,7 @@ module Yawast
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def self.check_all(uri, head)
|
|
14
|
-
return
|
|
14
|
+
return unless @iis
|
|
15
15
|
|
|
16
16
|
#run all the defined checks
|
|
17
17
|
check_asp_banner(head)
|
data/lib/scanner/nginx.rb
CHANGED
data/lib/scanner/php.rb
CHANGED
data/lib/scanner/ssl.rb
CHANGED
|
@@ -5,7 +5,7 @@ require 'digest/sha1'
|
|
|
5
5
|
module Yawast
|
|
6
6
|
module Scanner
|
|
7
7
|
class Ssl
|
|
8
|
-
def self.info(uri, check_ciphers,
|
|
8
|
+
def self.info(uri, check_ciphers, tdes_session_count)
|
|
9
9
|
begin
|
|
10
10
|
socket = TCPSocket.new(uri.host, uri.port)
|
|
11
11
|
|
|
@@ -98,7 +98,7 @@ module Yawast
|
|
|
98
98
|
|
|
99
99
|
ssl.sysclose
|
|
100
100
|
|
|
101
|
-
|
|
101
|
+
get_tdes_session_msg_count(uri) if tdes_session_count
|
|
102
102
|
rescue => e
|
|
103
103
|
Yawast::Utilities.puts_error "SSL: Error Reading X509 Details: #{e.message}"
|
|
104
104
|
end
|
|
@@ -178,7 +178,7 @@ module Yawast
|
|
|
178
178
|
puts ''
|
|
179
179
|
end
|
|
180
180
|
|
|
181
|
-
def self.
|
|
181
|
+
def self.get_tdes_session_msg_count(uri)
|
|
182
182
|
# this method will send a number of HEAD requests to see
|
|
183
183
|
# if the connection is eventually killed.
|
|
184
184
|
puts 'TLS Session Request Limit: Checking number of requests accepted using 3DES suites...'
|
data/lib/scanner/ssl_labs.rb
CHANGED
|
@@ -6,7 +6,7 @@ require 'digest/sha1'
|
|
|
6
6
|
module Yawast
|
|
7
7
|
module Scanner
|
|
8
8
|
class SslLabs
|
|
9
|
-
def self.info(uri,
|
|
9
|
+
def self.info(uri, tdes_session_count)
|
|
10
10
|
puts 'Beginning SSL Labs scan (this could take a minute or two)'
|
|
11
11
|
|
|
12
12
|
api = Ssllabs::Api.new
|
|
@@ -51,7 +51,7 @@ module Yawast
|
|
|
51
51
|
Yawast::Utilities.puts_error "Error getting information for IP: #{ep.ip_address}: #{e.message}"
|
|
52
52
|
end
|
|
53
53
|
|
|
54
|
-
Yawast::Scanner::Ssl.
|
|
54
|
+
Yawast::Scanner::Ssl.get_tdes_session_msg_count(uri) if tdes_session_count
|
|
55
55
|
|
|
56
56
|
puts
|
|
57
57
|
end
|
data/lib/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yawast
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.0.
|
|
4
|
+
version: 0.3.0.beta2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Caudill
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-09-
|
|
11
|
+
date: 2016-09-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ssllabs
|