yawast 0.4.0 → 0.5.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 809632f522dd6924e8a196bb130e59e0ed98b967
-  data.tar.gz: 0dc7cdaef9e64ad07f00c5c603023db597e5f78c
+  metadata.gz: 65106d07977f1c60a5f68f2506cfe81746c22c13
+  data.tar.gz: 6997ee2700653653651dd21a421d95cf0873a8a6
 SHA512:
-  metadata.gz: 03a5b6771a87ed689a15f7fd2bae9c8c42f59dcc9cbe36c24611709c002c376864e4604e028272b3cccc38d2f24901bf4101c92e038b8681c3b410e20df72732
-  data.tar.gz: 0f922b7836655decc4cc252f79c4c60cac0d0a02a87a9d0b6ad624d243d4d02cfaf35d70cbfb0b5926bc6dd16d2673db8a9de0e052f576135d083cf1862d34ad
+  metadata.gz: 043435f7f05f23da628a61ad534110f2c2abf9bc0e94d562905614cb19add99cd2c528fc8e3079c4ea68ed01f80a9700cf79de5c76f9c1df5faabc812f371300
+  data.tar.gz: 916d107d840cfc78635193f88ca604588669f3b22706a5b4389e4932eef9f032dfa47b8b01ea98f18e4eab79234f3dfc72c5e2b2726f2feda2731059c49eb091

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 0.5.0 - In Development
+
+* [#75](https://github.com/adamcaudill/yawast/issues/75) - Use internal SSL scanner for non-standard ports
+* [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
+
 ## 0.4.0 - 2016-11-03
 
 * [#66](https://github.com/adamcaudill/yawast/issues/66) - Thread directory search for better performance

data/lib/scanner/core.rb

@@ -36,7 +36,7 @@ module Yawast
           Yawast::Shared::Http.setup(options.proxy, options.cookie)
 
           #cache the HEAD result, so that we can minimize hits
-          head = Yawast::Shared::Http.head(@uri)
+          head = get_head
           Yawast::Scanner::Generic.head_info(head, @uri)
 
           #perfom SSL checks
@@ -101,10 +101,10 @@ module Yawast
         setup(uri, options)
 
         if @uri.scheme == 'https' && !options.nossl
-          head = Yawast::Shared::Http.head(@uri) if head == nil
+          head = get_head if head == nil
 
-          if options.internalssl || IPAddress.valid?(uri.host)
-            Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
+          if options.internalssl || IPAddress.valid?(@uri.host) || @uri.port != 443
+            Yawast::Scanner::Ssl.info(@uri, !options.nociphers, options.tdessessioncount)
           else
             Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
           end
@@ -114,6 +114,15 @@ module Yawast
           puts 'Skipping TLS checks; URL is not HTTPS'
         end
       end
+
+      def self.get_head()
+        begin
+          Yawast::Shared::Http.head(@uri)
+        rescue => e
+          Yawast::Utilities.puts_error "Fatal Connection Error (#{e.class}: #{e.message})"
+          exit 1
+        end
+      end
     end
   end
 end

data/lib/scanner/ssl.rb

@@ -121,44 +121,17 @@ module Yawast
         versions.each do |version|
           #ignore SSLv23, as it's an auto-negotiate, which just adds noise
           if version.to_s != 'SSLv23'
-            ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
-            puts "\tChecking for #{version.to_s} suites (#{ciphers.count} possible suites)"
-
-            ciphers.each do |cipher|
-              #try to connect and see what happens
-              begin
-                socket = TCPSocket.new(ip.to_s, uri.port)
-                context = OpenSSL::SSL::SSLContext.new(version)
-                context.ciphers = cipher[0]
-                ssl = OpenSSL::SSL::SSLSocket.new(socket, context)
-                ssl.hostname = uri.host
-
-                ssl.connect
-
-                if cipher[2] < 112 || cipher[0].include?('RC4')
-                  #less than 112 bits or RC4, flag as a vuln
-                  Yawast::Utilities.puts_vuln "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
-                elsif cipher[2] >= 128
-                  #secure, probably safe
-                  Yawast::Utilities.puts_info "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
-                else
-                  #weak, but not "omg!" weak.
-                  Yawast::Utilities.puts_warn "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
-                end
+            #try to get the list of ciphers supported for each version
+            ciphers = nil
 
-                ssl.sysclose
-              rescue OpenSSL::SSL::SSLError => e
-                unless e.message.include?('alert handshake failure') ||
-                    e.message.include?('no ciphers available') ||
-                    e.message.include?('wrong version number') ||
-                    e.message.include?('alert protocol version')
-                  Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
-                end
-              rescue => e
-                Yawast::Utilities.puts_error "\t\tVersion: #{''.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(#{e.message})"
-              ensure
-                ssl.sysclose unless ssl == nil
-              end
+            begin
+              ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
+            rescue => e
+              Yawast::Utilities.puts_error "\tError getting cipher suites for #{version.to_s}, skipping. (#{e.message})"
+            end
+
+            if ciphers != nil
+              check_version_suites uri, ip, ciphers, version
             end
           end
         end
@@ -166,6 +139,47 @@ module Yawast
         puts ''
       end
 
+      def self.check_version_suites(uri, ip, ciphers, version)
+        puts "\tChecking for #{version.to_s} suites (#{ciphers.count} possible suites)"
+
+        ciphers.each do |cipher|
+          #try to connect and see what happens
+          begin
+            socket = TCPSocket.new(ip.to_s, uri.port)
+            context = OpenSSL::SSL::SSLContext.new(version)
+            context.ciphers = cipher[0]
+            ssl = OpenSSL::SSL::SSLSocket.new(socket, context)
+            ssl.hostname = uri.host
+
+            ssl.connect
+
+            if cipher[2] < 112 || cipher[0].include?('RC4')
+              #less than 112 bits or RC4, flag as a vuln
+              Yawast::Utilities.puts_vuln "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
+            elsif cipher[2] >= 128
+              #secure, probably safe
+              Yawast::Utilities.puts_info "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
+            else
+              #weak, but not "omg!" weak.
+              Yawast::Utilities.puts_warn "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
+            end
+
+            ssl.sysclose
+          rescue OpenSSL::SSL::SSLError => e
+            unless e.message.include?('alert handshake failure') ||
+                e.message.include?('no ciphers available') ||
+                e.message.include?('wrong version number') ||
+                e.message.include?('alert protocol version')
+              Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
+            end
+          rescue => e
+            Yawast::Utilities.puts_error "\t\tVersion: #{''.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(#{e.message})"
+          ensure
+            ssl.sysclose unless ssl == nil
+          end
+        end
+      end
+
       def self.check_hsts(head)
         found = ''
 

data/lib/scanner/ssl_labs.rb

@@ -10,15 +10,15 @@ module Yawast
       def self.info(uri, tdes_session_count)
         puts 'Beginning SSL Labs scan (this could take a minute or two)'
 
-        api = Ssllabs::Api.new
+        begin
+          api = Ssllabs::Api.new
 
-        info = api.info
+          info = api.info
 
-        info.messages.each do |msg|
-          puts "[SSL Labs] #{msg}"
-        end
+          info.messages.each do |msg|
+            puts "[SSL Labs] #{msg}"
+          end
 
-        begin
           api.analyse(host: uri.host, publish: 'off', startNew: 'on', all: 'done', ignoreMismatch: 'on')
 
           status = ''

data/lib/version.rb

@@ -1,3 +1,3 @@
 module Yawast
-  VERSION = '0.4.0'
+  VERSION = '0.5.0.beta1'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0.beta1
 platform: ruby
 authors:
 - Adam Caudill
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-03 00:00:00.000000000 Z
+date: 2016-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ssllabs
@@ -190,9 +190,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: yawast
 rubygems_version: 2.6.6