RubyGems - yawast - Versions diffs - 0.4.0 → 0.5.0.beta1 - Mend

yawast 0.4.0 → 0.5.0.beta1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 809632f522dd6924e8a196bb130e59e0ed98b967
-  data.tar.gz: 0dc7cdaef9e64ad07f00c5c603023db597e5f78c
+  metadata.gz: 65106d07977f1c60a5f68f2506cfe81746c22c13
+  data.tar.gz: 6997ee2700653653651dd21a421d95cf0873a8a6
 SHA512:
-  metadata.gz: 03a5b6771a87ed689a15f7fd2bae9c8c42f59dcc9cbe36c24611709c002c376864e4604e028272b3cccc38d2f24901bf4101c92e038b8681c3b410e20df72732
-  data.tar.gz: 0f922b7836655decc4cc252f79c4c60cac0d0a02a87a9d0b6ad624d243d4d02cfaf35d70cbfb0b5926bc6dd16d2673db8a9de0e052f576135d083cf1862d34ad
+  metadata.gz: 043435f7f05f23da628a61ad534110f2c2abf9bc0e94d562905614cb19add99cd2c528fc8e3079c4ea68ed01f80a9700cf79de5c76f9c1df5faabc812f371300
+  data.tar.gz: 916d107d840cfc78635193f88ca604588669f3b22706a5b4389e4932eef9f032dfa47b8b01ea98f18e4eab79234f3dfc72c5e2b2726f2feda2731059c49eb091

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,8 @@
+## 0.5.0 - In Development
+* [#75](https://github.com/adamcaudill/yawast/issues/75) - Use internal SSL scanner for non-standard ports
+* [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
 ## 0.4.0 - 2016-11-03
 * [#66](https://github.com/adamcaudill/yawast/issues/66) - Thread directory search for better performance

data/lib/scanner/core.rb CHANGED Viewed

@@ -36,7 +36,7 @@ module Yawast
           Yawast::Shared::Http.setup(options.proxy, options.cookie)
           #cache the HEAD result, so that we can minimize hits
-          head = Yawast::Shared::Http.head(@uri)
+          head = get_head
           Yawast::Scanner::Generic.head_info(head, @uri)
           #perfom SSL checks
@@ -101,10 +101,10 @@ module Yawast
         setup(uri, options)
         if @uri.scheme == 'https' && !options.nossl
-          head = Yawast::Shared::Http.head(@uri) if head == nil
+          head = get_head if head == nil
-          if options.internalssl || IPAddress.valid?(uri.host)
-            Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
+          if options.internalssl || IPAddress.valid?(@uri.host) || @uri.port != 443
+            Yawast::Scanner::Ssl.info(@uri, !options.nociphers, options.tdessessioncount)
           else
             Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
           end
@@ -114,6 +114,15 @@ module Yawast
           puts 'Skipping TLS checks; URL is not HTTPS'
         end
       end
+      def self.get_head()
+        begin
+          Yawast::Shared::Http.head(@uri)
+        rescue => e
+          Yawast::Utilities.puts_error "Fatal Connection Error (#{e.class}: #{e.message})"
+          exit 1
+        end
+      end
     end
   end
 end

data/lib/scanner/ssl.rb CHANGED Viewed

@@ -121,44 +121,17 @@ module Yawast
         versions.each do |version|
           #ignore SSLv23, as it's an auto-negotiate, which just adds noise
           if version.to_s != 'SSLv23'
-            ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
-            puts "\tChecking for #{version.to_s} suites (#{ciphers.count} possible suites)"
-            ciphers.each do |cipher|
-              #try to connect and see what happens
-              begin
-                socket = TCPSocket.new(ip.to_s, uri.port)
-                context = OpenSSL::SSL::SSLContext.new(version)
-                context.ciphers = cipher[0]
-                ssl = OpenSSL::SSL::SSLSocket.new(socket, context)
-                ssl.hostname = uri.host
-                ssl.connect
-                if cipher[2] < 112 || cipher[0].include?('RC4')
-                  #less than 112 bits or RC4, flag as a vuln
-                  Yawast::Utilities.puts_vuln "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
-                elsif cipher[2] >= 128
-                  #secure, probably safe
-                  Yawast::Utilities.puts_info "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
-                else
-                  #weak, but not "omg!" weak.
-                  Yawast::Utilities.puts_warn "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
-                end
+            #try to get the list of ciphers supported for each version
+            ciphers = nil
-                ssl.sysclose
-              rescue OpenSSL::SSL::SSLError => e
-                unless e.message.include?('alert handshake failure') ||
-                    e.message.include?('no ciphers available') ||
-                    e.message.include?('wrong version number') ||
-                    e.message.include?('alert protocol version')
-                  Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
-                end
-              rescue => e
-                Yawast::Utilities.puts_error "\t\tVersion: #{''.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(#{e.message})"
-              ensure
-                ssl.sysclose unless ssl == nil
-              end
+            begin
+              ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
+            rescue => e
+              Yawast::Utilities.puts_error "\tError getting cipher suites for #{version.to_s}, skipping. (#{e.message})"
+            end
+            if ciphers != nil
+              check_version_suites uri, ip, ciphers, version
             end
           end
         end
@@ -166,6 +139,47 @@ module Yawast
         puts ''
       end
+      def self.check_version_suites(uri, ip, ciphers, version)
+        puts "\tChecking for #{version.to_s} suites (#{ciphers.count} possible suites)"
+        ciphers.each do |cipher|
+          #try to connect and see what happens
+          begin
+            socket = TCPSocket.new(ip.to_s, uri.port)
+            context = OpenSSL::SSL::SSLContext.new(version)
+            context.ciphers = cipher[0]
+            ssl = OpenSSL::SSL::SSLSocket.new(socket, context)
+            ssl.hostname = uri.host
+            ssl.connect
+            if cipher[2] < 112 || cipher[0].include?('RC4')
+              #less than 112 bits or RC4, flag as a vuln
+              Yawast::Utilities.puts_vuln "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
+            elsif cipher[2] >= 128
+              #secure, probably safe
+              Yawast::Utilities.puts_info "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
+            else
+              #weak, but not "omg!" weak.
+              Yawast::Utilities.puts_warn "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
+            end
+            ssl.sysclose
+          rescue OpenSSL::SSL::SSLError => e
+            unless e.message.include?('alert handshake failure') ||
+                e.message.include?('no ciphers available') ||
+                e.message.include?('wrong version number') ||
+                e.message.include?('alert protocol version')
+              Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
+            end
+          rescue => e
+            Yawast::Utilities.puts_error "\t\tVersion: #{''.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(#{e.message})"
+          ensure
+            ssl.sysclose unless ssl == nil
+          end
+        end
+      end
       def self.check_hsts(head)
         found = ''

data/lib/scanner/ssl_labs.rb CHANGED Viewed

@@ -10,15 +10,15 @@ module Yawast
       def self.info(uri, tdes_session_count)
         puts 'Beginning SSL Labs scan (this could take a minute or two)'
-        api = Ssllabs::Api.new
+        begin
+          api = Ssllabs::Api.new
-        info = api.info
+          info = api.info
-        info.messages.each do |msg|
-          puts "[SSL Labs] #{msg}"
-        end
+          info.messages.each do |msg|
+            puts "[SSL Labs] #{msg}"
+          end
-        begin
           api.analyse(host: uri.host, publish: 'off', startNew: 'on', all: 'done', ignoreMismatch: 'on')
           status = ''

data/lib/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Yawast
-  VERSION = '0.4.0'
+  VERSION = '0.5.0.beta1'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: yawast
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.5.0.beta1
 platform: ruby
 authors:
 - Adam Caudill
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-11-03 00:00:00.000000000 Z
+date: 2016-12-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ssllabs
@@ -190,9 +190,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: yawast
 rubygems_version: 2.6.6