yawast 0.5.0.beta4 → 0.5.0.beta5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 400253733c35a69633bfa93c996cd7eb2fed21b5
4
- data.tar.gz: 453abac414cc6af0f4efb1b952189a1457887e33
3
+ metadata.gz: 02aa0ad73bc9e34325a0989a0e9c30a28fe2e40a
4
+ data.tar.gz: 0391495210e5beeff8306ad8173730f707a4a607
5
5
  SHA512:
6
- metadata.gz: 899b87c5677b6fbf4bcd6fde0d6249064a0844c11a4a53f7567da47cb08aec289dcdaa7ca525a544cced1249b7c7e584a4c0f632e716351a1c364d6489bc0626
7
- data.tar.gz: 83b67f387e7364708c1b49f7f6c7d900466f6e438ae6b14ae5a223d57dcb737f6874dd9e16c1183cc60958a43fa20dbc6689b4549c75b23634c21d116c1f2b6a
6
+ metadata.gz: 32d58a74c90bab8977d103fb40a5dce202e2dd80c9a3d7bb9fb01b197944dcc9894fb8d6a2a3273952cb6398c1ab1ff8dbeb7fe167909cb6a65bb0bc3fac2903
7
+ data.tar.gz: 3fc7dad7e9bab7552f97f127aba85b468372f5fce27ed916db6f504b0b21d43b39ade769c547525d3fad5b8da8e768a247d59c7da757c9b627766fd4c42fbd57
data/CHANGELOG.md CHANGED
@@ -11,6 +11,7 @@
11
11
  * [#91](https://github.com/adamcaudill/yawast/issues/91) - Enhanced file search
12
12
  * [#96](https://github.com/adamcaudill/yawast/issues/96) - Scan for known SRV DNS Records
13
13
  * [#97](https://github.com/adamcaudill/yawast/issues/97) - Search for Common Subdomains
14
+ * [#102](https://github.com/adamcaudill/yawast/issues/102) - Use SSLShake to power cipher suite enumeration
14
15
  * [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
15
16
  * [#98](https://github.com/adamcaudill/yawast/issues/98) - Bug: SWEET32 Test Fails if 3DES Not Support By Latest Server Supported TLS Version
16
17
  * [#99](https://github.com/adamcaudill/yawast/issues/99) - Bug: Cloudflare SWEET32 False Positive
data/lib/scanner/ssl.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  require 'openssl'
2
2
  require 'openssl-extensions/all'
3
3
  require 'digest/sha1'
4
+ require 'sslshake'
4
5
 
5
6
  module Yawast
6
7
  module Scanner
@@ -119,7 +120,7 @@ module Yawast
119
120
  end
120
121
 
121
122
  def self.get_ciphers(uri)
122
- puts 'Supported Ciphers (based on your OpenSSL version):'
123
+ puts 'Supported Ciphers:'
123
124
 
124
125
  dns = Resolv::DNS.new
125
126
 
@@ -129,27 +130,29 @@ module Yawast
129
130
  ip = dns.getaddresses(uri.host)[0]
130
131
  end
131
132
 
132
- #find all versions that don't include '_server' or '_client'
133
- versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
133
+ protocols = %w(ssl2 ssl3 tls1.0 tls1.1 tls1.2)
134
134
 
135
- versions.each do |version|
136
- #ignore SSLv23, as it's an auto-negotiate, which just adds noise
137
- if version.to_s != 'SSLv23'
138
- #try to get the list of ciphers supported for each version
139
- ciphers = nil
135
+ protocols.each do |protocol|
136
+ case protocol
137
+ when 'ssl2'
138
+ ciphers = SSLShake::SSLv2::CIPHERS
139
+ when 'ssl3'
140
+ ciphers = SSLShake::TLS::SSL3_CIPHERS
141
+ else
142
+ ciphers = SSLShake::TLS::TLS_CIPHERS
143
+ end
144
+
145
+ puts "\tChecking for #{protocol} suites (#{ciphers.count} possible suites)"
140
146
 
141
- get_ciphers_failed = false
147
+ ciphers.each_key do |cipher|
142
148
  begin
143
- ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
144
- rescue => e
145
- Yawast::Utilities.puts_error "\tError getting cipher suites for #{version}, skipping. (#{e.message})"
146
- get_ciphers_failed = true
147
- end
149
+ res = SSLShake.hello(ip.to_s, port: uri.port, protocol: protocol, ciphers: cipher, servername: uri.host)
148
150
 
149
- if ciphers != nil
150
- check_version_suites uri, ip, ciphers, version
151
- elsif !get_ciphers_failed
152
- Yawast::Utilities.puts_info "\t#{version}: No cipher suites available."
151
+ if res['error'] == nil
152
+ Yawast::Utilities.puts_info "\t\tCipher: #{res['cipher_suite']}"
153
+ end
154
+ rescue => e
155
+ Yawast::Utilities.puts_error "SSL: Error Reading Cipher Details: #{e.message}"
153
156
  end
154
157
  end
155
158
  end
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Yawast
2
- VERSION = '0.5.0.beta4'
2
+ VERSION = '0.5.0.beta5'
3
3
  end
data/yawast.gemspec CHANGED
@@ -21,6 +21,7 @@ Gem::Specification.new do |s|
21
21
  s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
22
22
  s.add_runtime_dependency 'ipaddress', '~> 0.8'
23
23
  s.add_runtime_dependency 'public_suffix', '~> 2.0'
24
+ s.add_runtime_dependency 'sslshake', '~> 1.1'
24
25
 
25
26
  s.bindir = 'bin'
26
27
  s.files = `git ls-files`.split("\n")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0.beta4
4
+ version: 0.5.0.beta5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-15 00:00:00.000000000 Z
11
+ date: 2017-04-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ssllabs
@@ -122,6 +122,20 @@ dependencies:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
124
  version: '2.0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: sslshake
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '1.1'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '1.1'
125
139
  description: YAWAST is an application meant to simplify initial analysis and information
126
140
  gathering for penetration testers and security auditors.
127
141
  email: adam@adamcaudill.com