yawast 0.5.0.beta4 → 0.5.0.beta5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1 -0
- data/lib/scanner/ssl.rb +21 -18
- data/lib/version.rb +1 -1
- data/yawast.gemspec +1 -0
- metadata +16 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 02aa0ad73bc9e34325a0989a0e9c30a28fe2e40a
|
4
|
+
data.tar.gz: 0391495210e5beeff8306ad8173730f707a4a607
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 32d58a74c90bab8977d103fb40a5dce202e2dd80c9a3d7bb9fb01b197944dcc9894fb8d6a2a3273952cb6398c1ab1ff8dbeb7fe167909cb6a65bb0bc3fac2903
|
7
|
+
data.tar.gz: 3fc7dad7e9bab7552f97f127aba85b468372f5fce27ed916db6f504b0b21d43b39ade769c547525d3fad5b8da8e768a247d59c7da757c9b627766fd4c42fbd57
|
data/CHANGELOG.md
CHANGED
@@ -11,6 +11,7 @@
|
|
11
11
|
* [#91](https://github.com/adamcaudill/yawast/issues/91) - Enhanced file search
|
12
12
|
* [#96](https://github.com/adamcaudill/yawast/issues/96) - Scan for known SRV DNS Records
|
13
13
|
* [#97](https://github.com/adamcaudill/yawast/issues/97) - Search for Common Subdomains
|
14
|
+
* [#102](https://github.com/adamcaudill/yawast/issues/102) - Use SSLShake to power cipher suite enumeration
|
14
15
|
* [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
|
15
16
|
* [#98](https://github.com/adamcaudill/yawast/issues/98) - Bug: SWEET32 Test Fails if 3DES Not Support By Latest Server Supported TLS Version
|
16
17
|
* [#99](https://github.com/adamcaudill/yawast/issues/99) - Bug: Cloudflare SWEET32 False Positive
|
data/lib/scanner/ssl.rb
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
require 'openssl'
|
2
2
|
require 'openssl-extensions/all'
|
3
3
|
require 'digest/sha1'
|
4
|
+
require 'sslshake'
|
4
5
|
|
5
6
|
module Yawast
|
6
7
|
module Scanner
|
@@ -119,7 +120,7 @@ module Yawast
|
|
119
120
|
end
|
120
121
|
|
121
122
|
def self.get_ciphers(uri)
|
122
|
-
puts 'Supported Ciphers
|
123
|
+
puts 'Supported Ciphers:'
|
123
124
|
|
124
125
|
dns = Resolv::DNS.new
|
125
126
|
|
@@ -129,27 +130,29 @@ module Yawast
|
|
129
130
|
ip = dns.getaddresses(uri.host)[0]
|
130
131
|
end
|
131
132
|
|
132
|
-
|
133
|
-
versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
|
133
|
+
protocols = %w(ssl2 ssl3 tls1.0 tls1.1 tls1.2)
|
134
134
|
|
135
|
-
|
136
|
-
|
137
|
-
|
138
|
-
|
139
|
-
|
135
|
+
protocols.each do |protocol|
|
136
|
+
case protocol
|
137
|
+
when 'ssl2'
|
138
|
+
ciphers = SSLShake::SSLv2::CIPHERS
|
139
|
+
when 'ssl3'
|
140
|
+
ciphers = SSLShake::TLS::SSL3_CIPHERS
|
141
|
+
else
|
142
|
+
ciphers = SSLShake::TLS::TLS_CIPHERS
|
143
|
+
end
|
144
|
+
|
145
|
+
puts "\tChecking for #{protocol} suites (#{ciphers.count} possible suites)"
|
140
146
|
|
141
|
-
|
147
|
+
ciphers.each_key do |cipher|
|
142
148
|
begin
|
143
|
-
|
144
|
-
rescue => e
|
145
|
-
Yawast::Utilities.puts_error "\tError getting cipher suites for #{version}, skipping. (#{e.message})"
|
146
|
-
get_ciphers_failed = true
|
147
|
-
end
|
149
|
+
res = SSLShake.hello(ip.to_s, port: uri.port, protocol: protocol, ciphers: cipher, servername: uri.host)
|
148
150
|
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
151
|
+
if res['error'] == nil
|
152
|
+
Yawast::Utilities.puts_info "\t\tCipher: #{res['cipher_suite']}"
|
153
|
+
end
|
154
|
+
rescue => e
|
155
|
+
Yawast::Utilities.puts_error "SSL: Error Reading Cipher Details: #{e.message}"
|
153
156
|
end
|
154
157
|
end
|
155
158
|
end
|
data/lib/version.rb
CHANGED
data/yawast.gemspec
CHANGED
@@ -21,6 +21,7 @@ Gem::Specification.new do |s|
|
|
21
21
|
s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
|
22
22
|
s.add_runtime_dependency 'ipaddress', '~> 0.8'
|
23
23
|
s.add_runtime_dependency 'public_suffix', '~> 2.0'
|
24
|
+
s.add_runtime_dependency 'sslshake', '~> 1.1'
|
24
25
|
|
25
26
|
s.bindir = 'bin'
|
26
27
|
s.files = `git ls-files`.split("\n")
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: yawast
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.0.
|
4
|
+
version: 0.5.0.beta5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Adam Caudill
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-03
|
11
|
+
date: 2017-04-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ssllabs
|
@@ -122,6 +122,20 @@ dependencies:
|
|
122
122
|
- - "~>"
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '2.0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: sslshake
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '1.1'
|
132
|
+
type: :runtime
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '1.1'
|
125
139
|
description: YAWAST is an application meant to simplify initial analysis and information
|
126
140
|
gathering for penetration testers and security auditors.
|
127
141
|
email: adam@adamcaudill.com
|