yawast 0.5.0.beta4 → 0.5.0.beta5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +1 -0
- data/lib/scanner/ssl.rb +21 -18
- data/lib/version.rb +1 -1
- data/yawast.gemspec +1 -0
- metadata +16 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 02aa0ad73bc9e34325a0989a0e9c30a28fe2e40a
|
|
4
|
+
data.tar.gz: 0391495210e5beeff8306ad8173730f707a4a607
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 32d58a74c90bab8977d103fb40a5dce202e2dd80c9a3d7bb9fb01b197944dcc9894fb8d6a2a3273952cb6398c1ab1ff8dbeb7fe167909cb6a65bb0bc3fac2903
|
|
7
|
+
data.tar.gz: 3fc7dad7e9bab7552f97f127aba85b468372f5fce27ed916db6f504b0b21d43b39ade769c547525d3fad5b8da8e768a247d59c7da757c9b627766fd4c42fbd57
|
data/CHANGELOG.md
CHANGED
|
@@ -11,6 +11,7 @@
|
|
|
11
11
|
* [#91](https://github.com/adamcaudill/yawast/issues/91) - Enhanced file search
|
|
12
12
|
* [#96](https://github.com/adamcaudill/yawast/issues/96) - Scan for known SRV DNS Records
|
|
13
13
|
* [#97](https://github.com/adamcaudill/yawast/issues/97) - Search for Common Subdomains
|
|
14
|
+
* [#102](https://github.com/adamcaudill/yawast/issues/102) - Use SSLShake to power cipher suite enumeration
|
|
14
15
|
* [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
|
|
15
16
|
* [#98](https://github.com/adamcaudill/yawast/issues/98) - Bug: SWEET32 Test Fails if 3DES Not Support By Latest Server Supported TLS Version
|
|
16
17
|
* [#99](https://github.com/adamcaudill/yawast/issues/99) - Bug: Cloudflare SWEET32 False Positive
|
data/lib/scanner/ssl.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'openssl'
|
|
2
2
|
require 'openssl-extensions/all'
|
|
3
3
|
require 'digest/sha1'
|
|
4
|
+
require 'sslshake'
|
|
4
5
|
|
|
5
6
|
module Yawast
|
|
6
7
|
module Scanner
|
|
@@ -119,7 +120,7 @@ module Yawast
|
|
|
119
120
|
end
|
|
120
121
|
|
|
121
122
|
def self.get_ciphers(uri)
|
|
122
|
-
puts 'Supported Ciphers
|
|
123
|
+
puts 'Supported Ciphers:'
|
|
123
124
|
|
|
124
125
|
dns = Resolv::DNS.new
|
|
125
126
|
|
|
@@ -129,27 +130,29 @@ module Yawast
|
|
|
129
130
|
ip = dns.getaddresses(uri.host)[0]
|
|
130
131
|
end
|
|
131
132
|
|
|
132
|
-
|
|
133
|
-
versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
|
|
133
|
+
protocols = %w(ssl2 ssl3 tls1.0 tls1.1 tls1.2)
|
|
134
134
|
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
135
|
+
protocols.each do |protocol|
|
|
136
|
+
case protocol
|
|
137
|
+
when 'ssl2'
|
|
138
|
+
ciphers = SSLShake::SSLv2::CIPHERS
|
|
139
|
+
when 'ssl3'
|
|
140
|
+
ciphers = SSLShake::TLS::SSL3_CIPHERS
|
|
141
|
+
else
|
|
142
|
+
ciphers = SSLShake::TLS::TLS_CIPHERS
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
puts "\tChecking for #{protocol} suites (#{ciphers.count} possible suites)"
|
|
140
146
|
|
|
141
|
-
|
|
147
|
+
ciphers.each_key do |cipher|
|
|
142
148
|
begin
|
|
143
|
-
|
|
144
|
-
rescue => e
|
|
145
|
-
Yawast::Utilities.puts_error "\tError getting cipher suites for #{version}, skipping. (#{e.message})"
|
|
146
|
-
get_ciphers_failed = true
|
|
147
|
-
end
|
|
149
|
+
res = SSLShake.hello(ip.to_s, port: uri.port, protocol: protocol, ciphers: cipher, servername: uri.host)
|
|
148
150
|
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
151
|
+
if res['error'] == nil
|
|
152
|
+
Yawast::Utilities.puts_info "\t\tCipher: #{res['cipher_suite']}"
|
|
153
|
+
end
|
|
154
|
+
rescue => e
|
|
155
|
+
Yawast::Utilities.puts_error "SSL: Error Reading Cipher Details: #{e.message}"
|
|
153
156
|
end
|
|
154
157
|
end
|
|
155
158
|
end
|
data/lib/version.rb
CHANGED
data/yawast.gemspec
CHANGED
|
@@ -21,6 +21,7 @@ Gem::Specification.new do |s|
|
|
|
21
21
|
s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
|
|
22
22
|
s.add_runtime_dependency 'ipaddress', '~> 0.8'
|
|
23
23
|
s.add_runtime_dependency 'public_suffix', '~> 2.0'
|
|
24
|
+
s.add_runtime_dependency 'sslshake', '~> 1.1'
|
|
24
25
|
|
|
25
26
|
s.bindir = 'bin'
|
|
26
27
|
s.files = `git ls-files`.split("\n")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: yawast
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.5.0.
|
|
4
|
+
version: 0.5.0.beta5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Adam Caudill
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-03
|
|
11
|
+
date: 2017-04-03 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: ssllabs
|
|
@@ -122,6 +122,20 @@ dependencies:
|
|
|
122
122
|
- - "~>"
|
|
123
123
|
- !ruby/object:Gem::Version
|
|
124
124
|
version: '2.0'
|
|
125
|
+
- !ruby/object:Gem::Dependency
|
|
126
|
+
name: sslshake
|
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
|
128
|
+
requirements:
|
|
129
|
+
- - "~>"
|
|
130
|
+
- !ruby/object:Gem::Version
|
|
131
|
+
version: '1.1'
|
|
132
|
+
type: :runtime
|
|
133
|
+
prerelease: false
|
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
135
|
+
requirements:
|
|
136
|
+
- - "~>"
|
|
137
|
+
- !ruby/object:Gem::Version
|
|
138
|
+
version: '1.1'
|
|
125
139
|
description: YAWAST is an application meant to simplify initial analysis and information
|
|
126
140
|
gathering for penetration testers and security auditors.
|
|
127
141
|
email: adam@adamcaudill.com
|