yawast 0.7.0.beta1 → 0.7.0.beta2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (50) hide show
  1. checksums.yaml +4 -4
  2. data/.rubocop.yml +12 -0
  3. data/CHANGELOG.md +5 -1
  4. data/Gemfile +2 -2
  5. data/README.md +8 -1
  6. data/Rakefile +1 -1
  7. data/bin/yawast +8 -0
  8. data/lib/commands/cms.rb +2 -0
  9. data/lib/commands/dns.rb +3 -3
  10. data/lib/commands/head.rb +2 -0
  11. data/lib/commands/scan.rb +2 -0
  12. data/lib/commands/ssl.rb +2 -0
  13. data/lib/commands/utils.rb +5 -3
  14. data/lib/scanner/core.rb +34 -26
  15. data/lib/scanner/generic.rb +33 -130
  16. data/lib/scanner/plugins/applications/cms/generic.rb +20 -0
  17. data/lib/scanner/plugins/applications/generic/password_reset.rb +180 -0
  18. data/lib/scanner/plugins/dns/caa.rb +30 -12
  19. data/lib/scanner/plugins/dns/generic.rb +38 -1
  20. data/lib/scanner/plugins/http/directory_search.rb +14 -12
  21. data/lib/scanner/plugins/http/file_presence.rb +21 -13
  22. data/lib/scanner/plugins/http/generic.rb +95 -0
  23. data/lib/scanner/plugins/servers/apache.rb +23 -23
  24. data/lib/scanner/plugins/servers/generic.rb +25 -0
  25. data/lib/scanner/plugins/servers/iis.rb +6 -6
  26. data/lib/scanner/plugins/servers/nginx.rb +3 -1
  27. data/lib/scanner/plugins/servers/python.rb +3 -1
  28. data/lib/scanner/plugins/spider/spider.rb +7 -7
  29. data/lib/scanner/plugins/ssl/ssl.rb +14 -14
  30. data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +14 -13
  31. data/lib/scanner/plugins/ssl/ssl_labs/info.rb +6 -4
  32. data/lib/scanner/plugins/ssl/sweet32.rb +68 -63
  33. data/lib/scanner/ssl.rb +33 -36
  34. data/lib/scanner/ssl_labs.rb +373 -110
  35. data/lib/scanner/vuln_scan.rb +27 -0
  36. data/lib/shared/http.rb +31 -27
  37. data/lib/shared/output.rb +7 -15
  38. data/lib/shared/uri.rb +14 -14
  39. data/lib/string_ext.rb +10 -4
  40. data/lib/uri_ext.rb +1 -1
  41. data/lib/util.rb +28 -0
  42. data/lib/version.rb +3 -1
  43. data/lib/yawast.rb +12 -2
  44. data/test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json +1933 -0
  45. data/test/test_scan_cms.rb +2 -2
  46. data/test/test_ssl_labs_analyze.rb +15 -0
  47. data/yawast.gemspec +8 -5
  48. metadata +75 -28
  49. data/lib/scanner/cms.rb +0 -14
  50. data/lib/scanner/php.rb +0 -19
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'nokogiri'
2
4
 
3
5
  module Yawast
@@ -19,14 +21,14 @@ module Yawast
19
21
  results = Thread.new do
20
22
  begin
21
23
  while true
22
- if @results.length > 0
24
+ if @results.length.positive?
23
25
  out = @results.pop(true)
24
26
  Yawast::Utilities.puts_info out
25
27
  Yawast::Shared::Output.log_append_value 'spider', 'get', out
26
28
  end
27
29
  end
28
- rescue ThreadError
29
- #do nothing
30
+ rescue ThreadError # rubocop:disable Lint/HandleExceptions
31
+ # do nothing
30
32
  end
31
33
  end
32
34
 
@@ -49,11 +51,9 @@ module Yawast
49
51
  # check to see if we've already seen this one
50
52
  unless @links.include? link.to_s
51
53
  @links.push link.to_s
52
- @results.push "#{link.to_s}"
54
+ @results.push link.to_s
53
55
 
54
- @workers.push Thread.new {
55
- get_links URI.parse(link)
56
- }
56
+ @workers.push(Thread.new {get_links URI.parse(link)})
57
57
  end
58
58
  end
59
59
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Scanner
3
5
  module Plugins
@@ -23,9 +25,7 @@ module Yawast
23
25
  found = ''
24
26
 
25
27
  head.each do |k, v|
26
- if k.downcase.include? 'strict-transport-security'
27
- found = "#{k}: #{v}"
28
- end
28
+ found = "#{k}: #{v}" if k.downcase.include? 'strict-transport-security'
29
29
  end
30
30
 
31
31
  if found == ''
@@ -39,14 +39,14 @@ module Yawast
39
39
  begin
40
40
  info = Yawast::Shared::Http.get_json URI("https://hstspreload.com/api/v1/status/#{uri.host}")
41
41
 
42
- chrome = info['chrome'] != nil
43
- firefox = info['firefox'] != nil
44
- tor = info['tor'] != nil
42
+ chrome = !info['chrome'].nil?
43
+ firefox = !info['firefox'].nil?
44
+ tor = !info['tor'].nil?
45
45
 
46
46
  Yawast::Utilities.puts_info "HSTS Preload: Chrome - #{chrome}; Firefox - #{firefox}; Tor - #{tor}"
47
- rescue => e
47
+ rescue => e # rubocop:disable Style/RescueStandardError
48
48
  if e.message.include? 'unexpected token'
49
- #this means we have a parsing error - don't need to include the entire message
49
+ # this means we have a parsing error - don't need to include the entire message
50
50
  Yawast::Utilities.puts_error "Error getting HSTS preload information: #{e.message.truncate(30)}"
51
51
  else
52
52
  Yawast::Utilities.puts_error "Error getting HSTS preload information: #{e.message}"
@@ -67,7 +67,7 @@ module Yawast
67
67
  if uri.scheme != 'https'
68
68
  head = Yawast::Shared::Http.head(uri)
69
69
 
70
- if head['Location'] != nil
70
+ unless head['Location'].nil?
71
71
  begin
72
72
  location = URI.parse(head['Location'])
73
73
 
@@ -75,13 +75,13 @@ module Yawast
75
75
  # we run this through extract_uri as it performs a few checks we need
76
76
  return Yawast::Shared::Uri.extract_uri location.to_s
77
77
  end
78
- rescue
78
+ rescue # rubocop:disable Style/RescueStandardError, Lint/HandleExceptions
79
79
  # we don't care if this fails
80
80
  end
81
81
  end
82
82
  end
83
83
 
84
- return nil
84
+ nil
85
85
  end
86
86
 
87
87
  def self.ssl_connection_info(uri)
@@ -107,13 +107,13 @@ module Yawast
107
107
 
108
108
  puts
109
109
  end
110
- rescue => e
110
+ rescue => e # rubocop:disable Style/RescueStandardError
111
111
  Yawast::Utilities.puts_error "SSL Information: Error Getting Details: #{e.message}"
112
112
  end
113
113
  end
114
114
 
115
115
  def self.check_symantec_root(hash)
116
- roots = ['08297a4047dba23680c731db6e317653ca7848e1bebd3a0b0179a707f92cf178',
116
+ roots = ['08297a4047dba23680c731db6e317653ca7848e1bebd3a0b0179a707f92cf178', # rubocop:disable Style/WordArray
117
117
  '2399561127a57125de8cefea610ddf2fa078b5c8067f4e828290bfb860e84b3c',
118
118
  '2834991cf677466d22baac3b0055e5b911d9a9e55f5b85ba02dc566782c30e8a',
119
119
  '2930bd09a07126bdc17288d4f2ad84645ec948607907a97b5ed0b0b05879ef69',
@@ -171,7 +171,7 @@ module Yawast
171
171
  'f59db3f45d57fcec94ccd516e6c8ccb20dd4363feb2c44d8656e95f50fdd8df8',
172
172
  'fe863d0822fe7a2353fa484d5924e875656d3dc9fb58771f6f616f9d571bc592',
173
173
  'ff856a2d251dcd88d36656f450126798cfabaade40799c722de4d2b5db36a73a']
174
- return roots.include? hash
174
+ roots.include? hash
175
175
  end
176
176
  end
177
177
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'json'
2
4
 
3
5
  module Yawast
@@ -17,27 +19,26 @@ module Yawast
17
19
  uri = endpoint.copy
18
20
  uri.path = '/api/v3/analyze'
19
21
 
20
- if start_new
21
- uri.query = "host=#{target}&publish=off&startNew=on&all=done&ignoreMismatch=on"
22
- else
23
- uri.query = "host=#{target}&publish=off&all=done&ignoreMismatch=on"
24
- end
22
+ uri.query = if start_new
23
+ "host=#{target}&publish=off&startNew=on&all=done&ignoreMismatch=on"
24
+ else
25
+ "host=#{target}&publish=off&all=done&ignoreMismatch=on"
26
+ end
25
27
 
26
28
  req = Yawast::Shared::Http.get_http(uri)
27
29
  req.use_ssl = uri.scheme == 'https'
28
- res = req.request_get(uri, { 'User-Agent' => "YAWAST/#{Yawast::VERSION}" })
30
+ res = req.request_get(uri, {'User-Agent' => "YAWAST/#{Yawast::VERSION}"})
29
31
  body = res.read_body
30
32
  code = res.code.to_i
31
33
 
32
34
  # check for error in the response - if we don't, we'll wait forever for nothing
33
35
  begin
34
36
  json = JSON.parse body
35
- rescue => e
37
+ rescue => e # rubocop:disable Style/RescueStandardError
36
38
  raise StandardError, "Invalid response from SSL Labs: '#{e.message}'"
37
39
  end
38
- if json.key?('errors')
39
- raise InvocationError, "API returned: #{json['errors']}"
40
- end
40
+
41
+ raise InvocationError, "API returned: #{json['errors']}" if json.key?('errors')
41
42
 
42
43
  Yawast::Shared::Output.log_json 'ssl', 'ssl_labs', body
43
44
 
@@ -59,17 +60,17 @@ module Yawast
59
60
  end
60
61
  end
61
62
 
62
- return body
63
+ body
63
64
  end
64
65
 
65
66
  def self.extract_status(body)
66
67
  begin
67
68
  json = JSON.parse body
68
- rescue => e
69
+ rescue => e # rubocop:disable Style/RescueStandardError
69
70
  raise StandardError, "Invalid response from SSL Labs: '#{e.message}'"
70
71
  end
71
72
 
72
- return json['status']
73
+ json['status']
73
74
  end
74
75
  end
75
76
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'json'
2
4
 
3
5
  module Yawast
@@ -12,15 +14,15 @@ module Yawast
12
14
 
13
15
  body = Yawast::Shared::Http.get uri
14
16
 
15
- return body
17
+ body
16
18
  end
17
19
 
18
20
  def self.extract_msg(body)
19
- ret = Array.new
21
+ ret = []
20
22
 
21
23
  begin
22
24
  json = JSON.parse body
23
- rescue => e
25
+ rescue => e # rubocop:disable Style/RescueStandardError
24
26
  raise Exception, "Invalid response from SSL Labs: '#{e.message}'"
25
27
  end
26
28
 
@@ -30,7 +32,7 @@ module Yawast
30
32
  end
31
33
  end
32
34
 
33
- return ret
35
+ ret
34
36
  end
35
37
  end
36
38
  end
@@ -1,9 +1,11 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Yawast
2
4
  module Scanner
3
5
  module Plugins
4
6
  module SSL
5
7
  class Sweet32
6
- def self.get_tdes_session_msg_count(uri, limit = 10000)
8
+ def self.get_tdes_session_msg_count(uri, limit = 10_000)
7
9
  Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'limit', limit
8
10
 
9
11
  # this method will send a number of HEAD requests to see
@@ -38,52 +40,52 @@ module Yawast
38
40
  # attempt to find a version that supports 3DES
39
41
  versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
40
42
  versions.each do |version|
41
- if version.to_s != 'SSLv23'
42
- req.ssl_version = version
43
-
44
- begin
45
- req.start do |http|
46
-
47
- head = nil
48
- begin
49
- if use_head
50
- head = http.head(uri.path, headers)
51
- else
52
- head = http.request_get(uri.path, headers)
53
- end
54
-
55
- cipher = http.instance_variable_get(:@socket).io.cipher[0]
56
- rescue
57
- # check if we are using HEAD or GET. If we've already switched to GET, no need to do this again.
58
- if use_head
59
- head = http.request_get(uri.path, headers)
43
+ next unless version.to_s != 'SSLv23'
44
+ req.ssl_version = version
60
45
 
61
- #if we are here, that means that HEAD failed, but GET didn't, so we'll use GET from now on.
62
- use_head = false
63
- Yawast::Utilities.puts_error 'Error: HEAD request failed; using GET requests for SWEET32 check...'
64
- end
46
+ begin
47
+ req.start do |http|
48
+
49
+ head = nil
50
+ begin
51
+ head = if use_head
52
+ http.head(uri.path, headers)
53
+ else
54
+ http.request_get(uri.path, headers)
55
+ end
56
+
57
+ cipher = http.instance_variable_get(:@socket).io.cipher[0]
58
+ rescue StandardError
59
+ # check if we are using HEAD or GET. If we've already switched to GET, no need to do this again.
60
+ if use_head
61
+ head = http.request_get(uri.path, headers)
62
+
63
+ # if we are here, that means that HEAD failed, but GET didn't, so we'll use GET from now on.
64
+ use_head = false
65
+ Yawast::Utilities.puts_error 'Error: HEAD request failed; using GET requests for SWEET32 check...'
65
66
  end
67
+ end
66
68
 
67
- # check to see if this is on Cloudflare - they break Keep-Alive limits, creating a false positive
69
+ # check to see if this is on Cloudflare - they break Keep-Alive limits, creating a false positive
70
+ unless head.nil?
68
71
  head.each do |k, v|
69
- if k.downcase == 'server'
70
- if v == 'cloudflare'
71
- puts 'Cloudflare server found: SWEET32 mitigated: https://support.cloudflare.com/hc/en-us/articles/231510928'
72
- end
72
+ next unless k.casecmp('server').zero?
73
+ if v == 'cloudflare'
74
+ puts 'Cloudflare server found: SWEET32 mitigated: https://support.cloudflare.com/hc/en-us/articles/231510928'
73
75
  end
74
76
  end
75
77
  end
78
+ end
76
79
 
77
- print "Using #{version} (#{cipher})"
80
+ print "Using #{version} (#{cipher})"
78
81
 
79
- Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'tls_version', version
80
- Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'tls_cipher', cipher
81
- Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'use_head_req', use_head
82
+ Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'tls_version', version
83
+ Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'tls_cipher', cipher
84
+ Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'use_head_req', use_head
82
85
 
83
- break
84
- rescue
85
- # we don't care
86
- end
86
+ break
87
+ rescue StandardError # rubocop:disable Lint/HandleExceptions
88
+ # we don't care
87
89
  end
88
90
  end
89
91
 
@@ -109,12 +111,10 @@ module Yawast
109
111
 
110
112
  count += 1
111
113
 
112
- if i % 20 == 0
113
- print '.'
114
- end
114
+ print '.' if (i % 20).zero?
115
115
  end
116
116
  end
117
- rescue => e
117
+ rescue StandardError => e
118
118
  puts
119
119
 
120
120
  if e.message.include?('alert handshake failure') || e.message.include?('no cipher match')
@@ -127,6 +127,10 @@ module Yawast
127
127
  Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'requests', count
128
128
  Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'exception', e.message
129
129
 
130
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
131
+ 'tls_sweet32',
132
+ {vulnerable: false}
133
+
130
134
  return
131
135
  end
132
136
 
@@ -136,6 +140,10 @@ module Yawast
136
140
 
137
141
  Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'vulnerable', true
138
142
  Yawast::Shared::Output.log_value 'ssl', 'sweet32', 'requests', count
143
+
144
+ Yawast::Shared::Output.log_hash 'vulnerabilities',
145
+ 'tls_sweet32',
146
+ {vulnerable: true}
139
147
  end
140
148
 
141
149
  def self.check_tdes
@@ -147,31 +155,28 @@ module Yawast
147
155
 
148
156
  versions.each do |version|
149
157
  # ignore SSLv23, as it's an auto-negotiate, which just adds noise
150
- if version.to_s != 'SSLv23' && version.to_s != 'SSLv2'
151
- # try to get the list of ciphers supported for each version
152
- Yawast::Shared::Output.log_append_value 'openssl', 'tls_versions', version.to_s
153
-
154
- ciphers = nil
155
-
156
- get_ciphers_failed = false
157
- begin
158
- ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
159
- rescue => e
160
- Yawast::Utilities.puts_error "\tError getting cipher suites for #{version}, skipping. (#{e.message})"
161
- get_ciphers_failed = true
162
- end
158
+ next unless version.to_s != 'SSLv23' && version.to_s != 'SSLv2'
159
+ # try to get the list of ciphers supported for each version
160
+ Yawast::Shared::Output.log_append_value 'openssl', 'tls_versions', version.to_s
161
+
162
+ ciphers = nil
163
+
164
+ get_ciphers_failed = false
165
+ begin
166
+ ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
167
+ rescue StandardError => e
168
+ Yawast::Utilities.puts_error "\tError getting cipher suites for #{version}, skipping. (#{e.message})"
169
+ get_ciphers_failed = true
170
+ end
163
171
 
164
- if ciphers != nil
165
- ciphers.each do |cipher|
166
- if cipher[0].include?('3DES') || cipher[0].include?('CBC3')
167
- ret = true
168
- end
172
+ if !ciphers.nil?
173
+ ciphers.each do |cipher|
174
+ ret = true if cipher[0].include?('3DES') || cipher[0].include?('CBC3')
169
175
 
170
- Yawast::Shared::Output.log_append_value 'openssl', 'tls_ciphers', version.to_s, cipher[0]
171
- end
172
- elsif !get_ciphers_failed
173
- Yawast::Utilities.puts_info "\t#{version}: No cipher suites available."
176
+ Yawast::Shared::Output.log_append_value 'openssl', 'tls_ciphers', version.to_s, cipher[0]
174
177
  end
178
+ elsif !get_ciphers_failed
179
+ Yawast::Utilities.puts_info "\t#{version}: No cipher suites available."
175
180
  end
176
181
  end
177
182
 
data/lib/scanner/ssl.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'openssl'
2
4
  require 'openssl-extensions/all'
3
5
  require 'digest/sha1'
@@ -24,9 +26,7 @@ module Yawast
24
26
 
25
27
  cert = ssl.peer_cert
26
28
 
27
- unless cert.nil?
28
- get_cert_info cert
29
- end
29
+ get_cert_info cert unless cert.nil?
30
30
 
31
31
  cert_chain = ssl.peer_cert_chain
32
32
  get_cert_chain_info cert_chain, cert
@@ -34,14 +34,12 @@ module Yawast
34
34
  puts "\t\tQualys SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=#{uri.host}&hideResults=on"
35
35
  puts ''
36
36
 
37
- if check_ciphers
38
- get_ciphers(uri)
39
- end
37
+ get_ciphers(uri) if check_ciphers
40
38
 
41
39
  ssl.sysclose
42
40
 
43
41
  Yawast::Scanner::Plugins::SSL::Sweet32.get_tdes_session_msg_count(uri) if tdes_session_count
44
- rescue => e
42
+ rescue => e # rubocop:disable Style/RescueStandardError
45
43
  Yawast::Utilities.puts_error "SSL: Error Reading X509 Details: #{e.message}"
46
44
  end
47
45
  end
@@ -54,14 +52,14 @@ module Yawast
54
52
  Yawast::Utilities.puts_info "\t\tSerial: #{cert.serial}"
55
53
  Yawast::Utilities.puts_info "\t\tSubject: #{cert.subject}"
56
54
 
57
- #check to see if cert is expired
55
+ # check to see if cert is expired
58
56
  if cert.not_after > Time.now
59
57
  Yawast::Utilities.puts_info "\t\tExpires: #{cert.not_after}"
60
58
  else
61
59
  Yawast::Utilities.puts_vuln "\t\tExpires: #{cert.not_after} (Expired)"
62
60
  end
63
61
 
64
- #check for SHA1 & MD5 certs
62
+ # check for SHA1 & MD5 certs
65
63
  if cert.signature_algorithm.include?('md5') || cert.signature_algorithm.include?('sha1')
66
64
  Yawast::Utilities.puts_vuln "\t\tSignature Algorithm: #{cert.signature_algorithm}"
67
65
  else
@@ -76,7 +74,7 @@ module Yawast
76
74
  # ct_precert_scts
77
75
  Yawast::Scanner::Plugins::SSL::SSL.print_precert cert
78
76
 
79
- #alt names
77
+ # alt names
80
78
  alt_names = cert.extensions.find {|e| e.oid == 'subjectAltName'}
81
79
  unless alt_names.nil?
82
80
  Yawast::Utilities.puts_info "\t\tAlternate Names:"
@@ -90,8 +88,8 @@ module Yawast
90
88
 
91
89
  def self.get_cert_chain_info(cert_chain, cert)
92
90
  if cert_chain.count == 1
93
- #HACK: This is an ugly way to guess if it's a missing intermediate, or self-signed
94
- #It looks like a change to Ruby's OpenSSL wrapper is needed to actually fix this right.
91
+ # HACK: This is an ugly way to guess if it's a missing intermediate, or self-signed
92
+ # It looks like a change to Ruby's OpenSSL wrapper is needed to actually fix this right.
95
93
 
96
94
  if cert.issuer == cert.subject
97
95
  Yawast::Utilities.puts_vuln "\t\tCertificate Is Self-Signed"
@@ -123,34 +121,32 @@ module Yawast
123
121
 
124
122
  dns = Resolv::DNS.new
125
123
 
126
- if IPAddress.valid? uri.host
127
- ip = IPAddress.parse uri.host
128
- else
129
- ip = dns.getaddresses(uri.host)[0]
130
- end
124
+ ip = if IPAddress.valid? uri.host
125
+ IPAddress.parse uri.host
126
+ else
127
+ dns.getaddresses(uri.host)[0]
128
+ end
131
129
 
132
- protocols = %w(ssl2 ssl3 tls1.0 tls1.1 tls1.2)
130
+ protocols = %w[ssl2 ssl3 tls1.0 tls1.1 tls1.2]
133
131
 
134
132
  protocols.each do |protocol|
135
- case protocol
136
- when 'ssl2'
137
- ciphers = SSLShake::SSLv2::CIPHERS
138
- when 'ssl3'
139
- ciphers = SSLShake::TLS::SSL3_CIPHERS
140
- else
141
- ciphers = SSLShake::TLS::TLS_CIPHERS
142
- end
133
+ ciphers = case protocol
134
+ when 'ssl2'
135
+ SSLShake::SSLv2::CIPHERS
136
+ when 'ssl3'
137
+ SSLShake::TLS::SSL3_CIPHERS
138
+ else
139
+ SSLShake::TLS::TLS_CIPHERS
140
+ end
143
141
 
144
142
  puts "\tChecking for #{protocol} suites (#{ciphers.count} possible suites)"
145
143
 
146
144
  ciphers.each_key do |cipher|
147
145
  begin
148
- res = SSLShake.hello(ip.to_s, port: uri.port, protocol: protocol, ciphers: cipher, servername: uri.host)
146
+ res = SSLShake.hello(ip.to_s, {port: uri.port, protocol: protocol, ciphers: cipher, servername: uri.host})
149
147
 
150
- if res['error'] == nil
151
- Yawast::Utilities.puts_info "\t\tCipher: #{res['cipher_suite']}"
152
- end
153
- rescue => e
148
+ Yawast::Utilities.puts_info "\t\tCipher: #{res['cipher_suite']}" if res['error'].nil?
149
+ rescue => e # rubocop:disable Style/RescueStandardError
154
150
  Yawast::Utilities.puts_error "SSL: Error Reading Cipher Details: #{e.message}"
155
151
  end
156
152
  end
@@ -161,20 +157,21 @@ module Yawast
161
157
 
162
158
  def self.check_cipher_strength(cipher, ssl)
163
159
  if cipher[2] < 112 || cipher[0].include?('RC4')
164
- #less than 112 bits or RC4, flag as a vuln
160
+ # less than 112 bits or RC4, flag as a vuln
165
161
  Yawast::Utilities.puts_vuln "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
166
162
  elsif cipher[2] >= 128
167
- #secure, probably safe
163
+ # secure, probably safe
168
164
  Yawast::Utilities.puts_info "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
169
165
  else
170
- #weak, but not "omg!" weak.
166
+ # weak, but not "omg!" weak.
171
167
  Yawast::Utilities.puts_warn "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
172
168
  end
173
169
  end
174
170
 
175
- #private methods
171
+ # private methods
176
172
  class << self
177
173
  private
174
+
178
175
  def get_x509_pub_key_strength(cert)
179
176
  begin
180
177
  if cert.public_key.class == OpenSSL::PKey::EC
@@ -182,7 +179,7 @@ module Yawast
182
179
  else
183
180
  cert.public_key.strength
184
181
  end
185
- rescue => e
182
+ rescue => e # rubocop:disable Style/RescueStandardError
186
183
  "(Strength Unknown: #{e.message})"
187
184
  end
188
185
  end