yawast 0.7.0.beta1 → 0.7.0.beta2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +12 -0
- data/CHANGELOG.md +5 -1
- data/Gemfile +2 -2
- data/README.md +8 -1
- data/Rakefile +1 -1
- data/bin/yawast +8 -0
- data/lib/commands/cms.rb +2 -0
- data/lib/commands/dns.rb +3 -3
- data/lib/commands/head.rb +2 -0
- data/lib/commands/scan.rb +2 -0
- data/lib/commands/ssl.rb +2 -0
- data/lib/commands/utils.rb +5 -3
- data/lib/scanner/core.rb +34 -26
- data/lib/scanner/generic.rb +33 -130
- data/lib/scanner/plugins/applications/cms/generic.rb +20 -0
- data/lib/scanner/plugins/applications/generic/password_reset.rb +180 -0
- data/lib/scanner/plugins/dns/caa.rb +30 -12
- data/lib/scanner/plugins/dns/generic.rb +38 -1
- data/lib/scanner/plugins/http/directory_search.rb +14 -12
- data/lib/scanner/plugins/http/file_presence.rb +21 -13
- data/lib/scanner/plugins/http/generic.rb +95 -0
- data/lib/scanner/plugins/servers/apache.rb +23 -23
- data/lib/scanner/plugins/servers/generic.rb +25 -0
- data/lib/scanner/plugins/servers/iis.rb +6 -6
- data/lib/scanner/plugins/servers/nginx.rb +3 -1
- data/lib/scanner/plugins/servers/python.rb +3 -1
- data/lib/scanner/plugins/spider/spider.rb +7 -7
- data/lib/scanner/plugins/ssl/ssl.rb +14 -14
- data/lib/scanner/plugins/ssl/ssl_labs/analyze.rb +14 -13
- data/lib/scanner/plugins/ssl/ssl_labs/info.rb +6 -4
- data/lib/scanner/plugins/ssl/sweet32.rb +68 -63
- data/lib/scanner/ssl.rb +33 -36
- data/lib/scanner/ssl_labs.rb +373 -110
- data/lib/scanner/vuln_scan.rb +27 -0
- data/lib/shared/http.rb +31 -27
- data/lib/shared/output.rb +7 -15
- data/lib/shared/uri.rb +14 -14
- data/lib/string_ext.rb +10 -4
- data/lib/uri_ext.rb +1 -1
- data/lib/util.rb +28 -0
- data/lib/version.rb +3 -1
- data/lib/yawast.rb +12 -2
- data/test/data/ssl_labs_analyze_data_cam_hmhreservations_com.json +1933 -0
- data/test/test_scan_cms.rb +2 -2
- data/test/test_ssl_labs_analyze.rb +15 -0
- data/yawast.gemspec +8 -5
- metadata +75 -28
- data/lib/scanner/cms.rb +0 -14
- data/lib/scanner/php.rb +0 -19
data/lib/scanner/ssl_labs.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'date'
|
2
4
|
require 'openssl'
|
3
5
|
require 'digest/sha1'
|
@@ -10,7 +12,7 @@ module Yawast
|
|
10
12
|
puts 'Beginning SSL Labs scan (this could take a minute or two)'
|
11
13
|
|
12
14
|
begin
|
13
|
-
endpoint = URI::
|
15
|
+
endpoint = URI::DEFAULT_PARSER.parse 'https://api.ssllabs.com'
|
14
16
|
|
15
17
|
info_body = Yawast::Scanner::Plugins::SSL::SSLLabs::Info.call_info endpoint
|
16
18
|
|
@@ -39,12 +41,12 @@ module Yawast
|
|
39
41
|
json = nil
|
40
42
|
begin
|
41
43
|
json = JSON.parse data_body
|
42
|
-
rescue => e
|
44
|
+
rescue => e # rubocop:disable Style/RescueStandardError
|
43
45
|
raise Exception, "Invalid response from SSL Labs: '#{e.message}'"
|
44
46
|
end
|
45
47
|
|
46
48
|
process_results uri, json, tdes_session_count
|
47
|
-
rescue => e
|
49
|
+
rescue => e # rubocop:disable Style/RescueStandardError
|
48
50
|
puts
|
49
51
|
Yawast::Utilities.puts_error "SSL Labs Error: #{e.message}"
|
50
52
|
end
|
@@ -65,7 +67,7 @@ module Yawast
|
|
65
67
|
else
|
66
68
|
Yawast::Utilities.puts_error "Error getting information for IP: #{ep['ipAddress']}: #{ep['statusMessage']}"
|
67
69
|
end
|
68
|
-
rescue => e
|
70
|
+
rescue => e # rubocop:disable Style/RescueStandardError
|
69
71
|
Yawast::Utilities.puts_error "Error getting information for IP: #{ep['ipAddress']}: #{e.message}"
|
70
72
|
end
|
71
73
|
|
@@ -76,13 +78,13 @@ module Yawast
|
|
76
78
|
else
|
77
79
|
Yawast::Utilities.puts_error 'SSL Labs Error: No Endpoint Data Received.'
|
78
80
|
|
79
|
-
#TODO
|
81
|
+
# TODO: Remove this before release
|
80
82
|
puts
|
81
83
|
puts "DEBUG DATA (send to adam@adamcaudill.com): #{body}"
|
82
84
|
puts
|
83
85
|
puts
|
84
86
|
end
|
85
|
-
rescue => e
|
87
|
+
rescue => e # rubocop:disable Style/RescueStandardError
|
86
88
|
puts
|
87
89
|
Yawast::Utilities.puts_error "SSL Labs Error: #{e.message}"
|
88
90
|
end
|
@@ -100,44 +102,26 @@ module Yawast
|
|
100
102
|
end
|
101
103
|
|
102
104
|
puts "\tCertificate Information:"
|
103
|
-
unless cert['issues']
|
105
|
+
unless cert['issues'].zero?
|
104
106
|
Yawast::Utilities.puts_vuln "\t\tCertificate Has Issues - Not Valid"
|
105
107
|
|
106
|
-
if cert['issues'] & 1 != 0
|
107
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: no chain of trust"
|
108
|
-
end
|
108
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: no chain of trust" if cert['issues'] & 1 != 0
|
109
109
|
|
110
|
-
if cert['issues'] & (1<<1) != 0
|
111
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: certificate not yet valid"
|
112
|
-
end
|
110
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: certificate not yet valid" if cert['issues'] & (1 << 1) != 0
|
113
111
|
|
114
|
-
if cert['issues'] & (1<<2) != 0
|
115
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: certificate expired"
|
116
|
-
end
|
112
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: certificate expired" if cert['issues'] & (1 << 2) != 0
|
117
113
|
|
118
|
-
if cert['issues'] & (1<<3) != 0
|
119
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: hostname mismatch"
|
120
|
-
end
|
114
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: hostname mismatch" if cert['issues'] & (1 << 3) != 0
|
121
115
|
|
122
|
-
if cert['issues'] & (1<<4) != 0
|
123
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: revoked"
|
124
|
-
end
|
116
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: revoked" if cert['issues'] & (1 << 4) != 0
|
125
117
|
|
126
|
-
if cert['issues'] & (1<<5) != 0
|
127
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: bad common name"
|
128
|
-
end
|
118
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: bad common name" if cert['issues'] & (1 << 5) != 0
|
129
119
|
|
130
|
-
if cert['issues'] & (1<<6) != 0
|
131
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: self-signed"
|
132
|
-
end
|
120
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: self-signed" if cert['issues'] & (1 << 6) != 0
|
133
121
|
|
134
|
-
if cert['issues'] & (1<<7) != 0
|
135
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: blacklisted"
|
136
|
-
end
|
122
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: blacklisted" if cert['issues'] & (1 << 7) != 0
|
137
123
|
|
138
|
-
if cert['issues'] & (1<<8) != 0
|
139
|
-
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: insecure signature"
|
140
|
-
end
|
124
|
+
Yawast::Utilities.puts_vuln "\t\tCertificate Issue: insecure signature" if cert['issues'] & (1 << 8) != 0
|
141
125
|
end
|
142
126
|
|
143
127
|
Yawast::Utilities.puts_info "\t\tSubject: #{cert['subject']}"
|
@@ -166,17 +150,56 @@ module Yawast
|
|
166
150
|
|
167
151
|
Yawast::Utilities.puts_info "\t\tVersion: #{ossl_cert.version}"
|
168
152
|
|
169
|
-
|
153
|
+
serial = format('%02x', ossl_cert.serial.to_i)
|
154
|
+
serial = "0#{serial}" unless serial.length.even?
|
155
|
+
Yawast::Utilities.puts_info "\t\tSerial: #{serial}"
|
156
|
+
|
157
|
+
## if the serial is exactly 16 hex digits, it may have an entropy issue.
|
158
|
+
if serial.length == 16
|
159
|
+
puts
|
160
|
+
|
161
|
+
Yawast::Utilities.puts_warn "\t\tSerial number is exactly 64 bits. Serial may not comply with CA/B Forum requirements."
|
162
|
+
Yawast::Utilities.puts_raw "\t\t\t See https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/ for details."
|
163
|
+
|
164
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
165
|
+
'tls_serial_exactly_64_bits',
|
166
|
+
{vulnerable: true, length: (serial.length / 2) * 8}
|
167
|
+
|
168
|
+
puts
|
169
|
+
elsif serial.length < 16
|
170
|
+
puts
|
171
|
+
|
172
|
+
Yawast::Utilities.puts_vuln "\t\tSerial number is less than 64 bits. Serial does not comply with CA/B Forum requirements."
|
173
|
+
|
174
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
175
|
+
'tls_serial_less_than_64_bits',
|
176
|
+
{vulnerable: true, length: (serial.length / 2) * 8}
|
177
|
+
|
178
|
+
puts
|
179
|
+
else
|
180
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
181
|
+
'tls_serial_exactly_64_bits',
|
182
|
+
{vulnerable: false, length: (serial.length / 2) * 8}
|
183
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
184
|
+
'tls_serial_less_than_64_bits',
|
185
|
+
{vulnerable: false, length: (serial.length / 2) * 8}
|
186
|
+
end
|
170
187
|
|
171
188
|
Yawast::Utilities.puts_info "\t\tIssuer: #{cert['issuerSubject']}"
|
172
189
|
|
173
190
|
if cert['sigAlg'].include?('SHA1') || cert['sigAlg'].include?('MD5')
|
174
191
|
Yawast::Utilities.puts_vuln "\t\tSignature algorithm: #{cert['sigAlg']}"
|
192
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
193
|
+
'tls_weak_sig_alg',
|
194
|
+
{vulnerable: true, algorithm: cert['sigAlg']}
|
175
195
|
else
|
176
196
|
Yawast::Utilities.puts_info "\t\tSignature algorithm: #{cert['sigAlg']}"
|
197
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
198
|
+
'tls_weak_sig_alg',
|
199
|
+
{vulnerable: false, algorithm: cert['sigAlg']}
|
177
200
|
end
|
178
201
|
|
179
|
-
#
|
202
|
+
# TODO: figure out what the options for this value are
|
180
203
|
if cert['validationType'] == 'E'
|
181
204
|
Yawast::Utilities.puts_info "\t\tExtended Validation: Yes"
|
182
205
|
elsif cert['validationType'] == 'D'
|
@@ -192,12 +215,12 @@ module Yawast
|
|
192
215
|
end
|
193
216
|
|
194
217
|
# check second bit, SCT in stapled OSCP response
|
195
|
-
if ep['details']['hasSct'] & (1<<1) != 0
|
218
|
+
if ep['details']['hasSct'] & (1 << 1) != 0
|
196
219
|
Yawast::Utilities.puts_info "\t\tCertificate Transparency: SCT in the stapled OCSP response"
|
197
220
|
end
|
198
221
|
|
199
222
|
# check third bit, SCT in the TLS extension
|
200
|
-
if ep['details']['hasSct'] & (1<<2) != 0
|
223
|
+
if ep['details']['hasSct'] & (1 << 2) != 0
|
201
224
|
Yawast::Utilities.puts_info "\t\tCertificate Transparency: SCT in the TLS extension (ServerHello)"
|
202
225
|
end
|
203
226
|
else
|
@@ -209,7 +232,7 @@ module Yawast
|
|
209
232
|
if cert['revocationInfo'] & 1 != 0
|
210
233
|
Yawast::Utilities.puts_info "\t\tRevocation information: CRL information available"
|
211
234
|
end
|
212
|
-
if cert['revocationInfo'] & (1<<1) != 0
|
235
|
+
if cert['revocationInfo'] & (1 << 1) != 0
|
213
236
|
Yawast::Utilities.puts_info "\t\tRevocation information: OCSP information available"
|
214
237
|
end
|
215
238
|
|
@@ -244,18 +267,18 @@ module Yawast
|
|
244
267
|
path_count = 0
|
245
268
|
|
246
269
|
# build list of trust paths
|
247
|
-
trust_paths =
|
270
|
+
trust_paths = {}
|
248
271
|
chain['trustPaths'].each do |path|
|
249
272
|
trusts = nil
|
250
273
|
# in practice, it seems there is only only per path, but just in case
|
251
274
|
path['trust'].each do |trust|
|
252
|
-
if trust['isTrusted']
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
|
275
|
+
trust_line = if trust['isTrusted']
|
276
|
+
"#{trust['rootStore']} (trusted)"
|
277
|
+
else
|
278
|
+
"#{trust['rootStore']} (#{trust['trustErrorMessage']})"
|
279
|
+
end
|
257
280
|
|
258
|
-
if trusts
|
281
|
+
if trusts.nil?
|
259
282
|
trusts = trust_line
|
260
283
|
else
|
261
284
|
trusts += " #{trust_line}"
|
@@ -277,25 +300,31 @@ module Yawast
|
|
277
300
|
puts "\t\t Root Stores: #{trust_paths[key]}"
|
278
301
|
|
279
302
|
# cert chain issues
|
280
|
-
if chain['issues'] & (1<<1) != 0
|
303
|
+
if chain['issues'] & (1 << 1) != 0
|
281
304
|
Yawast::Utilities.puts_warn "\t\tCertificate Chain Issue: incomplete chain"
|
305
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
306
|
+
'tls_chain_incomplete',
|
307
|
+
{vulnerable: true}
|
308
|
+
else
|
309
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
310
|
+
'tls_chain_incomplete',
|
311
|
+
{vulnerable: false}
|
282
312
|
end
|
283
313
|
|
284
|
-
if chain['issues'] & (1<<2) != 0
|
314
|
+
if chain['issues'] & (1 << 2) != 0
|
285
315
|
Yawast::Utilities.puts_warn "\t\tCertificate Chain Issue: chain contains unrelated/duplicate certificates"
|
286
316
|
end
|
287
317
|
|
288
|
-
if chain['issues'] & (1<<3) != 0
|
289
|
-
Yawast::Utilities.puts_warn "\t\tCertificate Chain Issue: incorrect order"
|
290
|
-
end
|
318
|
+
Yawast::Utilities.puts_warn "\t\tCertificate Chain Issue: incorrect order" if chain['issues'] & (1 << 3) != 0
|
291
319
|
|
292
|
-
if chain['issues'] & (1<<4) != 0
|
293
|
-
Yawast::Utilities.puts_warn "\t\tCertificate Chain Issue: contains anchor"
|
294
|
-
end
|
320
|
+
Yawast::Utilities.puts_warn "\t\tCertificate Chain Issue: contains anchor" if chain['issues'] & (1 << 4) != 0
|
295
321
|
|
296
|
-
if cert['issues'] & (1<<5) != 0
|
297
|
-
|
298
|
-
|
322
|
+
Yawast::Utilities.puts_warn "\t\tCertificate Chain Issue: untrusted" if cert['issues'] & (1 << 5) != 0
|
323
|
+
|
324
|
+
# setup the log entry for a symantec root - this will overwrite if one is found
|
325
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
326
|
+
'tls_symantec_root',
|
327
|
+
{vulnerable: false, root_hash: ''}
|
299
328
|
|
300
329
|
key.each do |path_cert|
|
301
330
|
body['certs'].each do |c|
|
@@ -305,11 +334,14 @@ module Yawast
|
|
305
334
|
|
306
335
|
if Yawast::Scanner::Plugins::SSL::SSL.check_symantec_root(c['sha256Hash'])
|
307
336
|
Yawast::Utilities.puts_vuln "\t\t\t Untrusted Symantec Root"
|
337
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
338
|
+
'tls_symantec_root',
|
339
|
+
{vulnerable: true, :root_hash => c['sha256Hash']}
|
308
340
|
end
|
309
341
|
|
310
342
|
Yawast::Utilities.puts_info "\t\t\t https://crt.sh/?q=#{c['sha1Hash']}"
|
311
343
|
|
312
|
-
|
344
|
+
unless chain['certIds'].find_index(c['sha256Hash']).nil?
|
313
345
|
Yawast::Utilities.puts_info "\t\t\t (provided by server)"
|
314
346
|
end
|
315
347
|
|
@@ -327,24 +359,53 @@ module Yawast
|
|
327
359
|
puts "\tConfiguration Information:"
|
328
360
|
|
329
361
|
puts "\t\tProtocol Support:"
|
330
|
-
|
362
|
+
# setup JSON output
|
363
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
364
|
+
'tls_legacy_ssl',
|
365
|
+
{vulnerable: false}
|
366
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
367
|
+
'tls_tls10_enabled',
|
368
|
+
{vulnerable: false}
|
369
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
370
|
+
'tls_tls13_not_enabled',
|
371
|
+
{vulnerable: true}
|
372
|
+
|
373
|
+
# check protocols
|
374
|
+
protos = {}
|
375
|
+
tls13_enabled = false
|
331
376
|
ep['details']['protocols'].each do |proto|
|
332
377
|
if proto['name'] == 'SSL'
|
333
378
|
# show a vuln for SSLvX
|
334
379
|
Yawast::Utilities.puts_vuln "\t\t\t#{proto['name']} #{proto['version']}"
|
380
|
+
|
381
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
382
|
+
'tls_legacy_ssl',
|
383
|
+
{vulnerable: true}
|
335
384
|
elsif proto['name'] == 'TLS' && proto['version'] == '1.0'
|
336
385
|
# show a warn for TLSv1.0
|
337
386
|
Yawast::Utilities.puts_warn "\t\t\t#{proto['name']} #{proto['version']}"
|
387
|
+
|
388
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
389
|
+
'tls_tls10_enabled',
|
390
|
+
{vulnerable: true}
|
391
|
+
elsif proto['name'] == 'TLS' && proto['version'] == '1.3'
|
392
|
+
# capture TLS 1.3 status
|
393
|
+
tls13_enabled = true
|
394
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
395
|
+
'tls_tls13_not_enabled',
|
396
|
+
{vulnerable: false}
|
338
397
|
else
|
339
398
|
Yawast::Utilities.puts_info "\t\t\t#{proto['name']} #{proto['version']}"
|
340
399
|
end
|
341
400
|
|
342
401
|
protos[proto['id']] = "#{proto['name']} #{proto['version']}"
|
343
402
|
end
|
403
|
+
|
404
|
+
Yawast::Utilities.puts_warn "\t\t\tTLS 1.3 Is Not Enabled" unless tls13_enabled
|
344
405
|
puts
|
345
406
|
|
346
407
|
puts "\t\tNamed Group Support:"
|
347
|
-
|
408
|
+
unless ep['details']['namedGroups'].nil?
|
348
409
|
ep['details']['namedGroups']['list'].each do |group|
|
349
410
|
Yawast::Utilities.puts_info "\t\t\t#{group['name']} #{group['bits']}"
|
350
411
|
end
|
@@ -352,7 +413,21 @@ module Yawast
|
|
352
413
|
end
|
353
414
|
|
354
415
|
puts "\t\tCipher Suite Support:"
|
355
|
-
|
416
|
+
# setup JSON output
|
417
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
418
|
+
'tls_insecure_cipher_suites',
|
419
|
+
{vulnerable: false}
|
420
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
421
|
+
'tls_weak_cipher_suites',
|
422
|
+
{vulnerable: false}
|
423
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
424
|
+
'tls_3des_enabled',
|
425
|
+
{vulnerable: false, suite: ''}
|
426
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
427
|
+
'tls_rc4_enabled',
|
428
|
+
{vulnerable: false, suite: ''}
|
429
|
+
|
430
|
+
if !ep['details']['suites'].nil?
|
356
431
|
ep['details']['suites'].each do |proto_suites|
|
357
432
|
Yawast::Utilities.puts_info "\t\t\t#{protos[proto_suites['protocol']]}"
|
358
433
|
|
@@ -364,22 +439,40 @@ module Yawast
|
|
364
439
|
# in this case, the effective strength is only 112 bits,
|
365
440
|
# which is what we want to report. So override SSL Labs
|
366
441
|
strength = 112
|
442
|
+
|
443
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
444
|
+
'tls_3des_enabled',
|
445
|
+
{vulnerable: true, suite: suite['name']}
|
367
446
|
end
|
368
447
|
|
369
|
-
if
|
370
|
-
|
371
|
-
|
372
|
-
|
448
|
+
if suite['name'].include? 'RC4'
|
449
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
450
|
+
'tls_rc4_enabled',
|
451
|
+
{vulnerable: true, suite: suite['name']}
|
373
452
|
end
|
374
453
|
|
454
|
+
suite_info = if !ke.nil?
|
455
|
+
"#{suite['name'].ljust(50)} - #{strength}-bits - #{ke}"
|
456
|
+
else
|
457
|
+
"#{suite['name'].ljust(50)} - #{strength}-bits"
|
458
|
+
end
|
459
|
+
|
375
460
|
if cipher_suite_secure? suite
|
376
461
|
if strength >= 128
|
377
462
|
Yawast::Utilities.puts_info "\t\t\t #{suite_info}"
|
378
463
|
else
|
379
464
|
Yawast::Utilities.puts_warn "\t\t\t #{suite_info}"
|
465
|
+
|
466
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
467
|
+
'tls_weak_cipher_suites',
|
468
|
+
{vulnerable: true}
|
380
469
|
end
|
381
470
|
else
|
382
471
|
Yawast::Utilities.puts_vuln "\t\t\t #{suite_info}"
|
472
|
+
|
473
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
474
|
+
'tls_insecure_cipher_suites',
|
475
|
+
{vulnerable: true}
|
383
476
|
end
|
384
477
|
end
|
385
478
|
end
|
@@ -390,15 +483,13 @@ module Yawast
|
|
390
483
|
puts
|
391
484
|
|
392
485
|
puts "\t\tHandshake Simulation:"
|
393
|
-
if ep['details']['sims']['results']
|
486
|
+
if !ep['details']['sims']['results'].nil?
|
394
487
|
ep['details']['sims']['results'].each do |sim|
|
395
488
|
name = "#{sim['client']['name']} #{sim['client']['version']}"
|
396
|
-
|
397
|
-
name += " / #{sim['client']['platform']}"
|
398
|
-
end
|
489
|
+
name += " / #{sim['client']['platform']}" unless sim['client']['platform'].nil?
|
399
490
|
name = name.ljust(28)
|
400
491
|
|
401
|
-
if sim['errorCode']
|
492
|
+
if sim['errorCode'].zero?
|
402
493
|
protocol = protos[sim['protocolId']]
|
403
494
|
|
404
495
|
ke = get_key_exchange sim
|
@@ -427,29 +518,50 @@ module Yawast
|
|
427
518
|
Yawast::Utilities.puts_vuln "\t\t\t\t#{dh['ip']}:#{dh['port']} - #{dh['status']}"
|
428
519
|
puts "\t\t\t\thttps://test.drownattack.com/?site=#{dh['ip']}"
|
429
520
|
end
|
521
|
+
|
522
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
523
|
+
'tls_drown',
|
524
|
+
{vulnerable: true}
|
430
525
|
else
|
431
526
|
Yawast::Utilities.puts_info "\t\t\tDROWN: No"
|
432
|
-
end
|
433
527
|
|
434
|
-
|
435
|
-
|
436
|
-
|
437
|
-
if ep['details']['renegSupport'] & (1<<1) != 0
|
438
|
-
Yawast::Utilities.puts_info "\t\t\tSecure Renegotiation: secure renegotiation supported"
|
528
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
529
|
+
'tls_drown',
|
530
|
+
{vulnerable: false}
|
439
531
|
end
|
440
|
-
|
441
|
-
|
442
|
-
|
443
|
-
|
444
|
-
|
532
|
+
|
533
|
+
unless ep['details']['renegSupport'].nil?
|
534
|
+
if ep['details']['renegSupport'] & 1 != 0
|
535
|
+
Yawast::Utilities.puts_vuln "\t\t\tSecure Renegotiation: insecure client-initiated renegotiation supported"
|
536
|
+
end
|
537
|
+
if ep['details']['renegSupport'] & (1 << 1) != 0
|
538
|
+
Yawast::Utilities.puts_info "\t\t\tSecure Renegotiation: secure renegotiation supported"
|
539
|
+
end
|
540
|
+
if ep['details']['renegSupport'] & (1 << 2) != 0
|
541
|
+
Yawast::Utilities.puts_info "\t\t\tSecure Renegotiation: secure client-initiated renegotiation supported"
|
542
|
+
end
|
543
|
+
if ep['details']['renegSupport'] & (1 << 3) != 0
|
544
|
+
Yawast::Utilities.puts_info "\t\t\tSecure Renegotiation: server requires secure renegotiation support"
|
545
|
+
end
|
445
546
|
end
|
446
547
|
|
447
548
|
if ep['details']['poodle']
|
448
549
|
Yawast::Utilities.puts_vuln "\t\t\tPOODLE (SSL): Vulnerable"
|
550
|
+
|
551
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
552
|
+
'tls_poodle_ssl',
|
553
|
+
{vulnerable: true}
|
449
554
|
else
|
450
555
|
Yawast::Utilities.puts_info "\t\t\tPOODLE (SSL): No"
|
556
|
+
|
557
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
558
|
+
'tls_poodle_ssl',
|
559
|
+
{vulnerable: false}
|
451
560
|
end
|
452
561
|
|
562
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
563
|
+
'tls_poodle',
|
564
|
+
{vulnerable: false}
|
453
565
|
case ep['details']['poodleTls']
|
454
566
|
when -3
|
455
567
|
Yawast::Utilities.puts_info "\t\t\tPOODLE (TLS): Inconclusive (Timeout)"
|
@@ -463,34 +575,72 @@ module Yawast
|
|
463
575
|
Yawast::Utilities.puts_info "\t\t\tPOODLE (TLS): No"
|
464
576
|
when 2
|
465
577
|
Yawast::Utilities.puts_vuln "\t\t\tPOODLE (TLS): Vulnerable"
|
578
|
+
|
579
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
580
|
+
'tls_poodle',
|
581
|
+
{vulnerable: true}
|
466
582
|
else
|
467
583
|
Yawast::Utilities.puts_error "\t\t\tPOODLE (TLS): Unknown Response #{ep['details']['poodleTls']}"
|
468
584
|
end
|
469
585
|
|
470
586
|
if ep['details']['fallbackScsv']
|
471
587
|
Yawast::Utilities.puts_info "\t\t\tDowngrade Prevention: Yes"
|
588
|
+
|
589
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
590
|
+
'tls_missing_fallback_scsv',
|
591
|
+
{vulnerable: false}
|
472
592
|
else
|
473
593
|
Yawast::Utilities.puts_warn "\t\t\tDowngrade Prevention: No"
|
594
|
+
|
595
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
596
|
+
'tls_missing_fallback_scsv',
|
597
|
+
{vulnerable: true}
|
474
598
|
end
|
475
599
|
|
476
600
|
if ep['details']['compressionMethods'] & 1 != 0
|
477
601
|
Yawast::Utilities.puts_warn "\t\t\tCompression: DEFLATE"
|
602
|
+
|
603
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
604
|
+
'tls_compression_enabled',
|
605
|
+
{vulnerable: true}
|
478
606
|
else
|
479
607
|
Yawast::Utilities.puts_info "\t\t\tCompression: No"
|
608
|
+
|
609
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
610
|
+
'tls_compression_enabled',
|
611
|
+
{vulnerable: false}
|
480
612
|
end
|
481
613
|
|
482
614
|
if ep['details']['heartbeat']
|
483
615
|
Yawast::Utilities.puts_warn "\t\t\tHeartbeat: Enabled"
|
616
|
+
|
617
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
618
|
+
'tls_heartbeat_enabled',
|
619
|
+
{vulnerable: true}
|
484
620
|
else
|
485
621
|
Yawast::Utilities.puts_info "\t\t\tHeartbeat: Disabled"
|
622
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
623
|
+
'tls_heartbeat_enabled',
|
624
|
+
{vulnerable: false}
|
486
625
|
end
|
487
626
|
|
488
627
|
if ep['details']['heartbleed']
|
489
628
|
Yawast::Utilities.puts_vuln "\t\t\tHeartbleed: Vulnerable"
|
629
|
+
|
630
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
631
|
+
'tls_heartblead',
|
632
|
+
{vulnerable: true}
|
490
633
|
else
|
491
634
|
Yawast::Utilities.puts_info "\t\t\tHeartbleed: No"
|
635
|
+
|
636
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
637
|
+
'tls_heartblead',
|
638
|
+
{vulnerable: false}
|
492
639
|
end
|
493
640
|
|
641
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
642
|
+
'tls_ticketbleed',
|
643
|
+
{vulnerable: false}
|
494
644
|
case ep['details']['ticketbleed']
|
495
645
|
when -1
|
496
646
|
Yawast::Utilities.puts_error "\t\t\tTicketbleed (CVE-2016-9244): Test Failed"
|
@@ -500,11 +650,17 @@ module Yawast
|
|
500
650
|
Yawast::Utilities.puts_info "\t\t\tTicketbleed (CVE-2016-9244): No"
|
501
651
|
when 2
|
502
652
|
Yawast::Utilities.puts_vuln "\t\t\tTicketbleed (CVE-2016-9244): Vulnerable"
|
653
|
+
|
654
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
655
|
+
'tls_ticketbleed',
|
656
|
+
{vulnerable: true}
|
503
657
|
else
|
504
658
|
Yawast::Utilities.puts_error "\t\t\tTicketbleed (CVE-2016-9244): Unknown Response #{ep['details']['ticketbleed']}"
|
505
659
|
end
|
506
660
|
|
507
|
-
|
661
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
662
|
+
'tls_openssl_ccs_cve20140224',
|
663
|
+
{vulnerable: false, exploitable: false}
|
508
664
|
case ep['details']['openSslCcs']
|
509
665
|
when -1
|
510
666
|
Yawast::Utilities.puts_error "\t\t\tOpenSSL CCS (CVE-2014-0224): Test Failed"
|
@@ -514,12 +670,24 @@ module Yawast
|
|
514
670
|
Yawast::Utilities.puts_info "\t\t\tOpenSSL CCS (CVE-2014-0224): No"
|
515
671
|
when 2
|
516
672
|
Yawast::Utilities.puts_vuln "\t\t\tOpenSSL CCS (CVE-2014-0224): Vulnerable - Not Exploitable"
|
673
|
+
|
674
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
675
|
+
'tls_openssl_ccs_cve20140224',
|
676
|
+
{vulnerable: true, exploitable: false}
|
517
677
|
when 3
|
518
678
|
Yawast::Utilities.puts_vuln "\t\t\tOpenSSL CCS (CVE-2014-0224): Vulnerable"
|
679
|
+
|
680
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
681
|
+
'tls_openssl_ccs_cve20140224',
|
682
|
+
{vulnerable: true, exploitable: true}
|
519
683
|
else
|
520
684
|
Yawast::Utilities.puts_error "\t\t\tOpenSSL CCS (CVE-2014-0224): Unknown Response #{ep['details']['openSslCcs']}"
|
521
685
|
end
|
522
686
|
|
687
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
688
|
+
'tls_openssl_lunckyminus20',
|
689
|
+
{vulnerable: false}
|
690
|
+
|
523
691
|
case ep['details']['openSSLLuckyMinus20']
|
524
692
|
when -1
|
525
693
|
Yawast::Utilities.puts_error "\t\t\tOpenSSL Padding Oracle (CVE-2016-2107): Test Failed"
|
@@ -529,10 +697,17 @@ module Yawast
|
|
529
697
|
Yawast::Utilities.puts_info "\t\t\tOpenSSL Padding Oracle (CVE-2016-2107): No"
|
530
698
|
when 2
|
531
699
|
Yawast::Utilities.puts_vuln "\t\t\tOpenSSL Padding Oracle (CVE-2016-2107): Vulnerable"
|
700
|
+
|
701
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
702
|
+
'tls_openssl_lunckyminus20',
|
703
|
+
{vulnerable: true}
|
532
704
|
else
|
533
705
|
Yawast::Utilities.puts_error "\t\t\tOpenSSL Padding Oracle (CVE-2016-2107): Unknown Response #{ep['details']['openSSLLuckyMinus20']}"
|
534
706
|
end
|
535
707
|
|
708
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
709
|
+
'tls_robot',
|
710
|
+
{vulnerable: false, exploitable: false}
|
536
711
|
case ep['details']['bleichenbacher']
|
537
712
|
when -1
|
538
713
|
Yawast::Utilities.puts_error "\t\t\tROBOT: Test Failed"
|
@@ -542,28 +717,66 @@ module Yawast
|
|
542
717
|
Yawast::Utilities.puts_info "\t\t\tROBOT: No"
|
543
718
|
when 2
|
544
719
|
Yawast::Utilities.puts_warn "\t\t\tROBOT: Not Exploitable"
|
720
|
+
|
721
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
722
|
+
'tls_robot',
|
723
|
+
{vulnerable: true, exploitable: false}
|
545
724
|
when 3
|
546
725
|
Yawast::Utilities.puts_vuln "\t\t\tROBOT: Exploitable"
|
726
|
+
|
727
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
728
|
+
'tls_robot',
|
729
|
+
{vulnerable: true, exploitable: true}
|
547
730
|
when nil
|
548
731
|
# if it's null, we don't care
|
549
732
|
else
|
550
733
|
Yawast::Utilities.puts_error "\t\t\tROBOT: Unknown Response #{ep['details']['bleichenbacher']}"
|
551
734
|
end
|
552
735
|
|
553
|
-
|
736
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
737
|
+
'tls_missing_forward_secrecy',
|
738
|
+
{vulnerable: false}
|
739
|
+
|
740
|
+
if ep['details']['forwardSecrecy'] & (1 << 2) != 0
|
554
741
|
Yawast::Utilities.puts_info "\t\t\tForward Secrecy: Yes (all simulated clients)"
|
555
|
-
elsif ep['details']['forwardSecrecy'] & (1<<1) != 0
|
742
|
+
elsif ep['details']['forwardSecrecy'] & (1 << 1) != 0
|
556
743
|
Yawast::Utilities.puts_info "\t\t\tForward Secrecy: Yes (modern clients)"
|
557
744
|
elsif ep['details']['forwardSecrecy'] & 1 != 0
|
558
745
|
Yawast::Utilities.puts_warn "\t\t\tForward Secrecy: Yes (limited support)"
|
746
|
+
|
747
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
748
|
+
'tls_missing_forward_secrecy',
|
749
|
+
{vulnerable: true}
|
559
750
|
else
|
560
751
|
Yawast::Utilities.puts_vuln "\t\t\tForward Secrecy: No"
|
752
|
+
|
753
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
754
|
+
'tls_missing_forward_secrecy',
|
755
|
+
{vulnerable: true}
|
756
|
+
end
|
757
|
+
|
758
|
+
if ep['details']['supportsAead']
|
759
|
+
Yawast::Utilities.puts_info "\t\t\tAEAD Cipher Suites Supported: Yes"
|
760
|
+
|
761
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
762
|
+
'tls_aead_support_missing',
|
763
|
+
{vulnerable: false}
|
764
|
+
else
|
765
|
+
Yawast::Utilities.puts_warn "\t\t\tAEAD Cipher Suites Supported: No"
|
766
|
+
|
767
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
768
|
+
'tls_aead_support_missing',
|
769
|
+
{vulnerable: true}
|
561
770
|
end
|
562
771
|
|
563
772
|
Yawast::Utilities.puts_info "\t\t\tALPN: #{ep['details']['alpnProtocols']}"
|
564
773
|
|
565
774
|
Yawast::Utilities.puts_info "\t\t\tNPN: #{ep['details']['npnProtocols']}"
|
566
775
|
|
776
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
777
|
+
'tls_session_resumption',
|
778
|
+
{vulnerable: false}
|
779
|
+
|
567
780
|
case ep['details']['sessionResumption']
|
568
781
|
when 0
|
569
782
|
Yawast::Utilities.puts_info "\t\t\tSession Resumption: Not Enabled / Empty Tickets"
|
@@ -571,52 +784,64 @@ module Yawast
|
|
571
784
|
Yawast::Utilities.puts_info "\t\t\tSession Resumption: Enabled / No Resumption"
|
572
785
|
when 2
|
573
786
|
Yawast::Utilities.puts_warn "\t\t\tSession Resumption: Enabled"
|
787
|
+
|
788
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
789
|
+
'tls_session_resumption',
|
790
|
+
{vulnerable: true}
|
574
791
|
else
|
575
792
|
Yawast::Utilities.puts_error "\t\t\tSession Resumption: Unknown Response #{ep['details']['sessionResumption']}"
|
576
793
|
end
|
577
794
|
|
578
795
|
if ep['details']['ocspStapling']
|
579
796
|
Yawast::Utilities.puts_info "\t\t\tOCSP Stapling: Yes"
|
797
|
+
|
798
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
799
|
+
'tls_ocsp_stapling_missing',
|
800
|
+
{vulnerable: false}
|
580
801
|
else
|
581
802
|
Yawast::Utilities.puts_warn "\t\t\tOCSP Stapling: No"
|
803
|
+
|
804
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
805
|
+
'tls_ocsp_stapling_missing',
|
806
|
+
{vulnerable: true}
|
582
807
|
end
|
583
808
|
|
584
|
-
if ep['details']['miscIntolerance']
|
809
|
+
if ep['details']['miscIntolerance'].positive?
|
585
810
|
if ep['details']['miscIntolerance'] & 1 != 0
|
586
811
|
Yawast::Utilities.puts_warn "\t\t\tTLS Extension Intolerance: Yes"
|
587
812
|
end
|
588
813
|
|
589
|
-
if ep['details']['miscIntolerance'] & (1<<1) != 0
|
814
|
+
if ep['details']['miscIntolerance'] & (1 << 1) != 0
|
590
815
|
Yawast::Utilities.puts_warn "\t\t\tLong Handshake Intolerance: Yes"
|
591
816
|
end
|
592
817
|
|
593
|
-
if ep['details']['miscIntolerance'] & (1<<2) != 0
|
818
|
+
if ep['details']['miscIntolerance'] & (1 << 2) != 0
|
594
819
|
Yawast::Utilities.puts_warn "\t\t\tLong Handshake Intolerance: Workaround Success"
|
595
820
|
end
|
596
821
|
end
|
597
822
|
|
598
|
-
if ep['details']['protocolIntolerance']
|
823
|
+
if ep['details']['protocolIntolerance'].positive?
|
599
824
|
if ep['details']['protocolIntolerance'] & 1 != 0
|
600
825
|
Yawast::Utilities.puts_warn "\t\t\tProtocol Intolerance: TLS 1.0"
|
601
826
|
end
|
602
827
|
|
603
|
-
if ep['details']['protocolIntolerance'] & (1<<1) != 0
|
828
|
+
if ep['details']['protocolIntolerance'] & (1 << 1) != 0
|
604
829
|
Yawast::Utilities.puts_warn "\t\t\tProtocol Intolerance: TLS 1.1"
|
605
830
|
end
|
606
831
|
|
607
|
-
if ep['details']['protocolIntolerance'] & (1<<2) != 0
|
832
|
+
if ep['details']['protocolIntolerance'] & (1 << 2) != 0
|
608
833
|
Yawast::Utilities.puts_warn "\t\t\tProtocol Intolerance: TLS 1.2"
|
609
834
|
end
|
610
835
|
|
611
|
-
if ep['details']['protocolIntolerance'] & (1<<3) != 0
|
836
|
+
if ep['details']['protocolIntolerance'] & (1 << 3) != 0
|
612
837
|
Yawast::Utilities.puts_warn "\t\t\tProtocol Intolerance: TLS 1.3"
|
613
838
|
end
|
614
839
|
|
615
|
-
if ep['details']['protocolIntolerance'] & (1<<4) != 0
|
840
|
+
if ep['details']['protocolIntolerance'] & (1 << 4) != 0
|
616
841
|
Yawast::Utilities.puts_warn "\t\t\tProtocol Intolerance: TLS 1.152"
|
617
842
|
end
|
618
843
|
|
619
|
-
if ep['details']['protocolIntolerance'] & (1<<5) != 0
|
844
|
+
if ep['details']['protocolIntolerance'] & (1 << 5) != 0
|
620
845
|
Yawast::Utilities.puts_warn "\t\t\tProtocol Intolerance: TLS 2.152"
|
621
846
|
end
|
622
847
|
else
|
@@ -625,39 +850,83 @@ module Yawast
|
|
625
850
|
|
626
851
|
if ep['details']['freak']
|
627
852
|
Yawast::Utilities.puts_vuln "\t\t\tFREAK: Vulnerable (512-bit key exchange supported)"
|
853
|
+
|
854
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
855
|
+
'tls_freak',
|
856
|
+
{vulnerable: true}
|
628
857
|
else
|
629
858
|
Yawast::Utilities.puts_info "\t\t\tFREAK: No"
|
859
|
+
|
860
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
861
|
+
'tls_freak',
|
862
|
+
{vulnerable: false}
|
630
863
|
end
|
631
864
|
|
632
865
|
if ep['details']['logjam']
|
633
866
|
Yawast::Utilities.puts_vuln "\t\t\tLogjam: Vulnerable (DH key exchange with keys smaller than 1024 bits)"
|
867
|
+
|
868
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
869
|
+
'tls_logjam',
|
870
|
+
{vulnerable: true}
|
634
871
|
else
|
635
872
|
Yawast::Utilities.puts_info "\t\t\tLogjam: No"
|
873
|
+
|
874
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
875
|
+
'tls_logjam',
|
876
|
+
{vulnerable: false}
|
636
877
|
end
|
637
878
|
|
879
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
880
|
+
'tls_dh_known_primes',
|
881
|
+
{vulnerable: false, weak: false}
|
882
|
+
|
638
883
|
case ep['details']['dhUsesKnownPrimes']
|
639
884
|
when 0
|
640
885
|
Yawast::Utilities.puts_info "\t\t\tUses common DH primes: No"
|
641
886
|
when 1
|
642
887
|
Yawast::Utilities.puts_warn "\t\t\tUses common DH primes: Yes (not weak)"
|
888
|
+
|
889
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
890
|
+
'tls_dh_known_primes',
|
891
|
+
{vulnerable: true, weak: false}
|
643
892
|
when 2
|
644
893
|
Yawast::Utilities.puts_vuln "\t\t\tUses common DH primes: Yes (weak)"
|
894
|
+
|
895
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
896
|
+
'tls_dh_known_primes',
|
897
|
+
{vulnerable: true, weak: true}
|
645
898
|
else
|
646
|
-
unless ep['details']['dhUsesKnownPrimes']
|
899
|
+
unless ep['details']['dhUsesKnownPrimes'].nil?
|
647
900
|
Yawast::Utilities.puts_error "\t\t\tUses common DH primes: Unknown Response #{ep['details']['dhUsesKnownPrimes']}"
|
648
901
|
end
|
649
902
|
end
|
650
903
|
|
651
904
|
if ep['details']['dhYsReuse']
|
652
905
|
Yawast::Utilities.puts_vuln "\t\t\tDH public server param (Ys) reuse: Yes"
|
906
|
+
|
907
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
908
|
+
'tls_dh_public_server_param_reuse',
|
909
|
+
{vulnerable: true}
|
653
910
|
else
|
654
911
|
Yawast::Utilities.puts_info "\t\t\tDH public server param (Ys) reuse: No"
|
912
|
+
|
913
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
914
|
+
'tls_dh_public_server_param_reuse',
|
915
|
+
{vulnerable: false}
|
655
916
|
end
|
656
917
|
|
657
918
|
if ep['details']['ecdhParameterReuse']
|
658
919
|
Yawast::Utilities.puts_vuln "\t\t\tECDH Public Server Param Reuse: Yes"
|
920
|
+
|
921
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
922
|
+
'tls_ecdh_public_server_param_reuse',
|
923
|
+
{vulnerable: true}
|
659
924
|
else
|
660
925
|
Yawast::Utilities.puts_info "\t\t\tECDH Public Server Param Reuse: No"
|
926
|
+
|
927
|
+
Yawast::Shared::Output.log_hash 'vulnerabilities',
|
928
|
+
'tls_ecdh_public_server_param_reuse',
|
929
|
+
{vulnerable: false}
|
661
930
|
end
|
662
931
|
|
663
932
|
puts
|
@@ -667,32 +936,26 @@ module Yawast
|
|
667
936
|
secure = true
|
668
937
|
|
669
938
|
# check for weak DH
|
670
|
-
if suite['kxStrength']
|
671
|
-
secure = false
|
672
|
-
end
|
939
|
+
secure = false if !suite['kxStrength'].nil? && suite['kxStrength'] < 2048
|
673
940
|
# check for RC4
|
674
|
-
if suite['name'].include? 'RC4'
|
675
|
-
secure = false
|
676
|
-
end
|
941
|
+
secure = false if suite['name'].include? 'RC4'
|
677
942
|
# check for weak suites
|
678
|
-
if suite['cipherStrength'] < 112
|
679
|
-
secure = false
|
680
|
-
end
|
943
|
+
secure = false if suite['cipherStrength'] < 112
|
681
944
|
|
682
945
|
secure
|
683
946
|
end
|
684
947
|
|
685
948
|
def self.get_key_exchange(suite)
|
686
949
|
ke = nil
|
687
|
-
|
688
|
-
if suite['namedGroupBits']
|
689
|
-
|
690
|
-
|
691
|
-
|
692
|
-
|
950
|
+
unless suite['kxType'].nil?
|
951
|
+
ke = if !suite['namedGroupBits'].nil?
|
952
|
+
"#{suite['kxType']}-#{suite['namedGroupBits']} / #{suite['namedGroupName']} (#{suite['kxStrength']} equivalent)"
|
953
|
+
else
|
954
|
+
"#{suite['kxType']}-#{suite['kxStrength']}"
|
955
|
+
end
|
693
956
|
end
|
694
957
|
|
695
|
-
|
958
|
+
ke
|
696
959
|
end
|
697
960
|
end
|
698
961
|
end
|