yawast 0.3.0.beta1 → 0.3.0.beta2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 79985d80e1ef75ebc9280fe083940f9709c6b9c3
4
- data.tar.gz: 628bcc0da114c9c153554b5687b0c85b96390ccf
3
+ metadata.gz: acaf00690ddc7c68663b94e73a5eb2b0eb51c080
4
+ data.tar.gz: 4a85fddd2486d54ac441f0b487fef339006ff7e9
5
5
  SHA512:
6
- metadata.gz: 6ff471e7849b98ce68f6c2d83e23e6358a7f863bb98f7430ad715b2d5dcd9fc77c8c4d17d49bb5611f2f3488e475cb51c40013d320e56b98f0970c9f6df01925
7
- data.tar.gz: 0fff13c7d0e3b06e9fbb0c0a02b13430200d1312762fef5a1fc268093d1d9322e5d056d23db1c37c974b44c98919e0c8c7dd66d7fe157f1faab4b4e38c29afc2
6
+ metadata.gz: a38229adaec840c4837bd53d063453a4ca755bcd666a7d9aeab00857119b61a70a5fbc9a57ddb8ca457f7c4253ccb5dd6d93afc61a6b6b35ec6fe89c2205e3cf
7
+ data.tar.gz: 70f4418e59b3ce272d46b53bc3b5b0bbba7300a916f5ac027c39158848fdd9a5939244b3cb52f250d490251dd657af24ce2d4f389d429d6128e4915dfba8af5d
data/CHANGELOG.md CHANGED
@@ -2,6 +2,7 @@
2
2
 
3
3
  * [#61](https://github.com/adamcaudill/yawast/issues/61) - SSL Session Count: force 3DES suites
4
4
  * [#23](https://github.com/adamcaudill/yawast/issues/23) - Add check for HTTP to HTTPS redirect
5
+ * [#63](https://github.com/adamcaudill/yawast/issues/63) - Rename `--sslsessioncount` to `--tdessessioncount`
5
6
 
6
7
  ## 0.2.2 - 2016-08-07
7
8
 
data/README.md CHANGED
@@ -80,6 +80,7 @@ Checks for the following SSL issues are performed:
80
80
  * SHA1 Signature
81
81
  * RC4 Cipher Suites
82
82
  * Weak (< 128 bit) Cipher Suites
83
+ * SWEET32
83
84
 
84
85
  In addition to these tests, certain basic information is also displayed, such as IPs (and the PTR record for each IP), HTTP HEAD request, and others.
85
86
 
@@ -180,9 +181,9 @@ This mode is the most comprehensive, and contains far more data than the Interna
180
181
 
181
182
  ### Usage
182
183
 
183
- * Standard scan: `./yawast scan <url> [--internalssl] [--nossl] [--nociphers] [--dir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
184
- * HEAD-only scan: `./yawast head <url> [--internalssl] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
185
- * SSL information: `./yawast ssl <url> [--internalssl] [--nociphers]`
184
+ * Standard scan: `./yawast scan <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--dir] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
185
+ * HEAD-only scan: `./yawast head <url> [--internalssl] [--tdessessioncount] [--nossl] [--nociphers] [--proxy localhost:8080] [--cookie SESSIONID=12345]`
186
+ * SSL information: `./yawast ssl <url> [--internalssl] [--tdessessioncount] [--nociphers]`
186
187
  * CMS detection: `./yawast cms <url> [--proxy localhost:8080] [--cookie SESSIONID=12345]`
187
188
 
188
189
  For detailed information, just call `./yawast -h` to see the help page. To see information for a specific command, call `./yawast -h <command>` for full details.
@@ -204,7 +205,7 @@ For authenticated testing, YAWAST allows you to specify a cookie to be passed vi
204
205
  Using `scan` - the normal go-to option, here's what you get when scanning my website:
205
206
 
206
207
  ```
207
- $yawast scan https://adamcaudill.com --dir --sslsessioncount
208
+ $yawast scan https://adamcaudill.com --dir --tdessessioncount
208
209
  __ _____ _ _ ___ _____ _____
209
210
  \ \ / / _ \| | | |/ _ \ / ___|_ _|
210
211
  \ V / /_\ \ | | / /_\ \\ `--. | |
data/bin/yawast CHANGED
@@ -16,7 +16,7 @@ command :scan do |c|
16
16
  c.option '--nossl', 'Disables SSL checks'
17
17
  c.option '--nociphers', 'Disables check for supported ciphers (only with --internalssl)'
18
18
  c.option '--internalssl', 'Disable SSL Labs integration'
19
- c.option '--sslsessioncount', 'Counts the number of messages that can be sent in a single session'
19
+ c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
20
20
  c.option '--dir', 'Enables directory search'
21
21
  c.option '--dirrecursive', 'Recursive directory search (only with --dir)'
22
22
  c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
@@ -34,7 +34,7 @@ command :head do |c|
34
34
  c.option '--nossl', 'Disables SSL checks'
35
35
  c.option '--nociphers', 'Disables check for supported ciphers (only with --internalssl)'
36
36
  c.option '--internalssl', 'Disable SSL Labs integration'
37
- c.option '--sslsessioncount', 'Counts the number of messages that can be sent in a single session'
37
+ c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
38
38
  c.option '--proxy STRING', String, 'HTTP Proxy Server (such as Burp Suite)'
39
39
  c.option '--cookie STRING', String, 'Session cookie'
40
40
 
@@ -49,7 +49,7 @@ command :ssl do |c|
49
49
 
50
50
  c.option '--nociphers', 'Disables check for supported ciphers (only with --internalssl)'
51
51
  c.option '--internalssl', 'Disable SSL Labs integration'
52
- c.option '--sslsessioncount', 'Counts the number of messages that can be sent in a single session'
52
+ c.option '--tdessessioncount', 'Counts the number of messages that can be sent in a single session'
53
53
 
54
54
  c.action do |args, options|
55
55
  Yawast::Commands::Ssl.process(args, options)
@@ -3,7 +3,7 @@ module Yawast
3
3
  class Apache
4
4
  def self.check_banner(banner)
5
5
  #don't bother if this doesn't look like Apache
6
- return if !banner.include? 'Apache'
6
+ return unless banner.include? 'Apache'
7
7
  @apache = true
8
8
 
9
9
  modules = banner.split(' ')
data/lib/scanner/core.rb CHANGED
@@ -111,9 +111,9 @@ module Yawast
111
111
  head = Yawast::Shared::Http.head(@uri) if head == nil
112
112
 
113
113
  if options.internalssl
114
- Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.sslsessioncount)
114
+ Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
115
115
  else
116
- Yawast::Scanner::SslLabs.info(@uri, options.sslsessioncount)
116
+ Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
117
117
  end
118
118
 
119
119
  Yawast::Scanner::Ssl.check_hsts(head)
@@ -273,7 +273,7 @@ module Yawast
273
273
  headers = Yawast::Shared::Http.get_headers
274
274
  res = req.request(Trace.new('/', headers))
275
275
 
276
- if res.body.include? 'TRACE / HTTP/1.1' && res.code == '200'
276
+ if res.body.include?('TRACE / HTTP/1.1') && res.code == '200'
277
277
  Yawast::Utilities.puts_warn 'HTTP TRACE Enabled'
278
278
  puts "\t\t\"curl -X TRACE #{uri}\""
279
279
 
data/lib/scanner/iis.rb CHANGED
@@ -3,7 +3,7 @@ module Yawast
3
3
  class Iis
4
4
  def self.check_banner(banner)
5
5
  #don't bother if this doesn't include IIS
6
- return if !banner.include? 'Microsoft-IIS/'
6
+ return unless banner.include? 'Microsoft-IIS/'
7
7
  @iis = true
8
8
 
9
9
  Yawast::Utilities.puts_warn "IIS Version: #{banner}"
@@ -11,7 +11,7 @@ module Yawast
11
11
  end
12
12
 
13
13
  def self.check_all(uri, head)
14
- return if !@iis
14
+ return unless @iis
15
15
 
16
16
  #run all the defined checks
17
17
  check_asp_banner(head)
data/lib/scanner/nginx.rb CHANGED
@@ -3,7 +3,7 @@ module Yawast
3
3
  class Nginx
4
4
  def self.check_banner(banner)
5
5
  #don't bother if this doesn't include nginx
6
- return if !banner.include? 'nginx/'
6
+ return unless banner.include? 'nginx/'
7
7
 
8
8
  Yawast::Utilities.puts_warn "nginx Version: #{banner}"
9
9
  puts ''
data/lib/scanner/php.rb CHANGED
@@ -3,7 +3,7 @@ module Yawast
3
3
  class Php
4
4
  def self.check_banner(banner)
5
5
  #don't bother if this doesn't include PHP
6
- return if !banner.include? 'PHP/'
6
+ return unless banner.include? 'PHP/'
7
7
 
8
8
  modules = banner.split(' ')
9
9
 
data/lib/scanner/ssl.rb CHANGED
@@ -5,7 +5,7 @@ require 'digest/sha1'
5
5
  module Yawast
6
6
  module Scanner
7
7
  class Ssl
8
- def self.info(uri, check_ciphers, sslsessioncount)
8
+ def self.info(uri, check_ciphers, tdes_session_count)
9
9
  begin
10
10
  socket = TCPSocket.new(uri.host, uri.port)
11
11
 
@@ -98,7 +98,7 @@ module Yawast
98
98
 
99
99
  ssl.sysclose
100
100
 
101
- get_session_msg_count(uri) if sslsessioncount
101
+ get_tdes_session_msg_count(uri) if tdes_session_count
102
102
  rescue => e
103
103
  Yawast::Utilities.puts_error "SSL: Error Reading X509 Details: #{e.message}"
104
104
  end
@@ -178,7 +178,7 @@ module Yawast
178
178
  puts ''
179
179
  end
180
180
 
181
- def self.get_session_msg_count(uri)
181
+ def self.get_tdes_session_msg_count(uri)
182
182
  # this method will send a number of HEAD requests to see
183
183
  # if the connection is eventually killed.
184
184
  puts 'TLS Session Request Limit: Checking number of requests accepted using 3DES suites...'
@@ -6,7 +6,7 @@ require 'digest/sha1'
6
6
  module Yawast
7
7
  module Scanner
8
8
  class SslLabs
9
- def self.info(uri, sslsessioncount)
9
+ def self.info(uri, tdes_session_count)
10
10
  puts 'Beginning SSL Labs scan (this could take a minute or two)'
11
11
 
12
12
  api = Ssllabs::Api.new
@@ -51,7 +51,7 @@ module Yawast
51
51
  Yawast::Utilities.puts_error "Error getting information for IP: #{ep.ip_address}: #{e.message}"
52
52
  end
53
53
 
54
- Yawast::Scanner::Ssl.get_session_msg_count(uri) if sslsessioncount
54
+ Yawast::Scanner::Ssl.get_tdes_session_msg_count(uri) if tdes_session_count
55
55
 
56
56
  puts
57
57
  end
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Yawast
2
- VERSION = '0.3.0.beta1'
2
+ VERSION = '0.3.0.beta2'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.0.beta1
4
+ version: 0.3.0.beta2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-09-12 00:00:00.000000000 Z
11
+ date: 2016-09-16 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ssllabs