yawast 0.4.0 → 0.5.0.beta1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 809632f522dd6924e8a196bb130e59e0ed98b967
4
- data.tar.gz: 0dc7cdaef9e64ad07f00c5c603023db597e5f78c
3
+ metadata.gz: 65106d07977f1c60a5f68f2506cfe81746c22c13
4
+ data.tar.gz: 6997ee2700653653651dd21a421d95cf0873a8a6
5
5
  SHA512:
6
- metadata.gz: 03a5b6771a87ed689a15f7fd2bae9c8c42f59dcc9cbe36c24611709c002c376864e4604e028272b3cccc38d2f24901bf4101c92e038b8681c3b410e20df72732
7
- data.tar.gz: 0f922b7836655decc4cc252f79c4c60cac0d0a02a87a9d0b6ad624d243d4d02cfaf35d70cbfb0b5926bc6dd16d2673db8a9de0e052f576135d083cf1862d34ad
6
+ metadata.gz: 043435f7f05f23da628a61ad534110f2c2abf9bc0e94d562905614cb19add99cd2c528fc8e3079c4ea68ed01f80a9700cf79de5c76f9c1df5faabc812f371300
7
+ data.tar.gz: 916d107d840cfc78635193f88ca604588669f3b22706a5b4389e4932eef9f032dfa47b8b01ea98f18e4eab79234f3dfc72c5e2b2726f2feda2731059c49eb091
data/CHANGELOG.md CHANGED
@@ -1,3 +1,8 @@
1
+ ## 0.5.0 - In Development
2
+
3
+ * [#75](https://github.com/adamcaudill/yawast/issues/75) - Use internal SSL scanner for non-standard ports
4
+ * [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
5
+
1
6
  ## 0.4.0 - 2016-11-03
2
7
 
3
8
  * [#66](https://github.com/adamcaudill/yawast/issues/66) - Thread directory search for better performance
data/lib/scanner/core.rb CHANGED
@@ -36,7 +36,7 @@ module Yawast
36
36
  Yawast::Shared::Http.setup(options.proxy, options.cookie)
37
37
 
38
38
  #cache the HEAD result, so that we can minimize hits
39
- head = Yawast::Shared::Http.head(@uri)
39
+ head = get_head
40
40
  Yawast::Scanner::Generic.head_info(head, @uri)
41
41
 
42
42
  #perfom SSL checks
@@ -101,10 +101,10 @@ module Yawast
101
101
  setup(uri, options)
102
102
 
103
103
  if @uri.scheme == 'https' && !options.nossl
104
- head = Yawast::Shared::Http.head(@uri) if head == nil
104
+ head = get_head if head == nil
105
105
 
106
- if options.internalssl || IPAddress.valid?(uri.host)
107
- Yawast::Scanner::Ssl.info(uri, !options.nociphers, options.tdessessioncount)
106
+ if options.internalssl || IPAddress.valid?(@uri.host) || @uri.port != 443
107
+ Yawast::Scanner::Ssl.info(@uri, !options.nociphers, options.tdessessioncount)
108
108
  else
109
109
  Yawast::Scanner::SslLabs.info(@uri, options.tdessessioncount)
110
110
  end
@@ -114,6 +114,15 @@ module Yawast
114
114
  puts 'Skipping TLS checks; URL is not HTTPS'
115
115
  end
116
116
  end
117
+
118
+ def self.get_head()
119
+ begin
120
+ Yawast::Shared::Http.head(@uri)
121
+ rescue => e
122
+ Yawast::Utilities.puts_error "Fatal Connection Error (#{e.class}: #{e.message})"
123
+ exit 1
124
+ end
125
+ end
117
126
  end
118
127
  end
119
128
  end
data/lib/scanner/ssl.rb CHANGED
@@ -121,44 +121,17 @@ module Yawast
121
121
  versions.each do |version|
122
122
  #ignore SSLv23, as it's an auto-negotiate, which just adds noise
123
123
  if version.to_s != 'SSLv23'
124
- ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
125
- puts "\tChecking for #{version.to_s} suites (#{ciphers.count} possible suites)"
126
-
127
- ciphers.each do |cipher|
128
- #try to connect and see what happens
129
- begin
130
- socket = TCPSocket.new(ip.to_s, uri.port)
131
- context = OpenSSL::SSL::SSLContext.new(version)
132
- context.ciphers = cipher[0]
133
- ssl = OpenSSL::SSL::SSLSocket.new(socket, context)
134
- ssl.hostname = uri.host
135
-
136
- ssl.connect
137
-
138
- if cipher[2] < 112 || cipher[0].include?('RC4')
139
- #less than 112 bits or RC4, flag as a vuln
140
- Yawast::Utilities.puts_vuln "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
141
- elsif cipher[2] >= 128
142
- #secure, probably safe
143
- Yawast::Utilities.puts_info "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
144
- else
145
- #weak, but not "omg!" weak.
146
- Yawast::Utilities.puts_warn "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
147
- end
124
+ #try to get the list of ciphers supported for each version
125
+ ciphers = nil
148
126
 
149
- ssl.sysclose
150
- rescue OpenSSL::SSL::SSLError => e
151
- unless e.message.include?('alert handshake failure') ||
152
- e.message.include?('no ciphers available') ||
153
- e.message.include?('wrong version number') ||
154
- e.message.include?('alert protocol version')
155
- Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
156
- end
157
- rescue => e
158
- Yawast::Utilities.puts_error "\t\tVersion: #{''.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(#{e.message})"
159
- ensure
160
- ssl.sysclose unless ssl == nil
161
- end
127
+ begin
128
+ ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
129
+ rescue => e
130
+ Yawast::Utilities.puts_error "\tError getting cipher suites for #{version.to_s}, skipping. (#{e.message})"
131
+ end
132
+
133
+ if ciphers != nil
134
+ check_version_suites uri, ip, ciphers, version
162
135
  end
163
136
  end
164
137
  end
@@ -166,6 +139,47 @@ module Yawast
166
139
  puts ''
167
140
  end
168
141
 
142
+ def self.check_version_suites(uri, ip, ciphers, version)
143
+ puts "\tChecking for #{version.to_s} suites (#{ciphers.count} possible suites)"
144
+
145
+ ciphers.each do |cipher|
146
+ #try to connect and see what happens
147
+ begin
148
+ socket = TCPSocket.new(ip.to_s, uri.port)
149
+ context = OpenSSL::SSL::SSLContext.new(version)
150
+ context.ciphers = cipher[0]
151
+ ssl = OpenSSL::SSL::SSLSocket.new(socket, context)
152
+ ssl.hostname = uri.host
153
+
154
+ ssl.connect
155
+
156
+ if cipher[2] < 112 || cipher[0].include?('RC4')
157
+ #less than 112 bits or RC4, flag as a vuln
158
+ Yawast::Utilities.puts_vuln "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
159
+ elsif cipher[2] >= 128
160
+ #secure, probably safe
161
+ Yawast::Utilities.puts_info "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
162
+ else
163
+ #weak, but not "omg!" weak.
164
+ Yawast::Utilities.puts_warn "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}"
165
+ end
166
+
167
+ ssl.sysclose
168
+ rescue OpenSSL::SSL::SSLError => e
169
+ unless e.message.include?('alert handshake failure') ||
170
+ e.message.include?('no ciphers available') ||
171
+ e.message.include?('wrong version number') ||
172
+ e.message.include?('alert protocol version')
173
+ Yawast::Utilities.puts_error "\t\tVersion: #{ssl.ssl_version.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(Supported But Failed)"
174
+ end
175
+ rescue => e
176
+ Yawast::Utilities.puts_error "\t\tVersion: #{''.ljust(7)}\tBits: #{cipher[2]}\tCipher: #{cipher[0]}\t(#{e.message})"
177
+ ensure
178
+ ssl.sysclose unless ssl == nil
179
+ end
180
+ end
181
+ end
182
+
169
183
  def self.check_hsts(head)
170
184
  found = ''
171
185
 
@@ -10,15 +10,15 @@ module Yawast
10
10
  def self.info(uri, tdes_session_count)
11
11
  puts 'Beginning SSL Labs scan (this could take a minute or two)'
12
12
 
13
- api = Ssllabs::Api.new
13
+ begin
14
+ api = Ssllabs::Api.new
14
15
 
15
- info = api.info
16
+ info = api.info
16
17
 
17
- info.messages.each do |msg|
18
- puts "[SSL Labs] #{msg}"
19
- end
18
+ info.messages.each do |msg|
19
+ puts "[SSL Labs] #{msg}"
20
+ end
20
21
 
21
- begin
22
22
  api.analyse(host: uri.host, publish: 'off', startNew: 'on', all: 'done', ignoreMismatch: 'on')
23
23
 
24
24
  status = ''
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Yawast
2
- VERSION = '0.4.0'
2
+ VERSION = '0.5.0.beta1'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.5.0.beta1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-11-03 00:00:00.000000000 Z
11
+ date: 2016-12-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ssllabs
@@ -190,9 +190,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
190
190
  version: '0'
191
191
  required_rubygems_version: !ruby/object:Gem::Requirement
192
192
  requirements:
193
- - - ">="
193
+ - - ">"
194
194
  - !ruby/object:Gem::Version
195
- version: '0'
195
+ version: 1.3.1
196
196
  requirements: []
197
197
  rubyforge_project: yawast
198
198
  rubygems_version: 2.6.6