yawast 0.5.0.beta4 → 0.5.0.beta5

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 400253733c35a69633bfa93c996cd7eb2fed21b5
4
- data.tar.gz: 453abac414cc6af0f4efb1b952189a1457887e33
3
+ metadata.gz: 02aa0ad73bc9e34325a0989a0e9c30a28fe2e40a
4
+ data.tar.gz: 0391495210e5beeff8306ad8173730f707a4a607
5
5
  SHA512:
6
- metadata.gz: 899b87c5677b6fbf4bcd6fde0d6249064a0844c11a4a53f7567da47cb08aec289dcdaa7ca525a544cced1249b7c7e584a4c0f632e716351a1c364d6489bc0626
7
- data.tar.gz: 83b67f387e7364708c1b49f7f6c7d900466f6e438ae6b14ae5a223d57dcb737f6874dd9e16c1183cc60958a43fa20dbc6689b4549c75b23634c21d116c1f2b6a
6
+ metadata.gz: 32d58a74c90bab8977d103fb40a5dce202e2dd80c9a3d7bb9fb01b197944dcc9894fb8d6a2a3273952cb6398c1ab1ff8dbeb7fe167909cb6a65bb0bc3fac2903
7
+ data.tar.gz: 3fc7dad7e9bab7552f97f127aba85b468372f5fce27ed916db6f504b0b21d43b39ade769c547525d3fad5b8da8e768a247d59c7da757c9b627766fd4c42fbd57
data/CHANGELOG.md CHANGED
@@ -11,6 +11,7 @@
11
11
  * [#91](https://github.com/adamcaudill/yawast/issues/91) - Enhanced file search
12
12
  * [#96](https://github.com/adamcaudill/yawast/issues/96) - Scan for known SRV DNS Records
13
13
  * [#97](https://github.com/adamcaudill/yawast/issues/97) - Search for Common Subdomains
14
+ * [#102](https://github.com/adamcaudill/yawast/issues/102) - Use SSLShake to power cipher suite enumeration
14
15
  * [#76](https://github.com/adamcaudill/yawast/issues/76) - Bug: Handle error for OpenSSL version support error
15
16
  * [#98](https://github.com/adamcaudill/yawast/issues/98) - Bug: SWEET32 Test Fails if 3DES Not Support By Latest Server Supported TLS Version
16
17
  * [#99](https://github.com/adamcaudill/yawast/issues/99) - Bug: Cloudflare SWEET32 False Positive
data/lib/scanner/ssl.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  require 'openssl'
2
2
  require 'openssl-extensions/all'
3
3
  require 'digest/sha1'
4
+ require 'sslshake'
4
5
 
5
6
  module Yawast
6
7
  module Scanner
@@ -119,7 +120,7 @@ module Yawast
119
120
  end
120
121
 
121
122
  def self.get_ciphers(uri)
122
- puts 'Supported Ciphers (based on your OpenSSL version):'
123
+ puts 'Supported Ciphers:'
123
124
 
124
125
  dns = Resolv::DNS.new
125
126
 
@@ -129,27 +130,29 @@ module Yawast
129
130
  ip = dns.getaddresses(uri.host)[0]
130
131
  end
131
132
 
132
- #find all versions that don't include '_server' or '_client'
133
- versions = OpenSSL::SSL::SSLContext::METHODS.find_all { |v| !v.to_s.include?('_client') && !v.to_s.include?('_server')}
133
+ protocols = %w(ssl2 ssl3 tls1.0 tls1.1 tls1.2)
134
134
 
135
- versions.each do |version|
136
- #ignore SSLv23, as it's an auto-negotiate, which just adds noise
137
- if version.to_s != 'SSLv23'
138
- #try to get the list of ciphers supported for each version
139
- ciphers = nil
135
+ protocols.each do |protocol|
136
+ case protocol
137
+ when 'ssl2'
138
+ ciphers = SSLShake::SSLv2::CIPHERS
139
+ when 'ssl3'
140
+ ciphers = SSLShake::TLS::SSL3_CIPHERS
141
+ else
142
+ ciphers = SSLShake::TLS::TLS_CIPHERS
143
+ end
144
+
145
+ puts "\tChecking for #{protocol} suites (#{ciphers.count} possible suites)"
140
146
 
141
- get_ciphers_failed = false
147
+ ciphers.each_key do |cipher|
142
148
  begin
143
- ciphers = OpenSSL::SSL::SSLContext.new(version).ciphers
144
- rescue => e
145
- Yawast::Utilities.puts_error "\tError getting cipher suites for #{version}, skipping. (#{e.message})"
146
- get_ciphers_failed = true
147
- end
149
+ res = SSLShake.hello(ip.to_s, port: uri.port, protocol: protocol, ciphers: cipher, servername: uri.host)
148
150
 
149
- if ciphers != nil
150
- check_version_suites uri, ip, ciphers, version
151
- elsif !get_ciphers_failed
152
- Yawast::Utilities.puts_info "\t#{version}: No cipher suites available."
151
+ if res['error'] == nil
152
+ Yawast::Utilities.puts_info "\t\tCipher: #{res['cipher_suite']}"
153
+ end
154
+ rescue => e
155
+ Yawast::Utilities.puts_error "SSL: Error Reading Cipher Details: #{e.message}"
153
156
  end
154
157
  end
155
158
  end
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Yawast
2
- VERSION = '0.5.0.beta4'
2
+ VERSION = '0.5.0.beta5'
3
3
  end
data/yawast.gemspec CHANGED
@@ -21,6 +21,7 @@ Gem::Specification.new do |s|
21
21
  s.add_runtime_dependency 'ipaddr_extensions', '~> 1.0'
22
22
  s.add_runtime_dependency 'ipaddress', '~> 0.8'
23
23
  s.add_runtime_dependency 'public_suffix', '~> 2.0'
24
+ s.add_runtime_dependency 'sslshake', '~> 1.1'
24
25
 
25
26
  s.bindir = 'bin'
26
27
  s.files = `git ls-files`.split("\n")
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: yawast
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0.beta4
4
+ version: 0.5.0.beta5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Adam Caudill
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-03-15 00:00:00.000000000 Z
11
+ date: 2017-04-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: ssllabs
@@ -122,6 +122,20 @@ dependencies:
122
122
  - - "~>"
123
123
  - !ruby/object:Gem::Version
124
124
  version: '2.0'
125
+ - !ruby/object:Gem::Dependency
126
+ name: sslshake
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: '1.1'
132
+ type: :runtime
133
+ prerelease: false
134
+ version_requirements: !ruby/object:Gem::Requirement
135
+ requirements:
136
+ - - "~>"
137
+ - !ruby/object:Gem::Version
138
+ version: '1.1'
125
139
  description: YAWAST is an application meant to simplify initial analysis and information
126
140
  gathering for penetration testers and security auditors.
127
141
  email: adam@adamcaudill.com