Codebase list sslscan / b17a88c
Imported Upstream version 1.11.5 Sophie Brun 8 years ago
5 changed file(s) with 73 addition(s) and 15 deletion(s). Raw diff Collapse all Expand all
+9
-0
Changelog less more
00 Changelog
11 =========
2
3 Version: 1.11.5
4 Date : 24/03/2016
5 Author : rbsec <[email protected]>
6 Changes: The following are a list of changes
7 > Fix bug in heartbleed check (credit nuxi)
8 > Makefile improvements and fixes for OSX and FreeBSD
9 > Optimize OpenSSL clone
10 > Implement --show-times to display handshake times in milliseconds
211
312 Version: 1.11.4
413 Date : 06/03/2016
+26
-11
Makefile less more
2323
2424 # for dynamic linking
2525 LIBS = -lssl -lcrypto
26 ifneq ($(OS), FreeBSD)
27 LIBS += -ldl
28 endif
2629
2730 # for static linking
2831 ifeq ($(STATIC_BUILD), TRUE)
2932 PWD = $(shell pwd)/openssl
3033 LDFLAGS += -L${PWD}/
3134 CFLAGS += -I${PWD}/include/ -I${PWD}/
32 LIBS = -lssl -lcrypto -ldl -lz
35 LIBS = -lssl -lcrypto -lz
36 ifneq ($(OS), FreeBSD)
37 LIBS += -ldl
38 endif
3339 GIT_VERSION := $(GIT_VERSION)-static
3440 else
3541 # for dynamic linking
36 LDFLAGS += -L/usr/local/ssl/lib/ -L/usr/local/opt/openssl/lib
37 CFLAGS += -I/usr/local/ssl/include/ -I/usr/local/ssl/include/openssl/ -I/usr/local/opt/openssl/include
42 LDFLAGS += -L/usr/local/lib -L/usr/local/ssl/lib -L/usr/local/opt/openssl/lib -L/opt/local/lib
43 CFLAGS += -I/usr/local/include -I/usr/local/ssl/include -I/usr/local/ssl/include/openssl -I/usr/local/opt/openssl/include -I/opt/local/include -I/opt/local/include/openssl
3844 endif
3945
4046 .PHONY: all sslscan clean install uninstall static opensslpull
5258 sslscan: $(SRCS)
5359 $(CC) -o $@ ${WARNINGS} ${LDFLAGS} ${CFLAGS} ${CPPFLAGS} ${DEFINES} ${SRCS} ${LIBS}
5460
55 install: sslscan
56 mkdir -p $(DESTDIR)$(BINDIR)
57 mkdir -p $(DESTDIR)$(MAN1DIR)
58 cp sslscan $(DESTDIR)$(BINDIR)
59 cp sslscan.1 $(DESTDIR)$(MAN1DIR)
61 install:
62 @if [ ! -f sslscan ] ; then \
63 echo "\n=========\n| ERROR |\n========="; \
64 echo "Before installing you need to build sslscan with either \`make\` or \`make static\`\n"; \
65 exit 1; \
66 fi
67 ifeq ($(OS), Darwin)
68 install sslscan $(DESTDIR)$(BINDIR)/sslscan;
69 install sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
70 else
71 install -D sslscan $(DESTDIR)$(BINDIR)/sslscan;
72 install -D sslscan.1 $(DESTDIR)$(MAN1DIR)/sslscan.1;
73 endif
6074
6175 uninstall:
6276 rm -f $(DESTDIR)$(BINDIR)/sslscan
6882 if [ -d openssl -a -d openssl/.git ]; then \
6983 cd ./openssl && git checkout OpenSSL_1_0_2-stable && git pull | grep -q "Already up-to-date." && [ -e ../.openssl.is.fresh ] || touch ../.openssl.is.fresh ; \
7084 else \
71 git clone https://github.com/openssl/openssl ./openssl && cd ./openssl && git checkout OpenSSL_1_0_2-stable && touch ../.openssl.is.fresh ; \
85 git clone --depth 1 -b OpenSSL_1_0_2-stable https://github.com/openssl/openssl ./openssl && cd ./openssl && touch ../.openssl.is.fresh ; \
7286 fi
73 sed -i 's/# if 0/# if 1/g' openssl/ssl/s2_lib.c
87 sed -i.bak 's/# if 0/# if 1/g' openssl/ssl/s2_lib.c
88 rm openssl/ssl/s2_lib.c.bak
7489
7590 # Need to build OpenSSL differently on OSX
7691 ifeq ($(OS), Darwin)
7792 openssl/Makefile: .openssl.is.fresh
78 cd ./openssl; ./Configure darwin64-x86_64-cc
93 cd ./openssl; ./Configure enable-ssl2 enable-weak-ssl-ciphers zlib darwin64-x86_64-cc
7994 # Any other *NIX platform
8095 else
8196 openssl/Makefile: .openssl.is.fresh
+5
-0
sslscan.1 less more
6262 .B \-\-show\-cipher-ids
6363 Print the hexadecimal cipher IDs
6464 .TP
65 .B \-\-show\-times
66 Show the time taken for each handshake in milliseconds. Note that only a single request is made with each cipher, and that the size of the ClientHello is not constant, so this should not be used for proper benchmarking or performance testing.
67
68 You might want to also use \-\-no\-cipher\-details to make the output a bit clearer.
69 .TP
6570 .B \-\-ssl2
6671 .br
6772 Only check SSLv2 ciphers
+30
-4
sslscan.c less more
10521052 {
10531053
10541054 // Credit to Jared Stafford ([email protected])
1055 char hello[] = {0x16,0x03,0x00,0x00,0xdc,0x01,0x00,0x00,0xd8,0x03,0x02,0x53,0x43,0x5b,0x90,0x9d,0x9b,0x72,0x0b,0xbc,0x0c,0xbc,0x2b,0x92,0xa8,0x48,0x97,0xcf,0xbd,0x39,0x04,0xcc,0x16,0x0a,0x85,0x03,0x90,0x9f,0x77,0x04,0x33,0xd4,0xde,0x00,0x00,0x66,0xc0,0x14,0xc0,0x0a,0xc0,0x22,0xc0,0x21,0x00,0x39,0x00,0x38,0x00,0x88,0x00,0x87,0xc0,0x0f,0xc0,0x05,0x00,0x35,0x00,0x84,0xc0,0x12,0xc0,0x08,0xc0,0x1c,0xc0,0x1b,0x00,0x16,0x00,0x13,0xc0,0x0d,0xc0,0x03,0x00,0x0a,0xc0,0x13,0xc0,0x09,0xc0,0x1f,0xc0,0x1e,0x00,0x33,0x00,0x32,0x00,0x9a,0x00,0x99,0x00,0x45,0x00,0x44,0xc0,0x0e,0xc0,0x04,0x00,0x2f,0x00,0x96,0x00,0x41,0xc0,0x11,0xc0,0x07,0xc0,0x0c,0xc0,0x02,0x00,0x05,0x00,0x04,0x00,0x15,0x00,0x12,0x00,0x09,0x00,0x14,0x00,0x11,0x00,0x08,0x00,0x06,0x00,0x03,0x00,0xff,0x01,0x00,0x00,0x49,0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02,0x00,0x0a,0x00,0x34,0x00,0x32,0x00,0x0e,0x00,0x0d,0x00,0x19,0x00,0x0b,0x00,0x0c,0x00,0x18,0x00,0x09,0x00,0x0a,0x00,0x16,0x00,0x17,0x00,0x08,0x00,0x06,0x00,0x07,0x00,0x14,0x00,0x15,0x00,0x04,0x00,0x05,0x00,0x12,0x00,0x13,0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x0f,0x00,0x10,0x00,0x11,0x00,0x23,0x00,0x00,0x00,0x0f,0x00,0x01,0x01};
1055 char hello[] = {0x16,0x03,0x01,0x00,0xdc,0x01,0x00,0x00,0xd8,0x03,0x00,0x53,0x43,0x5b,0x90,0x9d,0x9b,0x72,0x0b,0xbc,0x0c,0xbc,0x2b,0x92,0xa8,0x48,0x97,0xcf,0xbd,0x39,0x04,0xcc,0x16,0x0a,0x85,0x03,0x90,0x9f,0x77,0x04,0x33,0xd4,0xde,0x00,0x00,0x66,0xc0,0x14,0xc0,0x0a,0xc0,0x22,0xc0,0x21,0x00,0x39,0x00,0x38,0x00,0x88,0x00,0x87,0xc0,0x0f,0xc0,0x05,0x00,0x35,0x00,0x84,0xc0,0x12,0xc0,0x08,0xc0,0x1c,0xc0,0x1b,0x00,0x16,0x00,0x13,0xc0,0x0d,0xc0,0x03,0x00,0x0a,0xc0,0x13,0xc0,0x09,0xc0,0x1f,0xc0,0x1e,0x00,0x33,0x00,0x32,0x00,0x9a,0x00,0x99,0x00,0x45,0x00,0x44,0xc0,0x0e,0xc0,0x04,0x00,0x2f,0x00,0x96,0x00,0x41,0xc0,0x11,0xc0,0x07,0xc0,0x0c,0xc0,0x02,0x00,0x05,0x00,0x04,0x00,0x15,0x00,0x12,0x00,0x09,0x00,0x14,0x00,0x11,0x00,0x08,0x00,0x06,0x00,0x03,0x00,0xff,0x01,0x00,0x00,0x49,0x00,0x0b,0x00,0x04,0x03,0x00,0x01,0x02,0x00,0x0a,0x00,0x34,0x00,0x32,0x00,0x0e,0x00,0x0d,0x00,0x19,0x00,0x0b,0x00,0x0c,0x00,0x18,0x00,0x09,0x00,0x0a,0x00,0x16,0x00,0x17,0x00,0x08,0x00,0x06,0x00,0x07,0x00,0x14,0x00,0x15,0x00,0x04,0x00,0x05,0x00,0x12,0x00,0x13,0x00,0x01,0x00,0x02,0x00,0x03,0x00,0x0f,0x00,0x10,0x00,0x11,0x00,0x23,0x00,0x00,0x00,0x0f,0x00,0x01,0x01};
10561056
10571057 if (sslMethod == TLSv1_client_method())
10581058 {
1059 hello[2] = 0x01;
1059 hello[10] = 0x01;
10601060 }
10611061 #if OPENSSL_VERSION_NUMBER >= 0x10001000L
10621062 else if (sslMethod == TLSv1_1_client_method())
10631063 {
1064 hello[2] = 0x02;
1064 hello[10] = 0x02;
10651065 }
10661066 else if (sslMethod == TLSv1_2_client_method())
10671067 {
1068 hello[2] = 0x03;
1068 hello[10] = 0x03;
10691069 }
10701070 #endif
10711071 if (send(socketDescriptor, hello, sizeof(hello), 0) <= 0) {
12381238 uint32_t cipherid;
12391239 const SSL_CIPHER *sslCipherPointer;
12401240 const char *cleanSslMethod = printableSslMethod(sslMethod);
1241 struct timeval tval_start, tval_end, tval_elapsed;
1242 if (options->showTimes)
1243 {
1244 gettimeofday(&tval_start, NULL);
1245 }
1246
12411247
12421248
12431249 // Create request buffer...
14301436 {
14311437 ssl_print_tmp_key(options, ssl);
14321438 }
1439 // Timing
1440 if (options->showTimes)
1441 {
1442 int msec;
1443 gettimeofday(&tval_end, NULL);
1444 timersub(&tval_end, &tval_start, &tval_elapsed);
1445 msec = tval_elapsed.tv_sec * 1000 + (int)tval_elapsed.tv_usec/1000;
1446 printf("%s %dms%s", COL_GREY, msec, RESET);
1447 printf_xml(" time=\"%d\"", msec);
1448 }
1449
14331450 printf("\n");
14341451 printf_xml(" />\n");
14351452
14621479 // Could not connect
14631480 else
14641481 status = false;
1482
14651483
14661484 return status;
14671485 }
31163134 options.checkCertificate = true;
31173135 options.showClientCiphers = false;
31183136 options.showCipherIds = false;
3137 options.showTimes = false;
31193138 options.ciphersuites = true;
31203139 options.reneg = true;
31213140 options.compression = true;
31833202 else if (strcmp("--show-cipher-ids", argv[argLoop]) == 0)
31843203 {
31853204 options.showCipherIds = true;
3205 }
3206
3207 // Show handshake times
3208 else if (strcmp("--show-times", argv[argLoop]) == 0)
3209 {
3210 options.showTimes = true;
31863211 }
31873212
31883213 // Show client auth trusted CAs
34773502 printf(" %s--show-client-cas%s Show trusted CAs for TLS client auth\n", COL_GREEN, RESET);
34783503 printf(" %s--show-ciphers%s Show supported client ciphers\n", COL_GREEN, RESET);
34793504 printf(" %s--show-cipher-ids%s Show cipher ids\n", COL_GREEN, RESET);
3505 printf(" %s--show-times%s Show handhake times in milliseconds\n", COL_GREEN, RESET);
34803506 #ifndef OPENSSL_NO_SSL2
34813507 printf(" %s--ssl2%s Only check SSLv2 ciphers\n", COL_GREEN, RESET);
34823508 #endif
+3
-0
sslscan.h less more
6969 const char *COL_BLUE = "";
7070 const char *COL_GREEN = "";
7171 const char *COL_PURPLE = "";
72 const char *COL_GREY = "";
7273 const char *COL_RED_BG = "";
7374 #else
7475 const char *RESET = "";
7778 const char *COL_BLUE = "";
7879 const char *COL_GREEN = "";
7980 const char *COL_PURPLE = "";
81 const char *COL_GREY = "";
8082 const char *COL_RED_BG = "";
8183 #endif
8284
116118 int showTrustedCAs;
117119 int showClientCiphers;
118120 int showCipherIds;
121 int showTimes;
119122 int ciphersuites;
120123 int reneg;
121124 int compression;