|
0 |
#!/usr/bin/env bash
|
|
1 |
#
|
|
2 |
# Tool:
|
|
3 |
# TLSSLed.sh
|
|
4 |
#
|
|
5 |
# Description:
|
|
6 |
# Script to extract the most relevant security details from a
|
|
7 |
# target SSL/TLS HTTPS implementation by using sslscan & openssl.
|
|
8 |
#
|
|
9 |
# URL:
|
|
10 |
# http://www.taddong.com/en/lab.html#TLSSLED
|
|
11 |
#
|
|
12 |
# Author:
|
|
13 |
# Raul Siles (raul _AT_ taddong _DOT_ com)
|
|
14 |
# Taddong SL (www.taddong.com)
|
|
15 |
#
|
|
16 |
# Date: 2013-01-31
|
|
17 |
# Version: 1.3
|
|
18 |
#
|
|
19 |
|
|
20 |
#
|
|
21 |
# /**************************************************************************
|
|
22 |
# * Copyright 2011-2013 by Taddong SL (Raul Siles) *
|
|
23 |
# * *
|
|
24 |
# * This program is free software; you can redistribute it and/or modify *
|
|
25 |
# * it under the terms of the GNU General Public License as published by *
|
|
26 |
# * the Free Software Foundation; either version 3 of the License, or *
|
|
27 |
# * (at your option) any later version. *
|
|
28 |
# * *
|
|
29 |
# * This program is distributed in the hope that it will be useful, *
|
|
30 |
# * but WITHOUT ANY WARRANTY; without even the implied warranty of *
|
|
31 |
# * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
|
|
32 |
# * GNU General Public License for more details. *
|
|
33 |
# * *
|
|
34 |
# * You should have received a copy of the GNU General Public License *
|
|
35 |
# * along with this program. If not, see <http://www.gnu.org/licenses/>. *
|
|
36 |
# * *
|
|
37 |
# **************************************************************************/
|
|
38 |
#
|
|
39 |
|
|
40 |
#
|
|
41 |
# - TODO:
|
|
42 |
# - Add a new command line argument to define the specific URL to test in
|
|
43 |
# the target server. E.g. $ ./TLSSLed.sh HOSTNAME_or_IP-ADDRESS PORT [URL]"
|
|
44 |
#
|
|
45 |
# By default the URL should be "/".
|
|
46 |
# This check should use HTTP/1.1 (instead of 1.0) and a valid Host header.
|
|
47 |
# (Right now this only applies to the HTTP header tests at the end)
|
|
48 |
#
|
|
49 |
#
|
|
50 |
# - New in version 1.3:
|
|
51 |
# - All file output goes to a single directory (same filenames as in
|
|
52 |
# previous versions) instead of to the working local directory.
|
|
53 |
# - Change in the date format used for log files:
|
|
54 |
# From: 2011-12-30_105055 - To: 20111230-105055
|
|
55 |
# - Test if SSL/TLS renegotiation is enabled (NEW check) and if the target
|
|
56 |
# service supports secure renegotiation (already in previous versions).
|
|
57 |
# If secure renegotiation is not supported, we must check renegotiation
|
|
58 |
# by usin legacy renegotiation (two new log files are used).
|
|
59 |
# - New test to check for legacy renegotiation even when secure
|
|
60 |
# renegotiation is supported, just in case the target service supports
|
|
61 |
# both.
|
|
62 |
# - Test if client certificate authentication is required by the target
|
|
63 |
# service. If so, identify the number of CAs accepted and save the
|
|
64 |
# list of CAs to a file.
|
|
65 |
# - New test to check for HTTP headers using HTTP/1.0 (previous
|
|
66 |
# versions) as well as HTTP/1.1 and a valid Host header. New log
|
|
67 |
# files created for this.
|
|
68 |
# - New error handling code for the initial SSL/TLS verification.
|
|
69 |
# - Optimizations in the openssl delays (sleep timers).
|
|
70 |
# - New DELAY variable to control sleep timers (by default 3 seconds -
|
|
71 |
# it was 5 before).
|
|
72 |
# - New output indentation.
|
|
73 |
# - New output code set for findings: - (negative), + (positive), . (info),
|
|
74 |
# * (group of checks) or ! (error/warning).
|
|
75 |
# - LOGFILE changed to SSLSCANLOGFILE & ERRFILE changed to SSLSCANERRFILE.
|
|
76 |
# - RENEGLEGACY???FILE(s) included in the final listing and removal
|
|
77 |
# process.
|
|
78 |
# - Several changes to the output messages for the different findings.
|
|
79 |
# - Duplication of "Prefered Server Cipher" output message removed.
|
|
80 |
# - New check to test for RC4 in the prefered chiper(s) regarding BEAST.
|
|
81 |
# - Use of openssl "-prexit" option for some weird target scenarios (CSA).
|
|
82 |
# - Added the date and time at the beggining of the output.
|
|
83 |
#
|
|
84 |
# - New in version 1.2:
|
|
85 |
# - Mac OS X support: sed regex switch changed - by [ anonymous ].
|
|
86 |
# - Test if target service speaks SSL/TLS - by Abraham Aranguren (AA).
|
|
87 |
# For performance reasons, this test has been merged with the SSL/TLS
|
|
88 |
# renegotiation test.
|
|
89 |
# - Optimizations by removing cat usage in grepping for findings - by AA.
|
|
90 |
# - New initial tests to check for the tool prerequisites: openssl &
|
|
91 |
# sslscan.
|
|
92 |
# - Test for TLS v1.1 and v1.2 support (CVE-2011-3389 aka BEAST).
|
|
93 |
# The tests also include checking for SSLv3 and TLSv1 support.
|
|
94 |
# - Log files names changed from host:port to host_port and ":" removed
|
|
95 |
# from the time portion of the date command, to be able to copy them
|
|
96 |
# to Windows based file systems:
|
|
97 |
# (In Windows ":" is not allowed in a filename, while "_" is).
|
|
98 |
#
|
|
99 |
# - New in version 1.1:
|
|
100 |
# - Cert public key length, subject, issuer, and validiy period.
|
|
101 |
# - Test HTTP(S) secure headers: Strict-Transport-Security (STS), and
|
|
102 |
# cookies with and without the secure flag.
|
|
103 |
# - NOTE: openssl output is now saved to files too.
|
|
104 |
#
|
|
105 |
# - Current SSL/TLS tests: (version 1.0)
|
|
106 |
# SSLv2, NULL cipher, weak ciphers -key length-, strong ciphers -AES-,
|
|
107 |
# MD5 signed cert, and SSL/TLS renegotiation.
|
|
108 |
#
|
|
109 |
#
|
|
110 |
# Requires:
|
|
111 |
# - sslscan
|
|
112 |
# https://sourceforge.net/projects/sslscan/
|
|
113 |
# - openssl
|
|
114 |
# http://www.openssl.org
|
|
115 |
#
|
|
116 |
# Credits for ideas and feedback:
|
|
117 |
# - Version 1.0 based on ssl_test.sh by Aung Khant, http://yehg.net.
|
|
118 |
# - Abraham Aranguren (AA) - http://securityconscious.blogspot.com (in v1.2)
|
|
119 |
#
|
|
120 |
|
|
121 |
# New output codeset (between square brackets) for the findings:
|
|
122 |
# [-] Negative finding (insecure)
|
|
123 |
# [+] Positive finding (secure)
|
|
124 |
# [.] Informational finding
|
|
125 |
# [*] Group of checks
|
|
126 |
# [!] Error or warning message
|
|
127 |
|
|
128 |
# Variables
|
|
129 |
|
|
130 |
# Version
|
|
131 |
VERSION=1.3
|
|
132 |
|
|
133 |
# Manage sleep time for openssl connections (in seconds)
|
|
134 |
DELAY=3
|
|
135 |
|
|
136 |
# DATE (pre v1.3):
|
|
137 |
# DATE=$(date +%F_%R:%S | sed 's/://g')
|
|
138 |
# DATE (post v1.3+):
|
|
139 |
DATE=$(date +%Y%m%d-%H%M%S)
|
|
140 |
|
|
141 |
# Some SSL/TLS target services require some extra options to work:
|
|
142 |
# E.g. -prexit: Print out info even when the SSL/TLS connection fails.
|
|
143 |
# http://www.openssl.org/docs/apps/s_client.html
|
|
144 |
# For some scenarios where client certificates are required.
|
|
145 |
OPENSSLOPTIONS="-prexit"
|
|
146 |
|
|
147 |
# Default openssl protocol: By default this variable is empty so that the
|
|
148 |
# protocol is automatically selected by the openssl version available:
|
|
149 |
OPENSSLPROTOCOLVERSION=""
|
|
150 |
# The default backward compatible protocol version in case of errors: TLS1
|
|
151 |
BACKWARDPROTOCOL="false"
|
|
152 |
OPENSSLBACKWARDPROTOCOLVERSION="-tls1"
|
|
153 |
#
|
|
154 |
# See NOTE (openssl protocol version glitches) below.
|
|
155 |
#
|
|
156 |
# openssl 1.x might require the "-tls1" or "-ssl3" openssl command line
|
|
157 |
# arguments on some target sites, as openssl 1.x uses TLS protocol version
|
|
158 |
# 1.2 by default in the Client Hello message, and if not supported by the
|
|
159 |
# target server, it never sends the Server Hello message back.
|
|
160 |
#
|
|
161 |
|
|
162 |
# *** SECURITY DISCLAIMER ***
|
|
163 |
# This script does not filter the input for certain commands, hence it
|
|
164 |
# might be vulnerable to local input command manipulation, such as in uname.
|
|
165 |
# *** SECURITY DISCLAIMER ***
|
|
166 |
|
|
167 |
# Functions ()
|
|
168 |
|
|
169 |
reviewlogfiles () {
|
|
170 |
echo
|
|
171 |
echo "[.] Review the files within the output directory for more info."
|
|
172 |
echo " [.] Output directory: $DIRECTORY ..."
|
|
173 |
echo
|
|
174 |
}
|
|
175 |
|
|
176 |
# Function to initially test if the target service speaks SSL/TLS
|
|
177 |
test_if_service_speaks_SSLTLS () {
|
|
178 |
|
|
179 |
(echo R; sleep $DELAY) | \
|
|
180 |
openssl s_client $OPENSSLPROTOCOLVERSION -connect $HOST:$PORT \
|
|
181 |
$OPENSSLOPTIONS > $DIRECTORY/$RENEGLOGFILE 2> $DIRECTORY/$RENEGERRFILE &
|
|
182 |
pid=$!
|
|
183 |
sleep $DELAY
|
|
184 |
|
|
185 |
SSL_HANDSHAKE_LINES=$(cat $DIRECTORY/$RENEGLOGFILE | wc -l)
|
|
186 |
#
|
|
187 |
# NOTE: openssl protocol version glitches
|
|
188 |
#
|
|
189 |
# This check does not work with openssl 1.0.1-dev on some target sites,
|
|
190 |
# and it requires the "-tls1" or "-ssl3" openssl command line arguments;
|
|
191 |
# here, and in all openssl instances within this script.
|
|
192 |
#
|
|
193 |
# The reason is openssl 1.0.1-dev uses TLS protocol version 1.2 in the
|
|
194 |
# Client Hello message, and the server never sends the Server Hello
|
|
195 |
# message. The otput simply shows:
|
|
196 |
# CONNECTED
|
|
197 |
#
|
|
198 |
# If the -tls1_1 switch is used in these target services, they properly
|
|
199 |
# reply back with a "wrong version number" message.
|
|
200 |
#
|
|
201 |
# v1.3: Added new code to accommodate this scenario:
|
|
202 |
# If (-lt 5) but CONNECTED, then use the -tls1 (backward protocol
|
|
203 |
# version) switch in all openssl executions...
|
|
204 |
# ... or (select the right option based on the openssl version, but this
|
|
205 |
# might change): if openssl 1.0.1-dev or +, use -tls1...
|
|
206 |
|
|
207 |
#
|
|
208 |
# There is a specific case where the target service can refuse the
|
|
209 |
# connection but the port still speaks SSL/TLS. In that case the error
|
|
210 |
# log contains the following messages, although the handshake log is >
|
|
211 |
# than 5 lines:
|
|
212 |
# connect: Connection refused
|
|
213 |
# connect:errno=22
|
|
214 |
#
|
|
215 |
|
|
216 |
ERR_SSL=$(cat $DIRECTORY/$RENEGERRFILE)
|
|
217 |
|
|
218 |
if grep -q "connect: Connection refused" <<<$ERR_SSL; then
|
|
219 |
# Target service speaks SSL/TLS but refuses the connection
|
|
220 |
echo
|
|
221 |
echo "[!] ERROR: The target service $HOST:$PORT might speak SSL/TLS"
|
|
222 |
echo " but refuses the connection."
|
|
223 |
reviewlogfiles
|
|
224 |
exit
|
|
225 |
fi
|
|
226 |
|
|
227 |
if [ $SSL_HANDSHAKE_LINES -lt 5 ] ; then
|
|
228 |
# SSL handshake failed - Non SSL/TLS service or error:
|
|
229 |
# - If the target service does not speak SSL/TLS, openssl does not
|
|
230 |
# terminate, so kill it.
|
|
231 |
# - However, if the target speaks SSL/TLS but the connection fails
|
|
232 |
# (e.g. "sslv3 alert bad certificate") then the connection
|
|
233 |
# finishes.
|
|
234 |
kill -s SIGINT ${pid} 2>/dev/null
|
|
235 |
|
|
236 |
# Check if it failed because of an error or lack of SSL/TLS support
|
|
237 |
#ERR_SSL=$(cat $DIRECTORY/$RENEGERRFILE)
|
|
238 |
if grep -q "ssl handshake failure" <<<$ERR_SSL; then
|
|
239 |
echo
|
|
240 |
echo "[!] ERROR: The target service $HOST:$PORT speaks SSL/TLS"
|
|
241 |
echo " but returned an error: ssl handshake failure."
|
|
242 |
echo " E.g. Client certificate mandatory?"
|
|
243 |
elif [ $BACKWARDPROTOCOL == "true" ]; then
|
|
244 |
echo
|
|
245 |
echo "[!] ERROR: The target service $HOST:$PORT does not seem"
|
|
246 |
echo " to speak SSL/TLS even when using the SSL/TLS backward"
|
|
247 |
echo " protocol version: $OPENSSLPROTOCOLVERSION"
|
|
248 |
elif grep -q "CONNECTED" <<<$ERR_SSL; then
|
|
249 |
# The local openssl tool tried by default a protocol version not
|
|
250 |
# supported by the target server. Switching back to a more
|
|
251 |
# conservative protocol version (OPENSSLBACKWARDPROTOCOLVERSION).
|
|
252 |
OPENSSLPROTOCOLVERSION=$OPENSSLBACKWARDPROTOCOLVERSION
|
|
253 |
# Set we already tried a backward option
|
|
254 |
BACKWARDPROTOCOL="true"
|
|
255 |
echo
|
|
256 |
echo "[.] WARNING: Trying connection again with SSL/TLS protocol version:"
|
|
257 |
echo " $OPENSSLPROTOCOLVERSION"
|
|
258 |
#echo
|
|
259 |
mv $DIRECTORY/$RENEGLOGFILE $DIRECTORY/$RENEGLOGFILE.1st-try
|
|
260 |
mv $DIRECTORY/$RENEGERRFILE $DIRECTORY/$RENEGERRFILE.1st-try
|
|
261 |
# Repeat initial test with a potentially different
|
|
262 |
# $OPENSSLPROTOCOLVERSION
|
|
263 |
test_if_service_speaks_SSLTLS
|
|
264 |
else
|
|
265 |
echo
|
|
266 |
echo "[!] ERROR: The target service $HOST:$PORT does not seem"
|
|
267 |
echo " to speak SSL/TLS or it is not reachable!!"
|
|
268 |
fi
|
|
269 |
reviewlogfiles
|
|
270 |
exit
|
|
271 |
else
|
|
272 |
# Specific case where server returns "reason(1000)" cause it requires a
|
|
273 |
# client certificate, and SSLv3 was used by default. Force it to switch
|
|
274 |
# to the OPENSLLBACKWARDPROTOCOLVERSION and try again:
|
|
275 |
# Error:
|
|
276 |
# 3073591496:error:140773E8:SSL routines:SSL23_GET_SERVER_HELLO:\
|
|
277 |
# reason(1000):s23_clnt.c:724:
|
|
278 |
# Another error: (!= openssl version)
|
|
279 |
# 13531:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1093:SSL alert number 42
|
|
280 |
|
|
281 |
if grep -q "SSL23_GET_SERVER_HELLO:reason(1000)\|sslv3 alert bad certificate" <<<$ERR_SSL; then
|
|
282 |
echo
|
|
283 |
echo "[!] ERROR: The target service $HOST:$PORT speaks SSL/TLS"
|
|
284 |
echo " but returned an error."
|
|
285 |
echo " Check the output and try manually other SSL/TLS versions."
|
|
286 |
echo " E.g. Client certificate mandatory?"
|
|
287 |
reviewlogfiles
|
|
288 |
exit
|
|
289 |
else
|
|
290 |
# SSL handshake succeded - Continue...
|
|
291 |
# VERBOSE
|
|
292 |
echo " [.] The target service $HOST:$PORT seems to speak SSL/TLS..."
|
|
293 |
echo
|
|
294 |
echo " [.] Using SSL/TLS protocol version: $OPENSSLPROTOCOLVERSION"
|
|
295 |
echo " (empty means I'm using the default openssl protocol version(s))"
|
|
296 |
echo
|
|
297 |
fi
|
|
298 |
fi
|
|
299 |
}
|
|
300 |
|
|
301 |
|
|
302 |
# MAIN:
|
|
303 |
|
|
304 |
# v1.2:
|
|
305 |
# Mac OS X (Darwin) support:
|
|
306 |
# sed regexes in Linux use the -r switch, while in non-GNU systems (like
|
|
307 |
# Mac OS X) they use the -E switch.
|
|
308 |
#SED_ARG_REGEX=-r
|
|
309 |
#if [ "$(uname)" == "Darwin" ] ; then
|
|
310 |
# SED_ARG_REGEX=-E
|
|
311 |
#fi
|
|
312 |
#
|
|
313 |
# Used for the old check below required to remove terminal output formatting
|
|
314 |
|
|
315 |
echo ------------------------------------------------------
|
|
316 |
echo " TLSSLed - ($VERSION) based on sslscan and openssl"
|
|
317 |
echo " by Raul Siles (www.taddong.com)"
|
|
318 |
echo ------------------------------------------------------
|
|
319 |
|
|
320 |
if [ -z `which openssl` ] ;then echo; echo "[!] ERROR: openssl command not found!"; echo; exit; fi
|
|
321 |
if [ -z `which sslscan` ] ;then echo; echo "[!] ERROR: sslscan command not found!"; echo; exit; fi
|
|
322 |
|
|
323 |
OPENSSLVERSION=$(openssl version)
|
|
324 |
#SSLSCANVERSION=$(sslscan --version | grep version | \
|
|
325 |
#sed ${SED_ARG_REGEX} "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g")
|
|
326 |
# v1.3:
|
|
327 |
# Works with the old sslscan 1.8.2 and the new 1.8.3rc3 fork
|
|
328 |
SSLSCANVERSION=$(sslscan --version | grep version | \
|
|
329 |
sed "s/^.*sslscan/sslscan/")
|
|
330 |
|
|
331 |
echo " openssl version: $OPENSSLVERSION"
|
|
332 |
echo " $SSLSCANVERSION"
|
|
333 |
echo ------------------------------------------------------
|
|
334 |
echo " Date: $DATE"
|
|
335 |
echo ------------------------------------------------------
|
|
336 |
echo
|
|
337 |
|
|
338 |
if [ $# -ne 2 ]; then
|
|
339 |
echo "[!] Usage: $0 <hostname or IP_address> <port>"
|
|
340 |
echo
|
|
341 |
exit
|
|
342 |
fi
|
|
343 |
|
|
344 |
HOST=$1
|
|
345 |
PORT=$2
|
|
346 |
|
|
347 |
echo "[*] Analyzing SSL/TLS on $HOST:$PORT ..."
|
|
348 |
|
|
349 |
# Run sslcan once, store the results to a log file and
|
|
350 |
# analyze that file for all the different tests:
|
|
351 |
TARGET=$HOST\_$PORT
|
|
352 |
DIRECTORY=TLSSLed\_$VERSION\_$TARGET\_$DATE
|
|
353 |
SSLSCANLOGFILE=sslscan\_$TARGET\_$DATE.log
|
|
354 |
SSLSCANERRFILE=sslscan\_$TARGET\_$DATE.err
|
|
355 |
# Same idea for openssl - save results to files and analyze
|
|
356 |
# them to verify different tests:
|
|
357 |
RENEGLOGFILE=openssl\_RENEG\_$TARGET\_$DATE.log
|
|
358 |
RENEGERRFILE=openssl\_RENEG\_$TARGET\_$DATE.err
|
|
359 |
RENEGLEGACYLOGFILE=openssl\_RENEG\_LEGACY\_$TARGET\_$DATE.log
|
|
360 |
RENEGLEGACYERRFILE=openssl\_RENEG\_LEGACY\_$TARGET\_$DATE.err
|
|
361 |
HEADLOGFILE=openssl\_HEAD\_$TARGET\_$DATE.log
|
|
362 |
HEADERRFILE=openssl\_HEAD\_$TARGET\_$DATE.err
|
|
363 |
HEAD1LOGFILE=openssl\_HEAD\_1.0\_$TARGET\_$DATE.log
|
|
364 |
HEAD1ERRFILE=openssl\_HEAD\_1.0\_$TARGET\_$DATE.err
|
|
365 |
CASFILE=CAs-client-cert\_$TARGET\_$DATE.txt
|
|
366 |
|
|
367 |
|
|
368 |
# Just in case...
|
|
369 |
if [ -z "$DIRECTORY" ]; then
|
|
370 |
echo
|
|
371 |
echo "[!] ERROR: Output directory is not defined! Aborting execution!"
|
|
372 |
echo
|
|
373 |
exit
|
|
374 |
fi
|
|
375 |
|
|
376 |
# VERBOSE
|
|
377 |
echo " [.] Output directory: $DIRECTORY ..."
|
|
378 |
if [ -d "$DIRECTORY" ]; then
|
|
379 |
echo
|
|
380 |
echo "[!] ERROR: Output directory already exist! Aborting execution!"
|
|
381 |
echo
|
|
382 |
exit
|
|
383 |
fi
|
|
384 |
echo
|
|
385 |
mkdir -p $DIRECTORY
|
|
386 |
|
|
387 |
# Check if the target service speaks SSL/TLS (& check renegotiation)
|
|
388 |
echo "[*] Checking if the target service speaks SSL/TLS..."
|
|
389 |
|
|
390 |
test_if_service_speaks_SSLTLS
|
|
391 |
|
|
392 |
# This initial check is required because sslscan works pretty slow & badly
|
|
393 |
# on non-SSL/TLS services, such as HTTP (without S):
|
|
394 |
|
|
395 |
echo "[*] Running sslscan on $HOST:$PORT ..."
|
|
396 |
sslscan $HOST:$PORT > $DIRECTORY/$SSLSCANLOGFILE \
|
|
397 |
2> $DIRECTORY/$SSLSCANERRFILE
|
|
398 |
|
|
399 |
echo
|
|
400 |
echo " [-] Testing for SSLv2 ..."
|
|
401 |
grep "Accepted SSLv2" $DIRECTORY/$SSLSCANLOGFILE
|
|
402 |
echo
|
|
403 |
echo " [-] Testing for the NULL cipher ..."
|
|
404 |
grep "NULL" $DIRECTORY/$SSLSCANLOGFILE | grep Accepted
|
|
405 |
echo
|
|
406 |
echo " [-] Testing for weak ciphers (based on key length - 40 or 56 bits) ..."
|
|
407 |
grep " 40 bits" $DIRECTORY/$SSLSCANLOGFILE | grep Accepted
|
|
408 |
grep " 56 bits" $DIRECTORY/$SSLSCANLOGFILE | grep Accepted
|
|
409 |
echo
|
|
410 |
echo " [+] Testing for strong ciphers (based on AES) ..."
|
|
411 |
grep "AES" $DIRECTORY/$SSLSCANLOGFILE | grep Accepted
|
|
412 |
|
|
413 |
echo
|
|
414 |
echo " [-] Testing for MD5 signed certificate ..."
|
|
415 |
#cat $DIRECTORY/$SSLSCANLOGFILE | grep -E 'MD5WithRSAEncryption|md5WithRSAEncryption'
|
|
416 |
grep -i 'MD5WithRSAEncryption' $DIRECTORY/$SSLSCANLOGFILE
|
|
417 |
|
|
418 |
echo
|
|
419 |
echo " [.] Testing for the certificate public key length ..."
|
|
420 |
grep -i 'RSA Public Key' $DIRECTORY/$SSLSCANLOGFILE
|
|
421 |
|
|
422 |
echo
|
|
423 |
echo " [.] Testing for the certificate subject ..."
|
|
424 |
grep -i 'Subject:' $DIRECTORY/$SSLSCANLOGFILE
|
|
425 |
|
|
426 |
echo
|
|
427 |
echo " [.] Testing for the certificate CA issuer ..."
|
|
428 |
grep -i 'Issuer:' $DIRECTORY/$SSLSCANLOGFILE
|
|
429 |
|
|
430 |
echo
|
|
431 |
echo " [.] Testing for the certificate validity period ..."
|
|
432 |
NOW=$(date -u)
|
|
433 |
echo " Today: $NOW"
|
|
434 |
grep -i 'Not valid' $DIRECTORY/$SSLSCANLOGFILE
|
|
435 |
|
|
436 |
echo
|
|
437 |
echo " [.] Checking preferred server ciphers ..."
|
|
438 |
# v1.1:
|
|
439 |
# cat $DIRECTORY/$SSLSCANLOGFILE | sed '/Prefered Server Cipher(s):/,/^$/!d' | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g"
|
|
440 |
#
|
|
441 |
PREFERED_CIPHERS=$(cat $DIRECTORY/$SSLSCANLOGFILE | \
|
|
442 |
sed '/Prefered Server Cipher(s):/,/^$/!d' | \
|
|
443 |
sed ${SED_ARG_REGEX} "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[m|K]//g" | \
|
|
444 |
grep -v "Prefered Server Cipher" | grep -v "^$")
|
|
445 |
echo "$PREFERED_CIPHERS"
|
|
446 |
|
|
447 |
# Extra empty line above removed with the last grep
|
|
448 |
|
|
449 |
#
|
|
450 |
# SSL/TLS RENEGOTIATION TESTS:
|
|
451 |
# -----------------------------
|
|
452 |
#
|
|
453 |
# Before testing for client initiated renegotiation, we need to check if
|
|
454 |
# we must use the secure (RFC5746) or the insecure (legacy) mode.
|
|
455 |
#
|
|
456 |
# Renegotiation details will go to stderr (2>).
|
|
457 |
#
|
|
458 |
# If $OPENSSLVERSION is updated (0.9.8m+) it supports RFC5746 and will print
|
|
459 |
# the details based on the analysis of the new RI extension:
|
|
460 |
# - Secure Renegotiation IS NOT supported
|
|
461 |
# - Secure Renegotiation IS supported
|
|
462 |
#
|
|
463 |
# Command executed initially to check if target service supports SSL/TLS:
|
|
464 |
#
|
|
465 |
# (echo R; sleep $DELAY) | openssl s_client $OPENSSLPROTOCOLVERSION -connect $HOST:$PORT > \
|
|
466 |
# $DIRECTORY/$RENEGLOGFILE 2> $DIRECTORY/$RENEGERRFILE
|
|
467 |
#
|
|
468 |
# v1.3:
|
|
469 |
# First of all, check if secure renegotiation is supported. Based on the
|
|
470 |
# results, check if client initiated renegotiation is enabled by using
|
|
471 |
# openssl defaults (secure) or the use the "-legacy_renegotiation" flag
|
|
472 |
# (insecure).
|
|
473 |
#
|
|
474 |
# It is important to differentiate between having client initiated
|
|
475 |
# renegotiation enabled, and having support for secure renegotiation.
|
|
476 |
# There are four possible options or combinations.
|
|
477 |
#
|
|
478 |
# If secure renegotiation is NOT supported, we need to use the legacy flag
|
|
479 |
# to test for SSL/TLS legacy renegotiation. If it IS supported, the default
|
|
480 |
# command (initially executed) works fine.
|
|
481 |
#
|
|
482 |
# Additionally, even if secure renegotiation IS supported, we can check if
|
|
483 |
# the target service also accepts insecure renegotiations (legacy).
|
|
484 |
# Therefore, in any case we test for SSL/TLS renegotiation using the legacy
|
|
485 |
# mode.
|
|
486 |
#
|
|
487 |
|
|
488 |
# The text can appear two times, hence we use "uniq":
|
|
489 |
SECURE_RENEG=$(grep -E "Secure Renegotiation IS" $DIRECTORY/$RENEGLOGFILE | \
|
|
490 |
uniq)
|
|
491 |
|
|
492 |
echo
|
|
493 |
echo "[*] Testing for SSL/TLS renegotiation MitM vuln. (CVE-2009-3555) ..."
|
|
494 |
echo
|
|
495 |
echo " [+] Testing for secure renegotiation support (RFC 5746) ..."
|
|
496 |
echo " $SECURE_RENEG"
|
|
497 |
|
|
498 |
# Check for SSL/TLS renegotiation using legacy mode in any case
|
|
499 |
LEGACY_RENEG="-legacy_renegotiation"
|
|
500 |
(echo R; sleep $DELAY) | \
|
|
501 |
openssl s_client $LEGACY_RENEG $OPENSSLPROTOCOLVERSION -connect $HOST:$PORT \
|
|
502 |
> $DIRECTORY/$RENEGLEGACYLOGFILE 2> $DIRECTORY/$RENEGLEGACYERRFILE
|
|
503 |
|
|
504 |
echo
|
|
505 |
echo "[*] Testing for SSL/TLS renegotiation DoS vuln. (CVE-2011-1473) ..."
|
|
506 |
echo
|
|
507 |
|
|
508 |
if grep -q NOT <<<$SECURE_RENEG; then
|
|
509 |
# Secure renegotiation IS NOT supported: show legacy mode results
|
|
510 |
SECURE_RENEG_STATE="No"
|
|
511 |
ERR_RENEG=$(cat $DIRECTORY/$RENEGLEGACYERRFILE)
|
|
512 |
echo " [.] Testing for client initiated (CI) SSL/TLS renegotiation (insecure)..."
|
|
513 |
else
|
|
514 |
# Secure renegotiation IS supported: RFC5746
|
|
515 |
# The default option in openssl (assuming 0.9.8m+) is not to use any
|
|
516 |
# special flag, that is, use secure renegotiation by default
|
|
517 |
SECURE_RENEG_STATE="Yes"
|
|
518 |
ERR_RENEG=$(cat $DIRECTORY/$RENEGERRFILE)
|
|
519 |
echo " [.] Testing for client initiated (CI) SSL/TLS renegotiation (secure)..."
|
|
520 |
fi
|
|
521 |
|
|
522 |
# - If SSL/TLS renegotiation is enabled you will get:
|
|
523 |
# ...
|
|
524 |
# verify return:0
|
|
525 |
# DONE
|
|
526 |
#
|
|
527 |
# The DONE message is on the error output, not on the standard output, and
|
|
528 |
# only when the "echo R & sleep" method is used (not in interactive mode).
|
|
529 |
|
|
530 |
if grep -q DONE <<<$ERR_RENEG; then
|
|
531 |
echo " (CI) SSL/TLS renegotiation IS enabled"
|
|
532 |
# Client certificate might be required:
|
|
533 |
elif grep -q "sslv3 alert bad certificate" <<<$ERR_RENEG; then
|
|
534 |
echo " UNKNOWN: Client certificate might be required (sslv3 alert bad certificate)"
|
|
535 |
# Client certificate might be required:
|
|
536 |
# "sslv3 alert unexpected message" in openssl-1.0.1-dev
|
|
537 |
elif grep -q "sslv3 alert unexpected message" <<<$ERR_RENEG; then
|
|
538 |
echo " UNKNOWN: Client certificate might be required (sslv3 alert unexpected message)"
|
|
539 |
# Different error behaviors when reneg. is not enabled:
|
|
540 |
elif grep -q "no renegotiation" <<<$ERR_RENEG; then
|
|
541 |
echo " (CI) SSL/TLS renegotiation IS NOT enabled (no renegotiation)"
|
|
542 |
elif grep -q "ssl handshake failure" <<<$ERR_RENEG; then
|
|
543 |
echo " (CI) SSL/TLS renegotiation IS NOT enabled (ssl handshake failure)"
|
|
544 |
else
|
|
545 |
echo " UNKNOWN"
|
|
546 |
fi
|
|
547 |
|
|
548 |
# Additionally, if secure renegotiation is supported, check if it still
|
|
549 |
# allows renegotiation using legacy mode (insecure):
|
|
550 |
if [ "$SECURE_RENEG_STATE" == "Yes" ]; then
|
|
551 |
echo
|
|
552 |
echo " [.] Testing for client initiated (CI) SSL/TLS renegotiation (insecure)..."
|
|
553 |
ERR_RENEG=$(cat $DIRECTORY/$RENEGLEGACYERRFILE)
|
|
554 |
|
|
555 |
# REPEAT:
|
|
556 |
if grep -q DONE <<<$ERR_RENEG; then
|
|
557 |
echo " (CI) SSL/TLS renegotiation IS enabled"
|
|
558 |
# Client certificate might be required:
|
|
559 |
elif grep -q "sslv3 alert bad certificate" <<<$ERR_RENEG; then
|
|
560 |
echo " UNKNOWN: Client certificate might be required (sslv3 alert bad certificate)"
|
|
561 |
# Client certificate might be required:
|
|
562 |
# "sslv3 alert unexpected message" in openssl-1.0.1-dev
|
|
563 |
elif grep -q "sslv3 alert unexpected message" <<<$ERR_RENEG; then
|
|
564 |
echo " UNKNOWN: Client certificate might be required (sslv3 alert unexpected message)"
|
|
565 |
# Different error behaviors when reneg. is not enabled:
|
|
566 |
elif grep -q "no renegotiation" <<<$ERR_RENEG; then
|
|
567 |
echo " (CI) SSL/TLS renegotiation IS NOT enabled (no renegotiation)"
|
|
568 |
elif grep -q "ssl handshake failure" <<<$ERR_RENEG; then
|
|
569 |
echo " (CI) SSL/TLS renegotiation IS NOT enabled (ssl handshake failure)"
|
|
570 |
else
|
|
571 |
echo " UNKNOWN"
|
|
572 |
fi
|
|
573 |
fi
|
|
574 |
|
|
575 |
# Check if client certificate autentication is required by the target
|
|
576 |
# service.
|
|
577 |
#
|
|
578 |
# NOTE: If client certificate authentication is being requested, it would be
|
|
579 |
# possible to test for it using a client digital certificate using openssl:
|
|
580 |
# $ openssl s_client $OPENSSLPROTOCOLVERSION -connect www.example.com:443 \
|
|
581 |
# -cert client.pem -key client.key
|
|
582 |
#
|
|
583 |
|
|
584 |
LOG_RENEG=$(cat $DIRECTORY/$RENEGLOGFILE)
|
|
585 |
|
|
586 |
echo
|
|
587 |
echo "[*] Testing for client authentication using digital certificates ..."
|
|
588 |
echo
|
|
589 |
if grep -q "Acceptable client certificate CA names" <<<$LOG_RENEG; then
|
|
590 |
echo " SSL/TLS client certificate authentication IS required"
|
|
591 |
|
|
592 |
# Check the list and number of accepted CAs
|
|
593 |
# Save CAs list to file
|
|
594 |
# The LOG_RENEG variable does not have the original break lines to parse
|
|
595 |
# the output properly, so read the file again
|
|
596 |
cat $DIRECTORY/$RENEGLOGFILE | \
|
|
597 |
sed '/Acceptable client certificate CA names/,/^---$/!d' | \
|
|
598 |
grep -v "\-\-\-" | grep -v "Acceptable client certificate CA names" | \
|
|
599 |
grep -v "^$" > $DIRECTORY/$CASFILE
|
|
600 |
|
|
601 |
# Number of CAs
|
|
602 |
CAS=$(cat $DIRECTORY/$CASFILE | wc -l)
|
|
603 |
echo " The target service accepts $CAS Certification Authorities (CAs)"
|
|
604 |
|
|
605 |
elif grep -q "No client certificate CA names sent" <<<$LOG_RENEG; then
|
|
606 |
echo " SSL/TLS client certificate authentication IS NOT required"
|
|
607 |
else
|
|
608 |
echo " UNKNOWN"
|
|
609 |
fi
|
|
610 |
|
|
611 |
|
|
612 |
echo
|
|
613 |
echo "[*] Testing for TLS v1.1 and v1.2 (CVE-2011-3389 vuln. aka BEAST) ..."
|
|
614 |
|
|
615 |
# Test for SSLv3 and TLSv1 support first (from sslscan)
|
|
616 |
echo
|
|
617 |
echo " [-] Testing for SSLv3 and TLSv1 support ..."
|
|
618 |
grep "Accepted SSLv3" $DIRECTORY/$SSLSCANLOGFILE
|
|
619 |
grep "Accepted TLSv1" $DIRECTORY/$SSLSCANLOGFILE
|
|
620 |
|
|
621 |
# Test for RC4 in the list of prefered ciphers (from sslscan previously)
|
|
622 |
echo
|
|
623 |
echo " [+] Testing for RC4 in the prefered cipher(s) list ..."
|
|
624 |
echo "$PREFERED_CIPHERS" | grep "RC4"
|
|
625 |
|
|
626 |
#
|
|
627 |
# Connection details go to stderr (2>) and, in this case, to a variable:
|
|
628 |
#
|
|
629 |
# If $OPENSSLVERSION is updated (version >= 1.0.1-stable) it supports
|
|
630 |
# TLS v1.1 & v1.2, if not, the openssl help is displayed in the command
|
|
631 |
# output.
|
|
632 |
#
|
|
633 |
OUTPUT_TLS1_1=$((echo Q; sleep $DELAY) | \
|
|
634 |
openssl s_client -tls1_1 -connect $HOST:$PORT 2>&1)
|
|
635 |
OUTPUT_TLS1_2=$((echo Q; sleep $DELAY) | \
|
|
636 |
openssl s_client -tls1_2 -connect $HOST:$PORT 2>&1)
|
|
637 |
|
|
638 |
# if "DONE": TLS v1.x supported
|
|
639 |
# else if "wrong version number": TLS v1.x not supported
|
|
640 |
# else if "unknown option": OpenSSL does not support TLS v1.1 or v1.2
|
|
641 |
|
|
642 |
echo
|
|
643 |
echo " [.] Testing for TLS v1.1 support ..."
|
|
644 |
|
|
645 |
if grep -q DONE <<<$OUTPUT_TLS1_1; then
|
|
646 |
echo " TLS v1.1 IS supported"
|
|
647 |
elif grep -q "wrong version number" <<<$OUTPUT_TLS1_1; then
|
|
648 |
echo " TLS v1.1 IS NOT supported"
|
|
649 |
elif grep -q "ssl handshake failure" <<<$OUTPUT_TLS1_1; then
|
|
650 |
echo " TLS v1.1 IS NOT supported (ssl handshake failure)"
|
|
651 |
elif grep -q "unknown option" <<<$OUTPUT_TLS1_1; then
|
|
652 |
echo " The local openssl version does NOT support TLS v1.1"
|
|
653 |
else
|
|
654 |
echo " UNKNOWN"
|
|
655 |
fi
|
|
656 |
|
|
657 |
echo
|
|
658 |
echo " [.] Testing for TLS v1.2 support ..."
|
|
659 |
|
|
660 |
if grep -q DONE <<<$OUTPUT_TLS1_2; then
|
|
661 |
echo " TLS v1.2 IS supported"
|
|
662 |
elif grep -q "wrong version number" <<<$OUTPUT_TLS1_2; then
|
|
663 |
echo " TLS v1.2 IS NOT supported"
|
|
664 |
elif grep -q "ssl handshake failure" <<<$OUTPUT_TLS1_2; then
|
|
665 |
echo " TLS v1.2 IS NOT supported (ssl handshake failure)"
|
|
666 |
elif grep -q "unknown option" <<<$OUTPUT_TLS1_2; then
|
|
667 |
echo " The local openssl version does NOT support TLS v1.2"
|
|
668 |
else
|
|
669 |
echo " UNKNOWN"
|
|
670 |
fi
|
|
671 |
|
|
672 |
echo
|
|
673 |
echo "[*] Testing for HTTPS (SSL/TLS) security headers using HTTP/1.0 ..."
|
|
674 |
|
|
675 |
(echo -e "HEAD / HTTP/1.0\n\n"; sleep $DELAY) | \
|
|
676 |
openssl s_client $OPENSSLPROTOCOLVERSION -connect $HOST:$PORT \
|
|
677 |
> $DIRECTORY/$HEAD1LOGFILE 2> $DIRECTORY/$HEAD1ERRFILE
|
|
678 |
|
|
679 |
echo
|
|
680 |
echo " [+] Testing for HTTP Strict-Transport-Security (HSTS) header ..."
|
|
681 |
grep -i 'Strict-Transport-Security' $DIRECTORY/$HEAD1LOGFILE
|
|
682 |
|
|
683 |
echo
|
|
684 |
echo " [+] Testing for cookies with the secure flag ..."
|
|
685 |
grep -i 'Set-Cookie' $DIRECTORY/$HEAD1LOGFILE | grep -i 'secure'
|
|
686 |
|
|
687 |
echo
|
|
688 |
echo " [-] Testing for cookies without the secure flag ..."
|
|
689 |
grep -i 'Set-Cookie' $DIRECTORY/$HEAD1LOGFILE | grep -v -i 'secure'
|
|
690 |
|
|
691 |
|
|
692 |
echo
|
|
693 |
echo "[*] Testing for HTTPS (SSL/TLS) security headers using HTTP/1.1 & Host ..."
|
|
694 |
|
|
695 |
(echo -e "HEAD / HTTP/1.1\nHost: $HOST\n\n"; sleep $DELAY) | \
|
|
696 |
openssl s_client $OPENSSLPROTOCOLVERSION -connect $HOST:$PORT \
|
|
697 |
> $DIRECTORY/$HEADLOGFILE 2> $DIRECTORY/$HEADERRFILE
|
|
698 |
|
|
699 |
echo
|
|
700 |
echo " [+] Testing for HTTP Strict-Transport-Security (HSTS) header ..."
|
|
701 |
grep -i 'Strict-Transport-Security' $DIRECTORY/$HEADLOGFILE
|
|
702 |
|
|
703 |
echo
|
|
704 |
echo " [+] Testing for cookies with the secure flag ..."
|
|
705 |
grep -i 'Set-Cookie' $DIRECTORY/$HEADLOGFILE | grep -i 'secure'
|
|
706 |
|
|
707 |
echo
|
|
708 |
echo " [-] Testing for cookies without the secure flag ..."
|
|
709 |
grep -i 'Set-Cookie' $DIRECTORY/$HEADLOGFILE | grep -v -i 'secure'
|
|
710 |
|
|
711 |
|
|
712 |
echo
|
|
713 |
echo "[*] New files created:"
|
|
714 |
echo " [.] Output directory: $DIRECTORY ..."
|
|
715 |
echo
|
|
716 |
|
|
717 |
# Moved to bottom:
|
|
718 |
#ls -l $DIRECTORY/$SSLSCANLOGFILE
|
|
719 |
#ls -l $DIRECTORY/$RENEGLOGFILE
|
|
720 |
#ls -l $DIRECTORY/$RENEGLEGACYLOGFILE
|
|
721 |
#ls -l $DIRECTORY/$HEAD1LOGFILE
|
|
722 |
#ls -l $DIRECTORY/$HEADLOGFILE
|
|
723 |
|
|
724 |
# Delete all empty error files:
|
|
725 |
# $ find . -size 0 -name '*.err' -delete
|
|
726 |
# This could potentially delete other .err zero-size files not created by
|
|
727 |
# TLSSLed.
|
|
728 |
|
|
729 |
|
|
730 |
if [ ! -s "$DIRECTORY/$SSLSCANERRFILE" ]; then
|
|
731 |
# SSLscan error file is empty
|
|
732 |
rm "$DIRECTORY/$SSLSCANERRFILE"
|
|
733 |
fi
|
|
734 |
if [ ! -s "$DIRECTORY/$RENEGERRFILE" ]; then
|
|
735 |
# Renegotiation error file is empty
|
|
736 |
rm "$DIRECTORY/$RENEGERRFILE"
|
|
737 |
fi
|
|
738 |
if [ ! -s "$DIRECTORY/$RENEGLEGACYERRFILE" ]; then
|
|
739 |
# Legacy renegotiation error file is empty
|
|
740 |
rm "$DIRECTORY/$RENEGLEGACYERRFILE"
|
|
741 |
fi
|
|
742 |
if [ ! -s "$DIRECTORY/$HEAD1ERRFILE" ]; then
|
|
743 |
# Openssl HEAD 1.0 error file is empty
|
|
744 |
rm "$DIRECTORY/$HEAD1ERRFILE"
|
|
745 |
fi
|
|
746 |
if [ ! -s "$DIRECTORY/$HEADERRFILE" ]; then
|
|
747 |
# Openssl HEAD 1.1 error file is empty
|
|
748 |
rm "$DIRECTORY/$HEADERRFILE"
|
|
749 |
fi
|
|
750 |
|
|
751 |
ls $DIRECTORY
|
|
752 |
|
|
753 |
echo
|
|
754 |
echo [*] done
|
|
755 |
echo
|
|
756 |
|