Ejemplo n.º 1
0
    def test_works_when_client_auth_succeeded(self):
        # Given a server that requires client authentication
        with VulnerableOpenSslServer(
                client_auth_config=ClientAuthenticationServerConfigurationEnum.
                REQUIRED) as server:
            # And the client provides a client certificate
            client_creds = ClientAuthenticationCredentials(
                client_certificate_chain_path=server.
                get_client_certificate_path(),
                client_key_path=server.get_client_key_path(),
            )

            server_test = ServerConnectivityTester(
                hostname=server.hostname,
                ip_address=server.ip_address,
                port=server.port,
                client_auth_credentials=client_creds,
            )
            server_info = server_test.perform()

            # The plugin works fine
            plugin = HttpHeadersPlugin()
            plugin_result = plugin.process_task(server_info,
                                                HttpHeadersScanCommand())

        self.assertIsNone(plugin_result.expect_ct_header)
        self.assertTrue(plugin_result.as_text())
        self.assertTrue(plugin_result.as_xml())
Ejemplo n.º 2
0
    def test_legacy_ssl_client_missing_verified_chain(self):
        # Given a tls1.0 server
        server_test = ServerConnectivityTester(hostname='tls-v1-0.badssl.com',
                                               port=1010)
        server_info = server_test.perform()

        # The plugin does not throw an exception trying to access LegacySslClient.get_verified_chain()
        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info,
                                            HttpHeadersScanCommand())

        assert plugin_result.as_text()
        assert plugin_result.as_xml()
Ejemplo n.º 3
0
    def test_expect_ct_disabled(self):
      server_info = ServerConnectivityInfo(hostname='hsts.badssl.com')
      server_info.test_connectivity_to_server()

      plugin = HttpHeadersPlugin()
      plugin_result = plugin.process_task(server_info, HttpHeadersScanCommand())

      self.assertFalse(plugin_result.expect_ct_header)

      self.assertTrue(plugin_result.as_text())
      self.assertTrue(plugin_result.as_xml())

      self.assertTrue(pickle.dumps(plugin_result))
Ejemplo n.º 4
0
    def test_expect_ct_disabled(self):
        server_test = ServerConnectivityTester(hostname='hsts.badssl.com')
        server_info = server_test.perform()

        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info,
                                            HttpHeadersScanCommand())

        assert not plugin_result.expect_ct_header

        assert plugin_result.as_text()
        assert plugin_result.as_xml()

        assert pickle.dumps(plugin_result)
Ejemplo n.º 5
0
    def test_hpkp_enabled(self):
        server_info = ServerConnectivityInfo(hostname=u'github.com')
        server_info.test_connectivity_to_server()

        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info,
                                            HttpHeadersScanCommand())

        self.assertTrue(plugin_result.hpkp_header)
        self.assertTrue(plugin_result.is_valid_pin_configured)
        self.assertTrue(plugin_result.is_backup_pin_configured)
        self.assertTrue(plugin_result.verified_certificate_chain)

        self.assertTrue(plugin_result.as_text())
        self.assertTrue(plugin_result.as_xml())
Ejemplo n.º 6
0
    def test_hsts_enabled(self):
        server_info = ServerConnectivityInfo(hostname=u'hsts.badssl.com')
        server_info.test_connectivity_to_server()

        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info,
                                            HttpHeadersScanCommand())

        self.assertTrue(plugin_result.hsts_header)
        self.assertFalse(plugin_result.hpkp_header)
        self.assertIsNone(plugin_result.is_valid_pin_configured)
        self.assertIsNone(plugin_result.is_backup_pin_configured)

        self.assertTrue(plugin_result.as_text())
        self.assertTrue(plugin_result.as_xml())
Ejemplo n.º 7
0
    def test_fails_when_client_auth_failed(self):
        # Given a server that requires client authentication
        with ModernOpenSslServer(
                client_auth_config=ClientAuthConfigEnum.REQUIRED) as server:
            # And the client does NOT provide a client certificate
            server_test = ServerConnectivityTester(
                hostname=server.hostname,
                ip_address=server.ip_address,
                port=server.port)
            server_info = server_test.perform()

            # The plugin fails when a client cert was not supplied
            plugin = HttpHeadersPlugin()
            with self.assertRaises(ClientCertificateRequested):
                plugin.process_task(server_info, HttpHeadersScanCommand())
Ejemplo n.º 8
0
    def test_expect_ct_enabled(self):
      # Github was the only server I could find with expect-ct header set
      server_info = ServerConnectivityInfo(hostname='github.com')
      server_info.test_connectivity_to_server()

      plugin = HttpHeadersPlugin()
      plugin_result = plugin.process_task(server_info, HttpHeadersScanCommand())

      self.assertTrue(plugin_result.expect_ct_header)
      self.assertTrue(plugin_result.expect_ct_header.max_age >= 0)

      self.assertTrue(plugin_result.as_text())
      self.assertTrue(plugin_result.as_xml())

      self.assertTrue(pickle.dumps(plugin_result))
Ejemplo n.º 9
0
    def ssl_scan(self):
        print("Running SSL Scan")
        try:
            server_info = ServerConnectivityInfo(
                hostname=self.options["TARGET"])
            server_info.test_connectivity_to_server()
            synchronous_scanner = SynchronousScanner()

            # TLS 1.0
            command = Tlsv10ScanCommand()
            scan_result = synchronous_scanner.run_scan_command(
                server_info, command)
            print("Available TLSv1.0 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print('    {}'.format(cipher.name))

            # TLSv1.2
            command = Tlsv12ScanCommand()
            scan_result = synchronous_scanner.run_scan_command(
                server_info, command)
            print("Available TLSv1.2 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print('    {}'.format(cipher.name))

            # Certificate information
            command = CertificateInfoScanCommand()
            scan_result = synchronous_scanner.run_scan_command(
                server_info, command)
            for entry in scan_result.as_text():
                print(entry)

            # Heartbleed vulnerability info
            command = HeartbleedScanCommand()
            scan_result = synchronous_scanner.run_scan_command(
                server_info, command)
            for entry in scan_result.as_text():
                print(entry)

            # HTTP Headers info
            command = HttpHeadersScanCommand()
            scan_result = synchronous_scanner.run_scan_command(
                server_info, command)
            for entry in scan_result.as_text():
                print(entry)

        except Exception as e:
            self.handle_exception(e, "Error running SSL scan")
            pass
Ejemplo n.º 10
0
    def test_expect_ct_enabled(self):
        # Github was the only server I could find with expect-ct header set
        server_test = ServerConnectivityTester(hostname='github.com')
        server_info = server_test.perform()

        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info,
                                            HttpHeadersScanCommand())

        assert plugin_result.expect_ct_header
        assert plugin_result.expect_ct_header.max_age >= 0

        assert plugin_result.as_text()
        assert plugin_result.as_xml()

        assert pickle.dumps(plugin_result)
Ejemplo n.º 11
0
    def _check_hsts_age(self) -> List[str]:
        result = self._scan(
            HttpHeadersScanCommand())  # type: HttpHeadersScanResult

        errors = []

        if result.strict_transport_security_header:
            if (result.strict_transport_security_header.max_age <
                    self.target_profile["hsts_min_age"]):
                errors.append(
                    f"wrong HSTS age (is {result.strict_transport_security_header.max_age}, "
                    f"should be at least {self.target_profile['hsts_min_age']})"
                )
        else:
            errors.append(f"HSTS header not set")

        return errors
Ejemplo n.º 12
0
    def test_hsts_and_hpkp_disabled(self):
        server_info = ServerConnectivityInfo(hostname='expired.badssl.com')
        server_info.test_connectivity_to_server()

        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info, HttpHeadersScanCommand())

        self.assertFalse(plugin_result.hsts_header)
        self.assertFalse(plugin_result.hpkp_header)
        self.assertIsNone(plugin_result.is_valid_pin_configured)
        self.assertIsNone(plugin_result.is_backup_pin_configured)

        self.assertTrue(plugin_result.as_text())
        self.assertTrue(plugin_result.as_xml())

        # Ensure the results are pickable so the ConcurrentScanner can receive them via a Queue
        self.assertTrue(pickle.dumps(plugin_result))
Ejemplo n.º 13
0
    def test_hpkp_enabled(self):
        server_info = ServerConnectivityInfo(hostname='github.com')
        server_info.test_connectivity_to_server()

        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info,
                                            HttpHeadersScanCommand())

        self.assertTrue(plugin_result.hpkp_header)
        self.assertTrue(plugin_result.is_valid_pin_configured)
        self.assertTrue(plugin_result.is_backup_pin_configured)
        self.assertTrue(plugin_result.verified_certificate_chain)

        self.assertTrue(plugin_result.as_text())
        self.assertTrue(plugin_result.as_xml())

        # Ensure the results are pickable so the ConcurrentScanner can receive them via a Queue
        self.assertTrue(pickle.dumps(plugin_result))
Ejemplo n.º 14
0
    def test_hsts_and_hpkp_disabled(self):
        server_test = ServerConnectivityTester(hostname='expired.badssl.com')
        server_info = server_test.perform()

        plugin = HttpHeadersPlugin()
        plugin_result = plugin.process_task(server_info,
                                            HttpHeadersScanCommand())

        assert not plugin_result.strict_transport_security_header
        assert not plugin_result.public_key_pins_header
        assert plugin_result.is_valid_pin_configured is None
        assert plugin_result.is_backup_pin_configured is None

        assert plugin_result.as_text()
        assert plugin_result.as_xml()

        # Ensure the results are pickable so the ConcurrentScanner can receive them via a Queue
        assert pickle.dumps(plugin_result)
Ejemplo n.º 15
0
    def test_ssl_server_headers(self, hostname, port=443):
        '''
                Uses the ServerConnectivityTester to identify host headers specific to TLS/SSL implementations to identify
                apparent security flaws with SSL/TLS implementations at the web server level.

                Currently, we can enumerate HSTS and Expect-CT Headers. HPKP is available, but is not being included because
                its being deprecated by Chrome.

                | test ssl server headers  | hostname  | port (optional |

        '''
        try:
            tester = ServerConnectivityTester(hostname=hostname, port=port)
            server_info = tester.perform()

            scanner = SynchronousScanner()
            result = scanner.run_scan_command(server_info,
                                              HttpHeadersScanCommand())
            logger.info("Test for HSTS Header")

            if result.hsts_header:
                preload = result.hsts_header.preload
                include_subdomains = result.hsts_header.include_subdomains
                max_age = result.hsts_header.max_age
                logger.info(
                    "\tHSTS Header with Preload: {}, Include Subdomains: {} and max_age: {}"
                    .format(preload, include_subdomains, max_age))
            else:
                logger.warn("\tNo HSTS Header found")

            logger.info("Test for Expect-CT Header")
            if result.expect_ct_header:
                logger.info("\tExpect-CT Header found: {}".format(
                    result.expect_ct_header))
            else:
                logger.warn("\tNo Expect-CT Header found.")

        except ServerConnectivityError as e:
            logger.error('Error when trying to connect to {}: {}'.format(
                e.server_info.hostname, e.error_message))
Ejemplo n.º 16
0
    def test_fails_when_client_auth_failed(self):
        # Given a server that requires client authentication
        try:
            with VulnerableOpenSslServer(
                    client_auth_config=
                    ClientAuthenticationServerConfigurationEnum.REQUIRED
            ) as server:
                # And the client does NOT provide a client certificate
                server_test = ServerConnectivityTester(
                    hostname=server.hostname,
                    ip_address=server.ip_address,
                    port=server.port)
                server_info = server_test.perform()

                # The plugin fails when a client cert was not supplied
                plugin = HttpHeadersPlugin()
                with self.assertRaises(ClientCertificateRequested):
                    plugin.process_task(server_info, HttpHeadersScanCommand())

        except NotOnLinux64Error:
            logging.warning('WARNING: Not on Linux - skipping test')
            return
Ejemplo n.º 17
0
def ssltlsscan(web):

    target = web.split('//')[1]
    print(R + '\n    ===============================')
    print(R + '     S S L   E N U M E R A T I O N')
    print(R + '    ===============================\n')
    print(GR + ' [*] Testing server SSL status...')
    try:
        req = requests.get('https://' + target)
        print(G + ' [+] SSL Working Properly...')
        time.sleep(0.6)
        print(O + " [!] Running SSL Enumeration...\n")
        try:
            server_tester = ServerConnectivityTester(hostname=target)
            server_info = server_tester.perform()
            scanner = SynchronousScanner()

            command = Tlsv10ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + " [+] Available TLS v1.0 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C + '    {}'.format(cipher.name))
            print('')

            command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + " [+] Available TLS v1.1 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C + '    {}'.format(cipher.name))
            print('')

            command = Tlsv12ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + " [+] Available TLS v1.2 Ciphers:")
            for cipher in scan_result.accepted_cipher_list:
                print(C + '    {}'.format(cipher.name))
            print('')

            command = CertificateInfoScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + ' [+] Certificate Information:')
            for entry in scan_result.as_text():
                if entry != '':
                    if 'certificate information' in entry.lower():
                        pass
                    elif ':' in entry:
                        print(GR + '    [+] ' +
                              entry.strip().split(':', 1)[0].strip() + ' : ' +
                              C + entry.strip().split(':', 1)[1].strip())
                    else:
                        print(O + '\n  [+] ' + entry.strip())
            print('')

            command = HttpHeadersScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + ' [+] HTTP Results:')
            for entry in scan_result.as_text():
                if 'http security' not in entry.strip().lower(
                ) and entry != '':
                    if '-' in entry:
                        print(GR + '    [+] ' +
                              entry.split('-', 1)[0].strip() + ' - ' + C +
                              entry.split('-', 1)[1].strip())
                    elif ':' in entry:
                        print(GR + '    [+] ' +
                              entry.strip().split(':', 1)[0].strip() + ' : ' +
                              C + entry.strip().split(':', 1)[1].strip())
                    else:
                        print(O + '\n  [+] ' + entry.strip())
            print('')

        except Exception as e:
            print(R + ' [-] Unhandled SSL Runtime Exception : ' + str(e))
            pass

    except requests.exceptions.SSLError as e:
        print(R + ' [-] Distant Server SSL not working : ' + str(e))

    print(G + ' [+] SSlScan Module Completed!')
Ejemplo n.º 18
0
def ssltlsscan(web):
    global name
    name = targetname(web)
    global lvl2
    lvl2 = inspect.stack()[0][3]
    global module
    module = "ScanANDEnum"
    global lvl1
    lvl1 = "Scanning & Enumeration"
    global lvl3
    lvl3 = ""
    target = web.split('//')[1]
    #print(R+'\n    ===============================')
    #print(R+'     S S L   E N U M E R A T I O N')
    #print(R+'    ===============================\n')
    from core.methods.print import pscan
    pscan("ssl enumeration")
    print(GR + ' [*] Testing server SSL status...')
    try:
        req = requests.get('https://' + target)
        print(G + ' [+] SSL Working Properly...' + color.TR2 + C)
        time.sleep(0.6)
        print(C + " [!] Running SSL Enumeration...\n")
        try:
            server_tester = ServerConnectivityTester(hostname=target)
            server_info = server_tester.perform()
            scanner = SynchronousScanner()

            command = Tlsv10ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + " [+] Available TLS v1.0 Ciphers:" + color.TR2 + C)
            for cipher in scan_result.accepted_cipher_list:
                print(C + '    {}'.format(cipher.name))
            print('')
            data = "TLS 1.0 :> " + str(scan_result.accepted_cipher_list)
            save_data(database, module, lvl1, lvl2, lvl3, name, data)

            command = Tlsv11ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + " [+] Available TLS v1.1 Ciphers:" + color.TR2 + C)
            for cipher in scan_result.accepted_cipher_list:
                print(C + '    {}'.format(cipher.name))
            print('')
            data = "TLS 1.1 :> " + str(scan_result.accepted_cipher_list)
            save_data(database, module, lvl1, lvl2, lvl3, name, data)

            command = Tlsv12ScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + " [+] Available TLS v1.2 Ciphers:" + color.TR2 + C)
            for cipher in scan_result.accepted_cipher_list:
                print(C + '    {}'.format(cipher.name))
            print('')
            data = "TLS 1.2 :> " + str(scan_result.accepted_cipher_list)
            save_data(database, module, lvl1, lvl2, lvl3, name, data)

            command = CertificateInfoScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + ' [+] Certificate Information:' + color.TR2 + C)
            for entry in scan_result.as_text():
                if entry != '':
                    if 'certificate information' in entry.lower():
                        pass
                    elif ':' in entry:
                        print(GR + '    [+] ' +
                              entry.strip().split(':', 1)[0].strip() + ' : ' +
                              C + entry.strip().split(':', 1)[1].strip())
                    else:
                        print(C + '\n  [+] ' + entry.strip())
            print('')
            data = "Cert Info :> " + str(scan_result.as_text())
            save_data(database, module, lvl1, lvl2, lvl3, name, data)

            command = HttpHeadersScanCommand()
            scan_result = scanner.run_scan_command(server_info, command)
            print(G + ' [+] HTTP Results:' + C + color.TR2 + C)
            for entry in scan_result.as_text():
                if 'http security' not in entry.strip().lower(
                ) and entry != '':
                    if '-' in entry:
                        print(GR + '    [+] ' +
                              entry.split('-', 1)[0].strip() + ' - ' + C +
                              entry.split('-', 1)[1].strip())
                    elif ':' in entry:
                        print(GR + '    [+] ' +
                              entry.strip().split(':', 1)[0].strip() + ' : ' +
                              C + entry.strip().split(':', 1)[1].strip())
                    else:
                        print(C + '\n  [+] ' + entry.strip())
            print('')
            data = "HTTP :> " + str(scan_result.as_text())
            save_data(database, module, lvl1, lvl2, lvl3, name, data)

        except Exception as e:
            print(R + ' [-] Unhandled SSL Runtime Exception : ' + str(e))
            pass

    except requests.exceptions.SSLError as e:
        print(R + ' [-] Distant Server SSL not working : ' + str(e))

    print(G + ' [+] SSlScan Module Completed!' + C + color.TR2 + C)