) kb = self._scanner.get_knowledge_base() for cipher in ciphers: conn = self._scanner.handler.connect() # ToDo: error handling ctx = SSL.Context(cipher.method) ctx.set_cipher_list(cipher.name) conn_ssl = SSL.Connection(ctx, conn) #print(conn_ssl.get_cipher_list()) conn_ssl.set_connect_state() cipher_status = _util.lib.SSL_do_handshake(conn_ssl._ssl) if cipher_status < 0: cipher.status = -1 elif cipher_status == 0: cipher.status = 0 elif cipher_status == 1: cipher.status = 1 # ToDo: handle alerts kb.append('server.ciphers', cipher) conn_ssl.close() modules.register(ServerCiphers)
pass # ToDo: improve parsing server_info["banner"] = buf if self._server_info is None: self._server_info = server_info def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn self._connect(conn) conn.send(b". STARTTLS\r\n") buf = conn.recv(4096) buf = buf.strip() if not buf.startswith(b". OK"): raise StartTLSError() return conn def get_server_info(self, conn=None): if self._server_info is None and conn is not None: self._connect(conn) return self._server_info modules.register(IMAP)
"server.certificate.x509.not_after", rules=[ lambda v, i, kb: 6 if v < datetime.now() else None ], ) ) self.add_rule( RatingRule( "server.certificate.x509.not_before", rules=[ lambda v, i, kb: 6 if v > datetime.now() else None ], ) ) self.add_rule( RatingRule( "server.renegotiation.secure", rules=[ lambda v, i, kb: 6 if v == False else None, lambda v, i, kb: 1 if v == True else None ] ) ) modules.register(SSLLabs2009c) modules.register(SSLLabs2009d) modules.register(SSLLabs2009e)
value=kb_supported ) ) kb.set( "vulnerability.custom.heartbleed.vulnerable", ResultValue( label="Vulnerable", value=kb_vulnerable ) ) if kb_vulnerable is True: payload = result_heartbeat.payload # Remove 3-byte Heartbeat header from payload data if len(payload) < 3: payload = b"" else: payload = payload[3:] kb.set( "vulnerability.custom.heartbleed.payload.length", ResultValue( label="Payload-Length", value=len(payload) ) ) modules.register(VulnerabilityHeartbleed)
kb = self._scanner.get_knowledge_base() protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() scsv_status = None kb.set("server.security.scsv", None) for protocol_version in protocol_versions: if protocol_version != flextls.registry.version.SSLv2: cipher_suites = flextls.registry.tls.cipher_suites.get_ids() scsv_cur_status = None try: scsv_cur_status = self._connect_with_scsv( protocol_version, cipher_suites) except Timeout: continue if scsv_cur_status is None: continue if scsv_cur_status is True: kb.set("server.security.scsv", True) break if scsv_status is False and scsv_cur_status is False: kb.set("server.security.scsv", False) break scsv_status = scsv_cur_status modules.register(ServerSCSV)
ctx.set_cipher_list("ALL:COMPLEMENT") ctx.set_options(_util.lib.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) conn = self._scanner.handler.connect() conn_ssl = SSL.Connection(ctx, conn._socket) conn_ssl.set_tlsext_host_name(self._scanner.handler.hostname.encode("utf-8")) conn_ssl.set_connect_state() try: conn_ssl.do_handshake() except Exception as e: # ToDo: # print(e) conn_ssl.close() continue kb.set("server.renegotiation.support", False) if _util.lib.SSL_get_secure_renegotiation_support(conn_ssl._ssl) == 1: kb.set("server.renegotiation.secure", True) kb.set("server.renegotiation.support", True) else: kb.set("server.renegotiation.secure", False) kb.set("server.renegotiation.support", False) cipher_status = _util.lib.SSL_do_handshake(conn_ssl._ssl) if cipher_status == 1: if _util.lib.SSL_get_state(conn_ssl._ssl) == SSL.SSL_ST_OK: kb.set("server.renegotiation.support", True) conn_ssl.close() modules.register(ServerRenegotiation)
try: conn_ssl.do_handshake() except Exception as e: print(e) conn_ssl.close() continue server_info = self._scanner.handler.get_server_info(conn_ssl) conn_ssl.close() if server_info is None: return kb.set( "server.custom.protocol.imap", ResultGroup( label="IMAP Information" ) ) kb.set( "server.custom.protocol.imap.banner", ResultValue( label="Server banner", value=server_info.get("banner") ) ) modules.register(ProtocolIMAP)
buf = conn.recv(4096) if not buf.startswith(b"250"): return None if self._server_info is None: self._server_info = server_info def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn self._connect(conn) conn.send(b"STARTTLS\r\n") buf = conn.recv(4096) if not buf.startswith(b"220"): raise StartTLSError() return conn def get_server_info(self, conn=None): if self._server_info is None and conn is not None: self._connect(conn) return self._server_info modules.register(SMTP)
def __init__(self, **kwargs): BaseScan.__init__(self, **kwargs) def run(self): kb = self._scanner.get_knowledge_base() for method in self._scanner.get_enabled_methods(): try: ctx = SSL.Context(method) except: # ToDo: continue conn = SSL.Connection(ctx) ctx.set_cipher_list("ALL:COMPLEMENT") cipher_ptr = _util.lib.SSL_get_ciphers(conn._ssl) for i in range(_util.lib.sk_SSL_CIPHER_num(cipher_ptr)): cipher = _util.lib.sk_SSL_CIPHER_value(cipher_ptr, i) kb.append( 'client.ciphers', Cipher( bits=_util.lib.SSL_CIPHER_get_bits(cipher, _util.ffi.NULL), method=method, name=_util.ffi.string(_util.lib.SSL_CIPHER_get_name(cipher)) ) ) modules.register(ClientCiphers)
"type": "float", })] def __init__(self, **kwargs): self.time_last_connect = None BaseHandler.__init__(self, **kwargs) def connect(self): time_delay = self.config.get_value("delay") if self.time_last_connect is not None: while True: tmp = datetime.now() - self.time_last_connect time_delta = tmp.total_seconds() time_sleep = time_delay - time_delta logger.debug( "Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format( time_delta, time_sleep)) if time_delta > time_delay: break sleep(time_sleep) self.time_last_connect = datetime.now() sock = socket(AF_INET, SOCK_DGRAM) sock.connect((self.host, self.port)) return Connection(handler=self, sock=sock) modules.register(UDP)
def __init__(self, **kwargs): if getattr(self, "port", None) is None: self.port = 443 self.time_last_connect = None BaseHandler.__init__(self, **kwargs) def connect(self): time_delay = self.config.get_value("delay") if self.time_last_connect is not None: while True: tmp = datetime.now() - self.time_last_connect time_delta = tmp.total_seconds() time_sleep = time_delay - time_delta logger.debug( "Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format( time_delta, time_sleep)) if time_delta > time_delay: break sleep(time_sleep) self.time_last_connect = datetime.now() conn = socket() conn.connect((self.host, self.port)) return conn modules.register(TCP)
protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() detected_protocols = None for protocol_version in protocol_versions: if protocol_version == flextls.registry.version.SSLv2: continue try: detected_protocols = self._scan_next_protocol_tls( protocol_version) except Timeout: continue if detected_protocols is not None: break if detected_protocols is None or len(detected_protocols) == 0: kb.set("server.extension.next_protocol_negotiation", False) else: tmp_proto = [] for protocol in detected_protocols: tmp_proto.append( flextls.registry.tls.alpn_protocols.get(protocol)) kb.set("server.extension.next_protocol_negotiation", tmp_proto) modules.register(ServerNextProtocolNegotiation)
def __init__(self, **kwargs): BaseScan.__init__(self, **kwargs) def run(self): kb = self._scanner.get_knowledge_base() for method in self._scanner.get_enabled_methods(): try: ctx = SSL.Context(method) except: # ToDo: continue conn = SSL.Connection(ctx) ctx.set_cipher_list("ALL:COMPLEMENT") cipher_ptr = _util.lib.SSL_get_ciphers(conn._ssl) for i in range(_util.lib.sk_SSL_CIPHER_num(cipher_ptr)): cipher = _util.lib.sk_SSL_CIPHER_value(cipher_ptr, i) kb.append( 'client.ciphers', Cipher(bits=_util.lib.SSL_CIPHER_get_bits( cipher, _util.ffi.NULL), method=method, name=_util.ffi.string( _util.lib.SSL_CIPHER_get_name(cipher)))) modules.register(ClientCiphers)
conn = self._scanner.handler.connect() conn_ssl = SSL.Connection(ctx, conn._socket) conn_ssl.set_tlsext_host_name( self._scanner.handler.hostname.encode("utf-8")) conn_ssl.set_connect_state() try: conn_ssl.do_handshake() except Exception as e: # ToDo: # print(e) conn_ssl.close() continue kb.set("server.renegotiation.support", False) if _util.lib.SSL_get_secure_renegotiation_support( conn_ssl._ssl) == 1: kb.set("server.renegotiation.secure", True) kb.set("server.renegotiation.support", True) else: kb.set("server.renegotiation.secure", False) kb.set("server.renegotiation.support", False) cipher_status = _util.lib.SSL_do_handshake(conn_ssl._ssl) if cipher_status == 1: if _util.lib.SSL_get_state(conn_ssl._ssl) == SSL.SSL_ST_OK: kb.set("server.renegotiation.support", True) conn_ssl.close() modules.register(ServerRenegotiation)
server_info["hostname"] = hostname if self._server_info is None: self._server_info = server_info def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn self._connect(conn) conn.send(b"STLS\r\n") buf = conn.recv(4096) buf = buf.strip() # +OK Begin TLS negotiation now' print(buf) if not buf.startswith(b"+OK Begin"): return None return conn def get_server_info(self, conn=None): if self._server_info is None and conn is not None: self._connect(conn) return self._server_info modules.register(POP3)
if data.find(b"\r\n\r\n") >= 0: break lines = data.splitlines() if len(lines) == 0: return None m = self._regex_status.match(lines.pop(0).decode('iso-8859-1')) if not m: return None result = { "code": int(m.group("code")), "headers": [], "message": m.group("message"), "version": m.group("version") } for line in lines: if line == "": break line = line.decode('iso-8859-1') name, sep, value = line.partition(":") result["headers"].append((name, value)) if self._server_info is None: self._server_info = result modules.register(HTTP)
if kb.get("server.extension.alpn") is not None: return protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() detected_protocols = None for protocol_version in protocol_versions: if protocol_version == flextls.registry.version.SSLv2: continue try: detected_protocols = self._scan_alpn_tls(protocol_version) except Timeout: continue if detected_protocols is not None: break if detected_protocols is None or len(detected_protocols) == 0: kb.set("server.extension.alpn", False) else: tmp_proto = [] for protocol in detected_protocols: tmp_proto.append(flextls.registry.tls.alpn_protocols.get(protocol)) kb.set("server.extension.alpn", tmp_proto) modules.register(ServerApplicationLayerProtocolNegotiation)
""" name = "server.compression" def run(self): kb = self._scanner.get_knowledge_base() if kb.get("server.session.compression") is not None: return protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() for protocol_version in protocol_versions: if protocol_version == flextls.registry.version.SSLv2: continue else: cipher_suites = flextls.registry.tls.cipher_suites[:] try: self._scan_cipher_suites(protocol_version, cipher_suites, limit=1) except Timeout: continue if kb.get("server.session.compression") is not None: return modules.register(ServerCompression)
conn.send(b"EHLO example.org\r\n") buf = conn.recv(4096) if not buf.startswith(b"250"): return None if self._server_info is None: self._server_info = server_info def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn self._connect(conn) conn.send(b"STARTTLS\r\n") buf = conn.recv(4096) if not buf.startswith(b"220"): return None return conn def get_server_info(self, conn=None): if self._server_info is None and conn is not None: self._connect(conn) return self._server_info modules.register(SMTP)
"starttls", { "default": False, "help": "", "type": "bool" } ) ] def __init__(self, **kwargs): self.port = 389 TCP.__init__(self, **kwargs) def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn conn.send(b"0\x1d\x02\x01\x01w\x18\x80\x161.3.6.1.4.1.1466.20037") buf = conn.recv(4096) # ToDo: Improve parsing # b"0\x84\x00\x00\x00(\x02\x01\x01x\x84\x00\x00\x00\x1f\n\x01\x00\x04\x00\x04\x00\x8a\x161.3.6.1.4.1.1466.20037" if not buf.endswith(b"1.3.6.1.4.1.1466.20037"): raise StartTLSError() return conn modules.register(LDAP)
self.add_rule( RatingRule("server.certificate.x509.signature_algorithm", rules=[ lambda v, i, kb: 6 if v.startswith("md2") else None, lambda v, i, kb: 6 if v.startswith("md5") else None, ])) self.add_rule( RatingRule( "server.certificate.x509.not_after", rules=[lambda v, i, kb: 6 if v < datetime.now() else None], )) self.add_rule( RatingRule( "server.certificate.x509.not_before", rules=[lambda v, i, kb: 6 if v > datetime.now() else None], )) self.add_rule( RatingRule("server.renegotiation.secure", rules=[ lambda v, i, kb: 6 if v == False else None, lambda v, i, kb: 1 if v == True else None ])) modules.register(BuiltIn_0_5)
except Exception as e: print(e) conn_ssl.close() continue cert = conn_ssl.get_peer_certificate() kb = self._scanner.get_knowledge_base() kb.set("server.certificate", cert) cert_chain = conn_ssl.get_peer_cert_chain() kb.set("server.certificate_chain", cert_chain) compression_ssl = _util.lib.SSL_get_current_compression(conn_ssl._ssl) compression = _util.lib.SSL_COMP_get_name(compression_ssl) if compression == _util.ffi.NULL: kb.set("server.session.compression", False) else: kb.set("server.session.compression", _util.ffi.string(compression)) expansion_ssl = _util.lib.SSL_get_current_expansion(conn_ssl._ssl) expansion = _util.lib.SSL_COMP_get_name(expansion_ssl) if expansion == _util.ffi.NULL: kb.set("server.session.expansion", False) else: kb.set("server.session.expansion", _util.ffi.string(compression)) return modules.register(ServerCertificate)
if protocol_version == flextls.registry.version.SSLv2: continue cipher_suites = [] for cipher_suite in flextls.registry.tls.cipher_suites[:]: if cipher_suite.key_exchange.startswith("ECD"): cipher_suites.append(cipher_suite) elliptic_curves = flextls.registry.ec.named_curves[:] try: detected_elliptic_curves = self._scan_elliptic_curves( protocol_version, elliptic_curves=elliptic_curves ) except Timeout: continue for ec_id in detected_elliptic_curves: elliptic_curve = flextls.registry.ec.named_curves.get( ec_id ) kb.append( "server.ec.named_curves", ECResult( protocol_version=protocol_version, elliptic_curve=elliptic_curve ) ) modules.register(ServerEllipticCurves)
def run(self): if self._scanner.handler.name != "pop3": return kb = self._scanner.get_knowledge_base() server_info = self._get_server_info() if server_info is None: return kb.set( "server.custom.protocol.pop3", ResultGroup( label="POP3 Information" ) ) hostname = server_info.get("hostname") if hostname is not None: kb.set( "server.custom.protocol.pop3.hostname", ResultValue( label="Provided hostname", value=hostname ) ) modules.register(ProtocolPOP3)
"cipher.protocol_version", rules=[ lambda v, i, kb: 6 if v == reg.version.SSLv2 else None, ] ) ) self.add_rule( RatingRule( "cipher.name", rules=[ lambda v, i, kb: 5 if "EXP" in v else None, lambda v, i, kb: 3 if "RC" in v else None, lambda v, i, kb: 5 if "ADH" in v else None ], ) ) self.add_rule( RatingRule( "server.renegotiation.secure", rules=[ lambda v, i, kb: 6 if v == False else None, lambda v, i, kb: 1 if v == True else None ] ) ) modules.register(RBSec)
continue cipher_suites = [] for cipher_suite in flextls.registry.tls.cipher_suites[:]: if cipher_suite.key_exchange.startswith("ECD"): cipher_suites.append(cipher_suite) elliptic_curves = flextls.registry.ec.named_curves[:] try: detected_elliptic_curves = self._scan_elliptic_curves( protocol_version, cipher_suites, elliptic_curves=elliptic_curves ) except Timeout: continue for ec_id in detected_elliptic_curves: elliptic_curve = flextls.registry.ec.named_curves.get( ec_id ) kb.append( "server.ec.named_curves", ECResult( protocol_version=protocol_version, elliptic_curve=elliptic_curve ) ) modules.register(EllipticCurves)
return detected_elliptic_curves def run(self): kb = self._scanner.get_knowledge_base() for protocol_version in self._scanner.get_enabled_versions(): if protocol_version == flextls.registry.version.SSLv2: continue cipher_suites = [] for cipher_suite in flextls.registry.tls.cipher_suites[:]: if cipher_suite.key_exchange.startswith("ECD"): cipher_suites.append(cipher_suite) elliptic_curves = flextls.registry.ec.named_curves[:] try: detected_elliptic_curves = self._scan_elliptic_curves( protocol_version, elliptic_curves=elliptic_curves) except Timeout: continue for ec_id in detected_elliptic_curves: elliptic_curve = flextls.registry.ec.named_curves.get(ec_id) kb.append( "server.ec.named_curves", ECResult(protocol_version=protocol_version, elliptic_curve=elliptic_curve)) modules.register(ServerEllipticCurves)
protocol_version=protocol_version, cipher_suite=None, status=0, )) continue cipher_suites.reverse() try: tmp2 = self._scan_cipher_suites(protocol_version, cipher_suites, limit=1) except Timeout: continue if tmp1[0] == tmp2[0]: cipher_suite = flextls.registry.tls.cipher_suites.get( tmp1[0]) else: cipher_suite = False kb.append( "server.preferred_ciphers", CipherResult( protocol_version=protocol_version, cipher_suite=cipher_suite, status=1, )) modules.register(ServerPreferredCiphers)
from sslscan import modules from sslscan.module.rating import BaseRating class NoneRating(BaseRating): """ Dummy rating. """ name = "none" modules.register(NoneRating)
def run(self): if self._scanner.handler.name != "imap": return kb = self._scanner.get_knowledge_base() server_info = self._get_server_info() if server_info is None: return kb.set( "server.custom.protocol.imap", ResultGroup( label="IMAP Information" ) ) banner = server_info.get("banner") if banner is not None: kb.set( "server.custom.protocol.imap.banner", ResultValue( label="Server banner", value=banner ) ) modules.register(ProtocolIMAP)
cipher_suite = flextls.registry.sslv2.cipher_suites.get( cipher_id) kb.append( "server.ciphers", CipherResult( protocol_version=protocol_version, cipher_suite=cipher_suite, status=1, )) else: cipher_suites = flextls.registry.tls.cipher_suites[:] detected_ciphers = [] try: detected_ciphers = self._scan_cipher_suites( protocol_version, cipher_suites) except Timeout: continue for cipher_id in detected_ciphers: cipher_suite = flextls.registry.tls.cipher_suites.get( cipher_id) kb.append( "server.ciphers", CipherResult( protocol_version=protocol_version, cipher_suite=cipher_suite, status=1, )) modules.register(ServerCiphers)
self.add_rule( RatingRule( "server.certificate.x509.not_after", rules=[ lambda v, i, kb: 6 if v < datetime.now() else None ], ) ) self.add_rule( RatingRule( "server.certificate.x509.not_before", rules=[ lambda v, i, kb: 6 if v > datetime.now() else None ], ) ) self.add_rule( RatingRule( "server.renegotiation.secure", rules=[ lambda v, i, kb: 6 if v == False else None, lambda v, i, kb: 1 if v == True else None ] ) ) modules.register(BuiltIn_0_5)
cipher_suite=None, status=0, ) ) continue cipher_suites.reverse() try: tmp2 = self._scan_cipher_suites(protocol_version, cipher_suites, limit=1) except Timeout: continue if tmp1[0] == tmp2[0]: cipher_suite = flextls.registry.tls.cipher_suites.get( tmp1[0] ) else: cipher_suite = False kb.append( "server.preferred_ciphers", CipherResult( protocol_version=protocol_version, cipher_suite=cipher_suite, status=1, ) ) modules.register(ServerPreferredCiphers)
return protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() detected_protocols = None for protocol_version in protocol_versions: if protocol_version == flextls.registry.version.SSLv2: continue try: detected_protocols = self._scan_alpn_tls(protocol_version) except Timeout: continue if detected_protocols is not None: break if detected_protocols is None or len(detected_protocols) == 0: kb.set("server.extension.alpn", False) else: tmp_proto = [] for protocol in detected_protocols: tmp_proto.append( flextls.registry.tls.alpn_protocols.get(protocol)) kb.set("server.extension.alpn", tmp_proto) modules.register(ServerApplicationLayerProtocolNegotiation)
if self._server_info is None: self._server_info = server_info def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn self._connect(conn) conn.send(b"STLS\r\n") buf = conn.recv(4096) buf = buf.strip() # +OK Begin TLS negotiation now' # ToDo: # print(buf) if not buf.startswith(b"+OK Begin"): raise StartTLSError() return conn def get_server_info(self, conn=None): if self._server_info is None and conn is not None: self._connect(conn) return self._server_info modules.register(POP3)
kb_vulnerable = False elif result_heartbeat is True: kb_supported = True kb_vulnerable = False else: kb_supported = True kb_vulnerable = True #print(hb.payload.payload) kb.set( "vulnerability.custom.heartbleed.extension_present", ResultValue(label="Heartbeat Extension present", value=kb_supported)) kb.set("vulnerability.custom.heartbleed.vulnerable", ResultValue(label="Vulnerable", value=kb_vulnerable)) if kb_vulnerable is True: payload = result_heartbeat.payload # Remove 3-byte Heartbeat header from payload data if len(payload) < 3: payload = b"" else: payload = payload[3:] kb.set("vulnerability.custom.heartbleed.payload.length", ResultValue(label="Payload-Length", value=len(payload))) modules.register(VulnerabilityHeartbleed)
RatingRule("server.certificate.x509.signature_algorithm", rules=[ lambda v, i, kb: 6 if v.startswith("md2") else None, lambda v, i, kb: 6 if v.startswith("md5") else None, ])) self.add_rule( RatingRule( "server.certificate.x509.not_after", rules=[lambda v, i, kb: 6 if v < datetime.now() else None], )) self.add_rule( RatingRule( "server.certificate.x509.not_before", rules=[lambda v, i, kb: 6 if v > datetime.now() else None], )) self.add_rule( RatingRule("server.renegotiation.secure", rules=[ lambda v, i, kb: 6 if v == False else None, lambda v, i, kb: 1 if v == True else None ])) modules.register(SSLLabs2009c) modules.register(SSLLabs2009d) modules.register(SSLLabs2009e)
} ) ] def __init__(self, **kwargs): self.port = 3389 TCP.__init__(self, **kwargs) def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn conn.send(b"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00") buf = conn.recv(4) if not buf or len(buf) != 4 or buf[:2] != b"\x03\x00": raise StartTLSError() import struct packet_len = struct.unpack(">H", buf[2:])[0] - 4 data = conn.recv(packet_len) if not data or len(data) != packet_len : raise StartTLSError() return conn modules.register(RDP)
class ProtocolSMTP(BaseInfoScan): """ Extract additional information. Perform a SMTP request and extract additional information. """ name = "protocol.smtp" def run(self): if self._scanner.handler.name != "smtp": return kb = self._scanner.get_knowledge_base() server_info = self._get_server_info() if server_info is None: return kb.set("server.custom.protocol.smtp", ResultGroup(label="SMTP Information")) banner = server_info.get("banner") if banner is not None: kb.set("server.custom.protocol.smtp.banner", ResultValue(label="Server banner", value=banner)) modules.register(ProtocolSMTP)
" Expansion: {0}".format( expansion, helper.rating2color(self.color, rating_expansion), self.color.RESET ) ) print("") def run(self): kb = self._scanner.get_knowledge_base() self._rating = self._scanner.load_rating(self.config.get_value("rating")) self._print_client_ciphers(kb) self._print_server_ciphers(kb) self._print_server_preferred_ciphers(kb) self._print_server_certificate_chain(kb) self._print_server_session(kb) self._print_host_renegotiation(kb) self._print_custom(kb, "server.custom") self._print_custom(kb, "vulnerability.custom") modules.register(Terminal)
Rating used in the sslscan tool by rbsec. More infos: https://github.com/rbsec/sslscan """ name = "rbsec" def __init__(self, **kwargs): BaseRating.__init__(self, **kwargs) self._rules.update({ "cipher.bits": [ lambda bits: 1 if bits > 56 else None, lambda bits: 3 if bits > 40 else None, lambda bits: 5 ], "cipher.method": [lambda method: 6 if method == SSL.SSLv2_METHOD else None], "cipher.name": [ lambda name: 5 if "EXP" in name else None, lambda name: 3 if "RC" in name else None, lambda name: 5 if "ADH" in name else None ], "server.renegotiation.secure": [ lambda status: 6 if status == False else None, lambda status: 1 if status == True else None ] }) modules.register(RBSec)
def run(self): kb = self._scanner.get_knowledge_base() protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() scsv_status = None kb.set("server.security.scsv", None) for protocol_version in protocol_versions: if protocol_version != flextls.registry.version.SSLv2: cipher_suites = flextls.registry.tls.cipher_suites.get_ids() scsv_cur_status = None try: scsv_cur_status = self._connect_with_scsv(protocol_version, cipher_suites) except Timeout: continue if scsv_cur_status is None: continue if scsv_cur_status is True: kb.set("server.security.scsv", True) break if scsv_status is False and scsv_cur_status is False: kb.set("server.security.scsv", False) break scsv_status = scsv_cur_status modules.register(ServerSCSV)
) ) hsts = False for name, value in server_info.get("headers"): if name.lower() == "strict-transport-security": hsts = value elif name.lower() == "server": kb.set( "server.custom.protocol.http.header.server", ResultValue( label="Server", value=value ) ) if hsts is not False: hsts = True kb.set( "server.custom.protocol.http.hsts", ResultValue( label="Strict-Transport-Security", value=hsts ) ) modules.register(ProtocolHTTP)
self.time_last_connect = None BaseHandler.__init__(self, **kwargs) def connect(self): time_delay = self.config.get_value("delay") if self.time_last_connect is not None: while True: tmp = datetime.now() - self.time_last_connect time_delta = tmp.total_seconds() time_sleep = time_delay - time_delta logger.debug( "Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format( time_delta, time_sleep ) ) if time_delta > time_delay: break sleep(time_sleep) self.time_last_connect = datetime.now() conn = socket() conn.connect((self.host, self.port)) return conn modules.register(TCP)
kb.set( "server.custom.protocol.http.status.message", ResultValue(label="Status-Message", value=req_res.get("message"))) kb.set("server.custom.protocol.http.version", ResultValue(label="Version", value=req_res.get("version"))) hsts = None for name, value in req_res.get("headers"): if name.lower() == "strict-transport-security": hsts = value elif name.lower() == "server": kb.set("server.custom.protocol.http.header.server", ResultValue(label="Server", value=value)) res_hsts = ResultValue(label="Strict-Transport-Security") if hsts is not None: res_hsts.value = True else: res_hsts.value = False kb.set("server.custom.protocol.http.hsts", res_hsts) return modules.register(ProtocolHTTP)
config_options = TCP.config_options + [("starttls", { "default": False, "help": "", "type": "bool" })] def __init__(self, **kwargs): self.port = 389 TCP.__init__(self, **kwargs) def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn conn.send(b"0\x1d\x02\x01\x01w\x18\x80\x161.3.6.1.4.1.1466.20037") buf = conn.recv(4096) # ToDo: Improve parsing # b"0\x84\x00\x00\x00(\x02\x01\x01x\x84\x00\x00\x00\x1f\n\x01\x00\x04\x00\x04\x00\x8a\x161.3.6.1.4.1.1466.20037" if not buf.endswith(b"1.3.6.1.4.1.1466.20037"): raise StartTLSError() return conn modules.register(LDAP)
def connect(self): time_delay = self.config.get_value("delay") if self.time_last_connect is not None: while True: tmp = datetime.now() - self.time_last_connect time_delta = tmp.total_seconds() time_sleep = time_delay - time_delta logger.debug( "Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format( time_delta, time_sleep ) ) if time_delta > time_delay: break sleep(time_sleep) self.time_last_connect = datetime.now() sock = socket(AF_INET, SOCK_DGRAM) sock.connect((self.host, self.port)) return Connection( handler=self, sock=sock ) modules.register(UDP)
def run(self): if self._scanner.handler.name != "smtp": return kb = self._scanner.get_knowledge_base() server_info = self._get_server_info() if server_info is None: return kb.set( "server.custom.protocol.smtp", ResultGroup( label="SMTP Information" ) ) banner = server_info.get("banner") if banner is not None: kb.set( "server.custom.protocol.smtp.banner", ResultValue( label="Server banner", value=banner ) ) modules.register(ProtocolSMTP)
# ToDo: improve parsing server_info["banner"] = buf if self._server_info is None: self._server_info = server_info def connect(self): # ToDo: raise exception conn = TCP.connect(self) if not self.config.get_value("starttls"): return conn self._connect(conn) conn.send(b". STARTTLS\r\n") buf = conn.recv(4096) buf = buf.strip() if not buf.startswith(b". OK"): return None return conn def get_server_info(self, conn=None): if self._server_info is None and conn is not None: self._connect(conn) return self._server_info modules.register(IMAP)
class ProtocolPOP3(BaseInfoScan): """ Extract additional information. Perform a POP3 request and extract additional information. """ name = "protocol.pop3" def run(self): if self._scanner.handler.name != "pop3": return kb = self._scanner.get_knowledge_base() server_info = self._get_server_info() if server_info is None: return kb.set("server.custom.protocol.pop3", ResultGroup(label="POP3 Information")) hostname = server_info.get("hostname") if hostname is not None: kb.set("server.custom.protocol.pop3.hostname", ResultValue(label="Provided hostname", value=hostname)) modules.register(ProtocolPOP3)
if kb.get("server.extension.next_protocol_negotiation") is not None: return protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() detected_protocols = None for protocol_version in protocol_versions: if protocol_version == flextls.registry.version.SSLv2: continue try: detected_protocols = self._scan_next_protocol_tls(protocol_version) except Timeout: continue if detected_protocols is not None: break if detected_protocols is None or len(detected_protocols) == 0: kb.set("server.extension.next_protocol_negotiation", False) else: tmp_proto = [] for protocol in detected_protocols: tmp_proto.append(flextls.registry.tls.alpn_protocols.get(protocol)) kb.set("server.extension.next_protocol_negotiation", tmp_proto) modules.register(ServerNextProtocolNegotiation)
name = "server.compression" def run(self): kb = self._scanner.get_knowledge_base() if kb.get("server.session.compression") is not None: return protocol_versions = self._scanner.get_enabled_versions() protocol_versions.reverse() for protocol_version in protocol_versions: if protocol_version == flextls.registry.version.SSLv2: continue else: cipher_suites = flextls.registry.tls.cipher_suites[:] try: self._scan_cipher_suites( protocol_version, cipher_suites, limit=1 ) except Timeout: continue if kb.get("server.session.compression") is not None: return modules.register(ServerCompression)
def run(self): kb = self._scanner.get_knowledge_base() for protocol_version in self._scanner.get_enabled_versions(): if protocol_version == flextls.registry.version.SSLv2: continue cipher_suites = [] for cipher_suite in flextls.registry.tls.cipher_suites[:]: if cipher_suite.key_exchange.startswith("ECD"): cipher_suites.append(cipher_suite) elliptic_curves = flextls.registry.ec.named_curves[:] try: detected_elliptic_curves = self._scan_elliptic_curves( protocol_version, cipher_suites, elliptic_curves=elliptic_curves) except Timeout: continue for ec_id in detected_elliptic_curves: elliptic_curve = flextls.registry.ec.named_curves.get(ec_id) kb.append( "server.ec.named_curves", ECResult(protocol_version=protocol_version, elliptic_curve=elliptic_curve)) modules.register(EllipticCurves)