)
kb = self._scanner.get_knowledge_base()
for cipher in ciphers:
conn = self._scanner.handler.connect()
# ToDo: error handling
ctx = SSL.Context(cipher.method)
ctx.set_cipher_list(cipher.name)
conn_ssl = SSL.Connection(ctx, conn)
#print(conn_ssl.get_cipher_list())
conn_ssl.set_connect_state()
cipher_status = _util.lib.SSL_do_handshake(conn_ssl._ssl)
if cipher_status < 0:
cipher.status = -1
elif cipher_status == 0:
cipher.status = 0
elif cipher_status == 1:
cipher.status = 1
# ToDo: handle alerts
kb.append('server.ciphers', cipher)
conn_ssl.close()
modules.register(ServerCiphers)
pass
# ToDo: improve parsing
server_info["banner"] = buf
if self._server_info is None:
self._server_info = server_info
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
self._connect(conn)
conn.send(b". STARTTLS\r\n")
buf = conn.recv(4096)
buf = buf.strip()
if not buf.startswith(b". OK"):
raise StartTLSError()
return conn
def get_server_info(self, conn=None):
if self._server_info is None and conn is not None:
self._connect(conn)
return self._server_info
modules.register(IMAP)
"server.certificate.x509.not_after",
rules=[
lambda v, i, kb: 6 if v < datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[
lambda v, i, kb: 6 if v > datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.renegotiation.secure",
rules=[
lambda v, i, kb: 6 if v == False else None,
lambda v, i, kb: 1 if v == True else None
]
)
)
modules.register(SSLLabs2009c)
modules.register(SSLLabs2009d)
modules.register(SSLLabs2009e)
value=kb_supported
)
)
kb.set(
"vulnerability.custom.heartbleed.vulnerable",
ResultValue(
label="Vulnerable",
value=kb_vulnerable
)
)
if kb_vulnerable is True:
payload = result_heartbeat.payload
# Remove 3-byte Heartbeat header from payload data
if len(payload) < 3:
payload = b""
else:
payload = payload[3:]
kb.set(
"vulnerability.custom.heartbleed.payload.length",
ResultValue(
label="Payload-Length",
value=len(payload)
)
)
modules.register(VulnerabilityHeartbleed)
kb = self._scanner.get_knowledge_base()
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
scsv_status = None
kb.set("server.security.scsv", None)
for protocol_version in protocol_versions:
if protocol_version != flextls.registry.version.SSLv2:
cipher_suites = flextls.registry.tls.cipher_suites.get_ids()
scsv_cur_status = None
try:
scsv_cur_status = self._connect_with_scsv(
protocol_version, cipher_suites)
except Timeout:
continue
if scsv_cur_status is None:
continue
if scsv_cur_status is True:
kb.set("server.security.scsv", True)
break
if scsv_status is False and scsv_cur_status is False:
kb.set("server.security.scsv", False)
break
scsv_status = scsv_cur_status
modules.register(ServerSCSV)
ctx.set_cipher_list("ALL:COMPLEMENT")
ctx.set_options(_util.lib.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
conn = self._scanner.handler.connect()
conn_ssl = SSL.Connection(ctx, conn._socket)
conn_ssl.set_tlsext_host_name(self._scanner.handler.hostname.encode("utf-8"))
conn_ssl.set_connect_state()
try:
conn_ssl.do_handshake()
except Exception as e:
# ToDo:
# print(e)
conn_ssl.close()
continue
kb.set("server.renegotiation.support", False)
if _util.lib.SSL_get_secure_renegotiation_support(conn_ssl._ssl) == 1:
kb.set("server.renegotiation.secure", True)
kb.set("server.renegotiation.support", True)
else:
kb.set("server.renegotiation.secure", False)
kb.set("server.renegotiation.support", False)
cipher_status = _util.lib.SSL_do_handshake(conn_ssl._ssl)
if cipher_status == 1:
if _util.lib.SSL_get_state(conn_ssl._ssl) == SSL.SSL_ST_OK:
kb.set("server.renegotiation.support", True)
conn_ssl.close()
modules.register(ServerRenegotiation)
try:
conn_ssl.do_handshake()
except Exception as e:
print(e)
conn_ssl.close()
continue
server_info = self._scanner.handler.get_server_info(conn_ssl)
conn_ssl.close()
if server_info is None:
return
kb.set(
"server.custom.protocol.imap",
ResultGroup(
label="IMAP Information"
)
)
kb.set(
"server.custom.protocol.imap.banner",
ResultValue(
label="Server banner",
value=server_info.get("banner")
)
)
modules.register(ProtocolIMAP)
buf = conn.recv(4096)
if not buf.startswith(b"250"):
return None
if self._server_info is None:
self._server_info = server_info
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
self._connect(conn)
conn.send(b"STARTTLS\r\n")
buf = conn.recv(4096)
if not buf.startswith(b"220"):
raise StartTLSError()
return conn
def get_server_info(self, conn=None):
if self._server_info is None and conn is not None:
self._connect(conn)
return self._server_info
modules.register(SMTP)
def __init__(self, **kwargs):
BaseScan.__init__(self, **kwargs)
def run(self):
kb = self._scanner.get_knowledge_base()
for method in self._scanner.get_enabled_methods():
try:
ctx = SSL.Context(method)
except:
# ToDo:
continue
conn = SSL.Connection(ctx)
ctx.set_cipher_list("ALL:COMPLEMENT")
cipher_ptr = _util.lib.SSL_get_ciphers(conn._ssl)
for i in range(_util.lib.sk_SSL_CIPHER_num(cipher_ptr)):
cipher = _util.lib.sk_SSL_CIPHER_value(cipher_ptr, i)
kb.append(
'client.ciphers',
Cipher(
bits=_util.lib.SSL_CIPHER_get_bits(cipher, _util.ffi.NULL),
method=method,
name=_util.ffi.string(_util.lib.SSL_CIPHER_get_name(cipher))
)
)
modules.register(ClientCiphers)
"type": "float",
})]
def __init__(self, **kwargs):
self.time_last_connect = None
BaseHandler.__init__(self, **kwargs)
def connect(self):
time_delay = self.config.get_value("delay")
if self.time_last_connect is not None:
while True:
tmp = datetime.now() - self.time_last_connect
time_delta = tmp.total_seconds()
time_sleep = time_delay - time_delta
logger.debug(
"Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format(
time_delta, time_sleep))
if time_delta > time_delay:
break
sleep(time_sleep)
self.time_last_connect = datetime.now()
sock = socket(AF_INET, SOCK_DGRAM)
sock.connect((self.host, self.port))
return Connection(handler=self, sock=sock)
modules.register(UDP)
def __init__(self, **kwargs):
if getattr(self, "port", None) is None:
self.port = 443
self.time_last_connect = None
BaseHandler.__init__(self, **kwargs)
def connect(self):
time_delay = self.config.get_value("delay")
if self.time_last_connect is not None:
while True:
tmp = datetime.now() - self.time_last_connect
time_delta = tmp.total_seconds()
time_sleep = time_delay - time_delta
logger.debug(
"Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format(
time_delta, time_sleep))
if time_delta > time_delay:
break
sleep(time_sleep)
self.time_last_connect = datetime.now()
conn = socket()
conn.connect((self.host, self.port))
return conn
modules.register(TCP)
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
detected_protocols = None
for protocol_version in protocol_versions:
if protocol_version == flextls.registry.version.SSLv2:
continue
try:
detected_protocols = self._scan_next_protocol_tls(
protocol_version)
except Timeout:
continue
if detected_protocols is not None:
break
if detected_protocols is None or len(detected_protocols) == 0:
kb.set("server.extension.next_protocol_negotiation", False)
else:
tmp_proto = []
for protocol in detected_protocols:
tmp_proto.append(
flextls.registry.tls.alpn_protocols.get(protocol))
kb.set("server.extension.next_protocol_negotiation", tmp_proto)
modules.register(ServerNextProtocolNegotiation)
def __init__(self, **kwargs):
BaseScan.__init__(self, **kwargs)
def run(self):
kb = self._scanner.get_knowledge_base()
for method in self._scanner.get_enabled_methods():
try:
ctx = SSL.Context(method)
except:
# ToDo:
continue
conn = SSL.Connection(ctx)
ctx.set_cipher_list("ALL:COMPLEMENT")
cipher_ptr = _util.lib.SSL_get_ciphers(conn._ssl)
for i in range(_util.lib.sk_SSL_CIPHER_num(cipher_ptr)):
cipher = _util.lib.sk_SSL_CIPHER_value(cipher_ptr, i)
kb.append(
'client.ciphers',
Cipher(bits=_util.lib.SSL_CIPHER_get_bits(
cipher, _util.ffi.NULL),
method=method,
name=_util.ffi.string(
_util.lib.SSL_CIPHER_get_name(cipher))))
modules.register(ClientCiphers)
conn = self._scanner.handler.connect()
conn_ssl = SSL.Connection(ctx, conn._socket)
conn_ssl.set_tlsext_host_name(
self._scanner.handler.hostname.encode("utf-8"))
conn_ssl.set_connect_state()
try:
conn_ssl.do_handshake()
except Exception as e:
# ToDo:
# print(e)
conn_ssl.close()
continue
kb.set("server.renegotiation.support", False)
if _util.lib.SSL_get_secure_renegotiation_support(
conn_ssl._ssl) == 1:
kb.set("server.renegotiation.secure", True)
kb.set("server.renegotiation.support", True)
else:
kb.set("server.renegotiation.secure", False)
kb.set("server.renegotiation.support", False)
cipher_status = _util.lib.SSL_do_handshake(conn_ssl._ssl)
if cipher_status == 1:
if _util.lib.SSL_get_state(conn_ssl._ssl) == SSL.SSL_ST_OK:
kb.set("server.renegotiation.support", True)
conn_ssl.close()
modules.register(ServerRenegotiation)
server_info["hostname"] = hostname
if self._server_info is None:
self._server_info = server_info
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
self._connect(conn)
conn.send(b"STLS\r\n")
buf = conn.recv(4096)
buf = buf.strip()
# +OK Begin TLS negotiation now'
print(buf)
if not buf.startswith(b"+OK Begin"):
return None
return conn
def get_server_info(self, conn=None):
if self._server_info is None and conn is not None:
self._connect(conn)
return self._server_info
modules.register(POP3)
if data.find(b"\r\n\r\n") >= 0:
break
lines = data.splitlines()
if len(lines) == 0:
return None
m = self._regex_status.match(lines.pop(0).decode('iso-8859-1'))
if not m:
return None
result = {
"code": int(m.group("code")),
"headers": [],
"message": m.group("message"),
"version": m.group("version")
}
for line in lines:
if line == "":
break
line = line.decode('iso-8859-1')
name, sep, value = line.partition(":")
result["headers"].append((name, value))
if self._server_info is None:
self._server_info = result
modules.register(HTTP)
if kb.get("server.extension.alpn") is not None:
return
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
detected_protocols = None
for protocol_version in protocol_versions:
if protocol_version == flextls.registry.version.SSLv2:
continue
try:
detected_protocols = self._scan_alpn_tls(protocol_version)
except Timeout:
continue
if detected_protocols is not None:
break
if detected_protocols is None or len(detected_protocols) == 0:
kb.set("server.extension.alpn", False)
else:
tmp_proto = []
for protocol in detected_protocols:
tmp_proto.append(flextls.registry.tls.alpn_protocols.get(protocol))
kb.set("server.extension.alpn", tmp_proto)
modules.register(ServerApplicationLayerProtocolNegotiation)
"""
name = "server.compression"
def run(self):
kb = self._scanner.get_knowledge_base()
if kb.get("server.session.compression") is not None:
return
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
for protocol_version in protocol_versions:
if protocol_version == flextls.registry.version.SSLv2:
continue
else:
cipher_suites = flextls.registry.tls.cipher_suites[:]
try:
self._scan_cipher_suites(protocol_version,
cipher_suites,
limit=1)
except Timeout:
continue
if kb.get("server.session.compression") is not None:
return
modules.register(ServerCompression)
conn.send(b"EHLO example.org\r\n")
buf = conn.recv(4096)
if not buf.startswith(b"250"):
return None
if self._server_info is None:
self._server_info = server_info
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
self._connect(conn)
conn.send(b"STARTTLS\r\n")
buf = conn.recv(4096)
if not buf.startswith(b"220"):
return None
return conn
def get_server_info(self, conn=None):
if self._server_info is None and conn is not None:
self._connect(conn)
return self._server_info
modules.register(SMTP)
if data.find(b"\r\n\r\n") >= 0:
break
lines = data.splitlines()
if len(lines) == 0:
return None
m = self._regex_status.match(lines.pop(0).decode('iso-8859-1'))
if not m:
return None
result = {
"code": int(m.group("code")),
"headers": [],
"message": m.group("message"),
"version": m.group("version")
}
for line in lines:
if line == "":
break
line = line.decode('iso-8859-1')
name, sep, value = line.partition(":")
result["headers"].append((name, value))
if self._server_info is None:
self._server_info = result
modules.register(HTTP)
"starttls", {
"default": False,
"help": "",
"type": "bool"
}
)
]
def __init__(self, **kwargs):
self.port = 389
TCP.__init__(self, **kwargs)
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
conn.send(b"0\x1d\x02\x01\x01w\x18\x80\x161.3.6.1.4.1.1466.20037")
buf = conn.recv(4096)
# ToDo: Improve parsing
# b"0\x84\x00\x00\x00(\x02\x01\x01x\x84\x00\x00\x00\x1f\n\x01\x00\x04\x00\x04\x00\x8a\x161.3.6.1.4.1.1466.20037"
if not buf.endswith(b"1.3.6.1.4.1.1466.20037"):
raise StartTLSError()
return conn
modules.register(LDAP)
self.add_rule(
RatingRule("server.certificate.x509.signature_algorithm",
rules=[
lambda v, i, kb: 6 if v.startswith("md2") else None,
lambda v, i, kb: 6 if v.startswith("md5") else None,
]))
self.add_rule(
RatingRule(
"server.certificate.x509.not_after",
rules=[lambda v, i, kb: 6 if v < datetime.now() else None],
))
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[lambda v, i, kb: 6 if v > datetime.now() else None],
))
self.add_rule(
RatingRule("server.renegotiation.secure",
rules=[
lambda v, i, kb: 6
if v == False else None, lambda v, i, kb: 1
if v == True else None
]))
modules.register(BuiltIn_0_5)
except Exception as e:
print(e)
conn_ssl.close()
continue
cert = conn_ssl.get_peer_certificate()
kb = self._scanner.get_knowledge_base()
kb.set("server.certificate", cert)
cert_chain = conn_ssl.get_peer_cert_chain()
kb.set("server.certificate_chain", cert_chain)
compression_ssl = _util.lib.SSL_get_current_compression(conn_ssl._ssl)
compression = _util.lib.SSL_COMP_get_name(compression_ssl)
if compression == _util.ffi.NULL:
kb.set("server.session.compression", False)
else:
kb.set("server.session.compression", _util.ffi.string(compression))
expansion_ssl = _util.lib.SSL_get_current_expansion(conn_ssl._ssl)
expansion = _util.lib.SSL_COMP_get_name(expansion_ssl)
if expansion == _util.ffi.NULL:
kb.set("server.session.expansion", False)
else:
kb.set("server.session.expansion", _util.ffi.string(compression))
return
modules.register(ServerCertificate)
if protocol_version == flextls.registry.version.SSLv2:
continue
cipher_suites = []
for cipher_suite in flextls.registry.tls.cipher_suites[:]:
if cipher_suite.key_exchange.startswith("ECD"):
cipher_suites.append(cipher_suite)
elliptic_curves = flextls.registry.ec.named_curves[:]
try:
detected_elliptic_curves = self._scan_elliptic_curves(
protocol_version,
elliptic_curves=elliptic_curves
)
except Timeout:
continue
for ec_id in detected_elliptic_curves:
elliptic_curve = flextls.registry.ec.named_curves.get(
ec_id
)
kb.append(
"server.ec.named_curves",
ECResult(
protocol_version=protocol_version,
elliptic_curve=elliptic_curve
)
)
modules.register(ServerEllipticCurves)
def run(self):
if self._scanner.handler.name != "pop3":
return
kb = self._scanner.get_knowledge_base()
server_info = self._get_server_info()
if server_info is None:
return
kb.set(
"server.custom.protocol.pop3",
ResultGroup(
label="POP3 Information"
)
)
hostname = server_info.get("hostname")
if hostname is not None:
kb.set(
"server.custom.protocol.pop3.hostname",
ResultValue(
label="Provided hostname",
value=hostname
)
)
modules.register(ProtocolPOP3)
"cipher.protocol_version",
rules=[
lambda v, i, kb: 6 if v == reg.version.SSLv2 else None,
]
)
)
self.add_rule(
RatingRule(
"cipher.name",
rules=[
lambda v, i, kb: 5 if "EXP" in v else None,
lambda v, i, kb: 3 if "RC" in v else None,
lambda v, i, kb: 5 if "ADH" in v else None
],
)
)
self.add_rule(
RatingRule(
"server.renegotiation.secure",
rules=[
lambda v, i, kb: 6 if v == False else None,
lambda v, i, kb: 1 if v == True else None
]
)
)
modules.register(RBSec)
continue
cipher_suites = []
for cipher_suite in flextls.registry.tls.cipher_suites[:]:
if cipher_suite.key_exchange.startswith("ECD"):
cipher_suites.append(cipher_suite)
elliptic_curves = flextls.registry.ec.named_curves[:]
try:
detected_elliptic_curves = self._scan_elliptic_curves(
protocol_version,
cipher_suites,
elliptic_curves=elliptic_curves
)
except Timeout:
continue
for ec_id in detected_elliptic_curves:
elliptic_curve = flextls.registry.ec.named_curves.get(
ec_id
)
kb.append(
"server.ec.named_curves",
ECResult(
protocol_version=protocol_version,
elliptic_curve=elliptic_curve
)
)
modules.register(EllipticCurves)
return detected_elliptic_curves
def run(self):
kb = self._scanner.get_knowledge_base()
for protocol_version in self._scanner.get_enabled_versions():
if protocol_version == flextls.registry.version.SSLv2:
continue
cipher_suites = []
for cipher_suite in flextls.registry.tls.cipher_suites[:]:
if cipher_suite.key_exchange.startswith("ECD"):
cipher_suites.append(cipher_suite)
elliptic_curves = flextls.registry.ec.named_curves[:]
try:
detected_elliptic_curves = self._scan_elliptic_curves(
protocol_version, elliptic_curves=elliptic_curves)
except Timeout:
continue
for ec_id in detected_elliptic_curves:
elliptic_curve = flextls.registry.ec.named_curves.get(ec_id)
kb.append(
"server.ec.named_curves",
ECResult(protocol_version=protocol_version,
elliptic_curve=elliptic_curve))
modules.register(ServerEllipticCurves)
protocol_version=protocol_version,
cipher_suite=None,
status=0,
))
continue
cipher_suites.reverse()
try:
tmp2 = self._scan_cipher_suites(protocol_version,
cipher_suites,
limit=1)
except Timeout:
continue
if tmp1[0] == tmp2[0]:
cipher_suite = flextls.registry.tls.cipher_suites.get(
tmp1[0])
else:
cipher_suite = False
kb.append(
"server.preferred_ciphers",
CipherResult(
protocol_version=protocol_version,
cipher_suite=cipher_suite,
status=1,
))
modules.register(ServerPreferredCiphers)
from sslscan import modules
from sslscan.module.rating import BaseRating
class NoneRating(BaseRating):
"""
Dummy rating.
"""
name = "none"
modules.register(NoneRating)
def run(self):
if self._scanner.handler.name != "imap":
return
kb = self._scanner.get_knowledge_base()
server_info = self._get_server_info()
if server_info is None:
return
kb.set(
"server.custom.protocol.imap",
ResultGroup(
label="IMAP Information"
)
)
banner = server_info.get("banner")
if banner is not None:
kb.set(
"server.custom.protocol.imap.banner",
ResultValue(
label="Server banner",
value=banner
)
)
modules.register(ProtocolIMAP)
cipher_suite = flextls.registry.sslv2.cipher_suites.get(
cipher_id)
kb.append(
"server.ciphers",
CipherResult(
protocol_version=protocol_version,
cipher_suite=cipher_suite,
status=1,
))
else:
cipher_suites = flextls.registry.tls.cipher_suites[:]
detected_ciphers = []
try:
detected_ciphers = self._scan_cipher_suites(
protocol_version, cipher_suites)
except Timeout:
continue
for cipher_id in detected_ciphers:
cipher_suite = flextls.registry.tls.cipher_suites.get(
cipher_id)
kb.append(
"server.ciphers",
CipherResult(
protocol_version=protocol_version,
cipher_suite=cipher_suite,
status=1,
))
modules.register(ServerCiphers)
self.add_rule(
RatingRule(
"server.certificate.x509.not_after",
rules=[
lambda v, i, kb: 6 if v < datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[
lambda v, i, kb: 6 if v > datetime.now() else None
],
)
)
self.add_rule(
RatingRule(
"server.renegotiation.secure",
rules=[
lambda v, i, kb: 6 if v == False else None,
lambda v, i, kb: 1 if v == True else None
]
)
)
modules.register(BuiltIn_0_5)
cipher_suite=None,
status=0,
)
)
continue
cipher_suites.reverse()
try:
tmp2 = self._scan_cipher_suites(protocol_version, cipher_suites, limit=1)
except Timeout:
continue
if tmp1[0] == tmp2[0]:
cipher_suite = flextls.registry.tls.cipher_suites.get(
tmp1[0]
)
else:
cipher_suite = False
kb.append(
"server.preferred_ciphers",
CipherResult(
protocol_version=protocol_version,
cipher_suite=cipher_suite,
status=1,
)
)
modules.register(ServerPreferredCiphers)
return
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
detected_protocols = None
for protocol_version in protocol_versions:
if protocol_version == flextls.registry.version.SSLv2:
continue
try:
detected_protocols = self._scan_alpn_tls(protocol_version)
except Timeout:
continue
if detected_protocols is not None:
break
if detected_protocols is None or len(detected_protocols) == 0:
kb.set("server.extension.alpn", False)
else:
tmp_proto = []
for protocol in detected_protocols:
tmp_proto.append(
flextls.registry.tls.alpn_protocols.get(protocol))
kb.set("server.extension.alpn", tmp_proto)
modules.register(ServerApplicationLayerProtocolNegotiation)
if self._server_info is None:
self._server_info = server_info
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
self._connect(conn)
conn.send(b"STLS\r\n")
buf = conn.recv(4096)
buf = buf.strip()
# +OK Begin TLS negotiation now'
# ToDo:
# print(buf)
if not buf.startswith(b"+OK Begin"):
raise StartTLSError()
return conn
def get_server_info(self, conn=None):
if self._server_info is None and conn is not None:
self._connect(conn)
return self._server_info
modules.register(POP3)
kb_vulnerable = False
elif result_heartbeat is True:
kb_supported = True
kb_vulnerable = False
else:
kb_supported = True
kb_vulnerable = True
#print(hb.payload.payload)
kb.set(
"vulnerability.custom.heartbleed.extension_present",
ResultValue(label="Heartbeat Extension present",
value=kb_supported))
kb.set("vulnerability.custom.heartbleed.vulnerable",
ResultValue(label="Vulnerable", value=kb_vulnerable))
if kb_vulnerable is True:
payload = result_heartbeat.payload
# Remove 3-byte Heartbeat header from payload data
if len(payload) < 3:
payload = b""
else:
payload = payload[3:]
kb.set("vulnerability.custom.heartbleed.payload.length",
ResultValue(label="Payload-Length", value=len(payload)))
modules.register(VulnerabilityHeartbleed)
RatingRule("server.certificate.x509.signature_algorithm",
rules=[
lambda v, i, kb: 6 if v.startswith("md2") else None,
lambda v, i, kb: 6 if v.startswith("md5") else None,
]))
self.add_rule(
RatingRule(
"server.certificate.x509.not_after",
rules=[lambda v, i, kb: 6 if v < datetime.now() else None],
))
self.add_rule(
RatingRule(
"server.certificate.x509.not_before",
rules=[lambda v, i, kb: 6 if v > datetime.now() else None],
))
self.add_rule(
RatingRule("server.renegotiation.secure",
rules=[
lambda v, i, kb: 6
if v == False else None, lambda v, i, kb: 1
if v == True else None
]))
modules.register(SSLLabs2009c)
modules.register(SSLLabs2009d)
modules.register(SSLLabs2009e)
}
)
]
def __init__(self, **kwargs):
self.port = 3389
TCP.__init__(self, **kwargs)
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
conn.send(b"\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x03\x00\x00\x00")
buf = conn.recv(4)
if not buf or len(buf) != 4 or buf[:2] != b"\x03\x00":
raise StartTLSError()
import struct
packet_len = struct.unpack(">H", buf[2:])[0] - 4
data = conn.recv(packet_len)
if not data or len(data) != packet_len :
raise StartTLSError()
return conn
modules.register(RDP)
class ProtocolSMTP(BaseInfoScan):
"""
Extract additional information.
Perform a SMTP request and extract additional information.
"""
name = "protocol.smtp"
def run(self):
if self._scanner.handler.name != "smtp":
return
kb = self._scanner.get_knowledge_base()
server_info = self._get_server_info()
if server_info is None:
return
kb.set("server.custom.protocol.smtp",
ResultGroup(label="SMTP Information"))
banner = server_info.get("banner")
if banner is not None:
kb.set("server.custom.protocol.smtp.banner",
ResultValue(label="Server banner", value=banner))
modules.register(ProtocolSMTP)
" Expansion: {0}".format(
expansion,
helper.rating2color(self.color, rating_expansion),
self.color.RESET
)
)
print("")
def run(self):
kb = self._scanner.get_knowledge_base()
self._rating = self._scanner.load_rating(self.config.get_value("rating"))
self._print_client_ciphers(kb)
self._print_server_ciphers(kb)
self._print_server_preferred_ciphers(kb)
self._print_server_certificate_chain(kb)
self._print_server_session(kb)
self._print_host_renegotiation(kb)
self._print_custom(kb, "server.custom")
self._print_custom(kb, "vulnerability.custom")
modules.register(Terminal)
Rating used in the sslscan tool by rbsec.
More infos: https://github.com/rbsec/sslscan
"""
name = "rbsec"
def __init__(self, **kwargs):
BaseRating.__init__(self, **kwargs)
self._rules.update({
"cipher.bits": [
lambda bits: 1 if bits > 56 else None, lambda bits: 3
if bits > 40 else None, lambda bits: 5
],
"cipher.method":
[lambda method: 6 if method == SSL.SSLv2_METHOD else None],
"cipher.name": [
lambda name: 5 if "EXP" in name else None, lambda name: 3
if "RC" in name else None, lambda name: 5
if "ADH" in name else None
],
"server.renegotiation.secure": [
lambda status: 6 if status == False else None, lambda status: 1
if status == True else None
]
})
modules.register(RBSec)
def run(self):
kb = self._scanner.get_knowledge_base()
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
scsv_status = None
kb.set("server.security.scsv", None)
for protocol_version in protocol_versions:
if protocol_version != flextls.registry.version.SSLv2:
cipher_suites = flextls.registry.tls.cipher_suites.get_ids()
scsv_cur_status = None
try:
scsv_cur_status = self._connect_with_scsv(protocol_version, cipher_suites)
except Timeout:
continue
if scsv_cur_status is None:
continue
if scsv_cur_status is True:
kb.set("server.security.scsv", True)
break
if scsv_status is False and scsv_cur_status is False:
kb.set("server.security.scsv", False)
break
scsv_status = scsv_cur_status
modules.register(ServerSCSV)
)
)
hsts = False
for name, value in server_info.get("headers"):
if name.lower() == "strict-transport-security":
hsts = value
elif name.lower() == "server":
kb.set(
"server.custom.protocol.http.header.server",
ResultValue(
label="Server",
value=value
)
)
if hsts is not False:
hsts = True
kb.set(
"server.custom.protocol.http.hsts",
ResultValue(
label="Strict-Transport-Security",
value=hsts
)
)
modules.register(ProtocolHTTP)
self.time_last_connect = None
BaseHandler.__init__(self, **kwargs)
def connect(self):
time_delay = self.config.get_value("delay")
if self.time_last_connect is not None:
while True:
tmp = datetime.now() - self.time_last_connect
time_delta = tmp.total_seconds()
time_sleep = time_delay - time_delta
logger.debug(
"Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format(
time_delta,
time_sleep
)
)
if time_delta > time_delay:
break
sleep(time_sleep)
self.time_last_connect = datetime.now()
conn = socket()
conn.connect((self.host, self.port))
return conn
modules.register(TCP)
kb.set(
"server.custom.protocol.http.status.message",
ResultValue(label="Status-Message",
value=req_res.get("message")))
kb.set("server.custom.protocol.http.version",
ResultValue(label="Version", value=req_res.get("version")))
hsts = None
for name, value in req_res.get("headers"):
if name.lower() == "strict-transport-security":
hsts = value
elif name.lower() == "server":
kb.set("server.custom.protocol.http.header.server",
ResultValue(label="Server", value=value))
res_hsts = ResultValue(label="Strict-Transport-Security")
if hsts is not None:
res_hsts.value = True
else:
res_hsts.value = False
kb.set("server.custom.protocol.http.hsts", res_hsts)
return
modules.register(ProtocolHTTP)
config_options = TCP.config_options + [("starttls", {
"default": False,
"help": "",
"type": "bool"
})]
def __init__(self, **kwargs):
self.port = 389
TCP.__init__(self, **kwargs)
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
conn.send(b"0\x1d\x02\x01\x01w\x18\x80\x161.3.6.1.4.1.1466.20037")
buf = conn.recv(4096)
# ToDo: Improve parsing
# b"0\x84\x00\x00\x00(\x02\x01\x01x\x84\x00\x00\x00\x1f\n\x01\x00\x04\x00\x04\x00\x8a\x161.3.6.1.4.1.1466.20037"
if not buf.endswith(b"1.3.6.1.4.1.1466.20037"):
raise StartTLSError()
return conn
modules.register(LDAP)
def connect(self):
time_delay = self.config.get_value("delay")
if self.time_last_connect is not None:
while True:
tmp = datetime.now() - self.time_last_connect
time_delta = tmp.total_seconds()
time_sleep = time_delay - time_delta
logger.debug(
"Time delta: {0:.2f}s -> Time to sleep: {1:.2f}s".format(
time_delta,
time_sleep
)
)
if time_delta > time_delay:
break
sleep(time_sleep)
self.time_last_connect = datetime.now()
sock = socket(AF_INET, SOCK_DGRAM)
sock.connect((self.host, self.port))
return Connection(
handler=self,
sock=sock
)
modules.register(UDP)
def run(self):
if self._scanner.handler.name != "smtp":
return
kb = self._scanner.get_knowledge_base()
server_info = self._get_server_info()
if server_info is None:
return
kb.set(
"server.custom.protocol.smtp",
ResultGroup(
label="SMTP Information"
)
)
banner = server_info.get("banner")
if banner is not None:
kb.set(
"server.custom.protocol.smtp.banner",
ResultValue(
label="Server banner",
value=banner
)
)
modules.register(ProtocolSMTP)
# ToDo: improve parsing
server_info["banner"] = buf
if self._server_info is None:
self._server_info = server_info
def connect(self):
# ToDo: raise exception
conn = TCP.connect(self)
if not self.config.get_value("starttls"):
return conn
self._connect(conn)
conn.send(b". STARTTLS\r\n")
buf = conn.recv(4096)
buf = buf.strip()
if not buf.startswith(b". OK"):
return None
return conn
def get_server_info(self, conn=None):
if self._server_info is None and conn is not None:
self._connect(conn)
return self._server_info
modules.register(IMAP)
class ProtocolPOP3(BaseInfoScan):
"""
Extract additional information.
Perform a POP3 request and extract additional information.
"""
name = "protocol.pop3"
def run(self):
if self._scanner.handler.name != "pop3":
return
kb = self._scanner.get_knowledge_base()
server_info = self._get_server_info()
if server_info is None:
return
kb.set("server.custom.protocol.pop3",
ResultGroup(label="POP3 Information"))
hostname = server_info.get("hostname")
if hostname is not None:
kb.set("server.custom.protocol.pop3.hostname",
ResultValue(label="Provided hostname", value=hostname))
modules.register(ProtocolPOP3)
if kb.get("server.extension.next_protocol_negotiation") is not None:
return
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
detected_protocols = None
for protocol_version in protocol_versions:
if protocol_version == flextls.registry.version.SSLv2:
continue
try:
detected_protocols = self._scan_next_protocol_tls(protocol_version)
except Timeout:
continue
if detected_protocols is not None:
break
if detected_protocols is None or len(detected_protocols) == 0:
kb.set("server.extension.next_protocol_negotiation", False)
else:
tmp_proto = []
for protocol in detected_protocols:
tmp_proto.append(flextls.registry.tls.alpn_protocols.get(protocol))
kb.set("server.extension.next_protocol_negotiation", tmp_proto)
modules.register(ServerNextProtocolNegotiation)
name = "server.compression"
def run(self):
kb = self._scanner.get_knowledge_base()
if kb.get("server.session.compression") is not None:
return
protocol_versions = self._scanner.get_enabled_versions()
protocol_versions.reverse()
for protocol_version in protocol_versions:
if protocol_version == flextls.registry.version.SSLv2:
continue
else:
cipher_suites = flextls.registry.tls.cipher_suites[:]
try:
self._scan_cipher_suites(
protocol_version,
cipher_suites,
limit=1
)
except Timeout:
continue
if kb.get("server.session.compression") is not None:
return
modules.register(ServerCompression)
def run(self):
kb = self._scanner.get_knowledge_base()
for protocol_version in self._scanner.get_enabled_versions():
if protocol_version == flextls.registry.version.SSLv2:
continue
cipher_suites = []
for cipher_suite in flextls.registry.tls.cipher_suites[:]:
if cipher_suite.key_exchange.startswith("ECD"):
cipher_suites.append(cipher_suite)
elliptic_curves = flextls.registry.ec.named_curves[:]
try:
detected_elliptic_curves = self._scan_elliptic_curves(
protocol_version,
cipher_suites,
elliptic_curves=elliptic_curves)
except Timeout:
continue
for ec_id in detected_elliptic_curves:
elliptic_curve = flextls.registry.ec.named_curves.get(ec_id)
kb.append(
"server.ec.named_curves",
ECResult(protocol_version=protocol_version,
elliptic_curve=elliptic_curve))
modules.register(EllipticCurves)
