def active_scanning(test_params, test_cases):
"""Perform active scanning based on provided test params."""
alive_before = service_ping(test_params)
if not alive_before and not test_params.ignore_ping_check:
print(
"[+] Server {}:{} is not responding before starting scan - skipping this host!"
"\n (use --ignore-ping-check if you want to continue anyway)".
format(test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port))
return
scanner = DTLSScanner(test_params)
scanner.scan(
(test_params.dst_endpoint.ip_addr, test_params.dst_endpoint.port))
print_verbose(test_params, scanner.capabilities)
print("\nHost: {}:{}".format(test_params.dst_endpoint.ip_addr,
test_params.dst_endpoint.port))
print("\n[*] Supported ciphers: %s/%s" % (len(
scanner.capabilities.info.server.ciphers), len(DTLS_CIPHER_SUITES)))
print(" * " + "\n * ".join(("%s (0x%0.4x)" % (
DTLS_CIPHER_SUITES.get(c, "SSLv2_%s" % SSLv2_CIPHER_SUITES.get(c, c)),
c,
) for c in scanner.capabilities.info.server.ciphers)))
print("\n[*] Supported protocol versions: %s/%s" %
(len(scanner.capabilities.info.server.versions), len(DTLS_VERSIONS)))
print(" * " +
"\n * ".join(("%s (0x%0.4x)" % (DTLS_VERSIONS.get(c, c), c)
for c in scanner.capabilities.info.server.versions)))
print("\n[*] Supported compressions methods: %s/%s" % (
len(scanner.capabilities.info.server.compressions),
len(DTLS_COMPRESSION_METHODS),
))
print(" * " + "\n * ".join(
("%s (0x%0.4x)" % (DTLS_COMPRESSION_METHODS.get(c, c), c)
for c in scanner.capabilities.info.server.compressions)))
events = scanner.capabilities.get_events()
print(
"\n[*] Server certificates: %s \n * (to see details use verbose mode)"
% (len(scanner.capabilities.info.server.certificates)))
print("\n[*] Events: %s" % len(events))
print("* EVENT - " + "\n* EVENT - ".join(e[0] for e in events))
def get_events(self):
"""Return list of all reported events."""
events = []
for dtlsinfo in (self.info.client, self.info.server):
# test CRIME - compressions offered?
tmp = dtlsinfo.compressions.copy()
if 0 in tmp:
tmp.remove(0)
if tmp:
self.report_issue(
"CRIME - %s supports compression" % dtlsinfo.__name__,
dtlsinfo.compressions,
)
# test RC4
cipher_namelist = [
DTLS_CIPHER_SUITES.get(
c, "SSLv2_%s" % SSLv2_CIPHER_SUITES.get(c, c))
for c in dtlsinfo.ciphers
]
tmp = [
c for c in cipher_namelist if isinstance(c, str)
and "SSLV2" in c.upper() and "EXP" in c.upper()
]
if tmp:
self.report_issue("DROWN - SSLv2 with EXPORT ciphers enabled",
tmp)
tmp = [
c for c in cipher_namelist
if isinstance(c, str) and "EXP" in c.upper()
]
if tmp:
self.report_issue("CIPHERS - Export ciphers enabled", tmp)
self.check_cipher(cipher_namelist, "RC4")
self.check_cipher(cipher_namelist, "MD2")
self.check_cipher(cipher_namelist, "MD4")
self.check_cipher(cipher_namelist, "MD5")
tmp = [
c for c in cipher_namelist
if isinstance(c, str) and "RSA_EXP" in c.upper()
]
if tmp:
# only check DHE EXPORT for now. we might want to add DH1024 here.
self.report_issue(
"FREAK - server supports RSA_EXPORT cipher suites", tmp)
tmp = [
c for c in cipher_namelist if isinstance(c, str)
and "DHE_" in c.upper() and "EXPORT_" in c.upper()
]
if tmp:
# only check DHE EXPORT for now. we might want to add DH1024 here.
self.report_issue(
"LOGJAM - server supports weak DH-Group (512) (DHE_*_EXPORT) cipher suites",
tmp,
)
self.check_sloth(dtlsinfo)
self.check_public_key(dtlsinfo)
if TLSHeartbeatMode.PEER_ALLOWED_TO_SEND == dtlsinfo.heartbeat:
self.report_issue(
"HEARTBEAT - enabled (non conclusive heartbleed) ",
dtlsinfo.versions,
)
if self.info.server.fallback_scsv:
self.report_issue(
"DOWNGRADE / POODLE - FALLBACK_SCSV honored "
"(alert.inappropriate_fallback seen)",
self.info.server.fallback_scsv,
)
events.extend(self.events)
return events