def init_domain(domain, environment, options):
hosts_to_scan = []
cached_data = []
cache_dir = options.get('_', {}).get('cache_dir', './cache')
# If we have pshtt data, skip domains which pshtt saw as not
# supporting HTTPS at all.
if utils.domain_doesnt_support_https(domain, cache_dir=cache_dir):
logging.warning('\tHTTPS not supported for {}'.format(domain))
else:
# If we have pshtt data and it says canonical endpoint uses
# www and the given domain is bare, add www.
if utils.domain_uses_www(domain, cache_dir=cache_dir):
hostname = 'www.%s' % domain
else:
hostname = domain
hosts_to_scan.append({
'hostname': hostname,
'port': 443,
'starttls_smtp': False
})
# If we have trustymail data, see if there are any mail servers
# that support STARTTLS that we should scan
mail_servers_to_test = utils.domain_mail_servers_that_support_starttls(domain, cache_dir=cache_dir)
for mail_server in mail_servers_to_test:
# Check if we already have results for this mail server,
# possibly from a different domain.
#
# I have found that SMTP servers (as compared to HTTP/HTTPS
# servers) are MUCH more sensitive to having multiple
# connections made to them. In testing the various cyphers we
# make a lot of connections, and multiple government domains
# often use the same SMTP servers, so it makes sense to check
# if we have already hit this mail server when testing a
# different domain.
cached_value = None
if FAST_CACHE_KEY in environment:
cached_value = environment[FAST_CACHE_KEY].get(mail_server, None)
if cached_value is None:
logging.debug('Adding {} to list to be scanned'.format(mail_server))
hostname_and_port = mail_server.split(':')
hosts_to_scan.append({
'hostname': hostname_and_port[0],
'port': int(hostname_and_port[1]),
'starttls_smtp': True
})
else:
logging.debug('Using cached data for {}'.format(mail_server))
cached_data.append(cached_value)
if not hosts_to_scan:
logging.warning('\tNo hosts to scan for {}'.format(domain))
return {
'hosts_to_scan': hosts_to_scan,
'cached_data': cached_data
}
def init_domain(domain, environment, options):
hosts_to_scan = []
cached_data = []
cache_dir = options.get('_', {}).get('cache_dir', './cache')
# If we have pshtt data, skip domains which pshtt saw as not
# supporting HTTPS at all.
if utils.domain_doesnt_support_https(domain, cache_dir=cache_dir):
logging.warning('\tHTTPS not supported for {}'.format(domain))
else:
# If we have pshtt data and it says canonical endpoint uses
# www and the given domain is bare, add www.
if utils.domain_uses_www(domain, cache_dir=cache_dir):
hostname = 'www.%s' % domain
else:
hostname = domain
hosts_to_scan.append({
'hostname': hostname,
'port': 443,
'starttls_smtp': False
})
# If we have trustymail data, see if there are any mail servers
# that support STARTTLS that we should scan
mail_servers_to_test = utils.domain_mail_servers_that_support_starttls(domain, cache_dir=cache_dir)
for mail_server in mail_servers_to_test:
# Check if we already have results for this mail server,
# possibly from a different domain.
#
# I have found that SMTP servers (as compared to HTTP/HTTPS
# servers) are MUCH more sensitive to having multiple
# connections made to them. In testing the various cyphers we
# make a lot of connections, and multiple government domains
# often use the same SMTP servers, so it makes sense to check
# if we have already hit this mail server when testing a
# different domain.
cached_value = None
if FAST_CACHE_KEY in environment:
cached_value = environment[FAST_CACHE_KEY].get(mail_server, None)
if cached_value is None:
logging.debug('Adding {} to list to be scanned'.format(mail_server))
hostname_and_port = mail_server.split(':')
hosts_to_scan.append({
'hostname': hostname_and_port[0],
'port': int(hostname_and_port[1]),
'starttls_smtp': True
})
else:
logging.debug('Using cached data for {}'.format(mail_server))
cached_data.append(cached_value)
if not hosts_to_scan:
logging.warning('\tNo hosts to scan for {}'.format(domain))
return {
'hosts_to_scan': hosts_to_scan,
'cached_data': cached_data
}
def init_domain(domain, environment, options):
hosts_to_scan = []
cache_dir = options.get("_", {}).get("cache_dir", "./cache")
# If we have pshtt data, skip domains which pshtt saw as not
# supporting HTTPS at all.
if utils.domain_doesnt_support_https(domain, cache_dir=cache_dir):
logging.warn('\tHTTPS not supported for {}'.format(domain))
else:
# If we have pshtt data and it says canonical endpoint uses
# www and the given domain is bare, add www.
if utils.domain_uses_www(domain, cache_dir=cache_dir):
hostname = "www.%s" % domain
else:
hostname = domain
hosts_to_scan.append({
'hostname': hostname,
'port': 443,
'starttls_smtp': False
})
# If we have trustymail data, see if there are any mail servers
# that support STARTTLS that we should scan
mail_servers_to_test = utils.domain_mail_servers_that_support_starttls(
domain, cache_dir=cache_dir)
for mail_server in mail_servers_to_test:
hostname_and_port = mail_server.split(':')
hosts_to_scan.append({
'hostname': hostname_and_port[0],
'port': hostname_and_port[1],
'starttls_smtp': True
})
if not hosts_to_scan:
logging.warn('\tNo hosts to scan for {}'.format(domain))
return {'hosts_to_scan': hosts_to_scan}