from sslyze.plugins.openssl_cipher_suites_plugin import ( Sslv20ScanCommand, Sslv30ScanCommand, Tlsv10ScanCommand, Tlsv11ScanCommand, Tlsv12ScanCommand, Tlsv13ScanCommand, ) COMMANDS = [ Sslv20ScanCommand(), Sslv30ScanCommand(), Tlsv10ScanCommand(), Tlsv11ScanCommand(), Tlsv12ScanCommand(), Tlsv13ScanCommand(), ] ACCEPTED_CIPHERS = [ "TLS_RSA_WITH_AES_256_CBC_SHA", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", ]
def scan_parallel(scanner, server_info, data, options): logging.debug("\tRunning scans in parallel.") def queue(command): try: return scanner.queue_scan_command(server_info, command) except OSError as err: text = ("OSError - likely too many processes and open files.") data['errors'].append(text) logging.warn("%s\n%s" % (text, utils.format_last_exception())) return None, None, None, None, None, None except Exception as err: text = ("Unknown exception queueing sslyze command.\n%s" % utils.format_last_exception()) data['errors'].append(text) logging.warn(text) return None, None, None, None, None, None # Initialize commands and result containers sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2, certs = None, None, None, None, None, None # Queue them all up queue(Sslv20ScanCommand()) queue(Sslv30ScanCommand()) queue(Tlsv10ScanCommand()) queue(Tlsv11ScanCommand()) queue(Tlsv12ScanCommand()) if options.get("sslyze-certs", True) is True: queue(CertificateInfoScanCommand()) # Reassign them back to predictable places after they're all done was_error = False for result in scanner.get_results(): try: if isinstance(result, PluginRaisedExceptionScanResult): error = ("Scan command failed: %s" % result.as_text()) logging.warn(error) data['errors'].append(error) return None, None, None, None, None, None if type(result.scan_command) == Sslv20ScanCommand: sslv2 = result elif type(result.scan_command) == Sslv30ScanCommand: sslv3 = result elif type(result.scan_command) == Tlsv10ScanCommand: tlsv1 = result elif type(result.scan_command) == Tlsv11ScanCommand: tlsv1_1 = result elif type(result.scan_command) == Tlsv12ScanCommand: tlsv1_2 = result elif type(result.scan_command) == CertificateInfoScanCommand: certs = result else: error = "Couldn't match scan result with command! %s" % result logging.warn("\t%s" % error) data['errors'].append(error) was_error = True except Exception as err: was_error = True text = ("Exception inside async scanner result processing.\n%s" % utils.format_last_exception()) data['errors'].append(text) logging.warn("\t%s" % text) # There was an error during async processing. if was_error: return None, None, None, None, None, None logging.debug("\tDone scanning.") return sslv2, sslv3, tlsv1, tlsv1_1, tlsv1_2, certs
def ssltlsscan(web): target = web.split('//')[1] #print(R+'\n ===============================') #print(R+' S S L E N U M E R A T I O N') #print(R+' ===============================\n') from core.methods.print import pscan pscan("ssl enumeration") print(GR + ' [*] Testing server SSL status...') try: req = requests.get('https://' + target) print(G + ' [+] SSL Working Properly...') time.sleep(0.6) print(O + " [!] Running SSL Enumeration...\n") try: server_tester = ServerConnectivityTester(hostname=target) server_info = server_tester.perform() scanner = SynchronousScanner() command = Tlsv10ScanCommand() scan_result = scanner.run_scan_command(server_info, command) print(G + " [+] Available TLS v1.0 Ciphers:") for cipher in scan_result.accepted_cipher_list: print(C + ' {}'.format(cipher.name)) print('') command = Tlsv11ScanCommand() scan_result = scanner.run_scan_command(server_info, command) print(G + " [+] Available TLS v1.1 Ciphers:") for cipher in scan_result.accepted_cipher_list: print(C + ' {}'.format(cipher.name)) print('') command = Tlsv12ScanCommand() scan_result = scanner.run_scan_command(server_info, command) print(G + " [+] Available TLS v1.2 Ciphers:") for cipher in scan_result.accepted_cipher_list: print(C + ' {}'.format(cipher.name)) print('') command = CertificateInfoScanCommand() scan_result = scanner.run_scan_command(server_info, command) print(G + ' [+] Certificate Information:') for entry in scan_result.as_text(): if entry != '': if 'certificate information' in entry.lower(): pass elif ':' in entry: print(GR + ' [+] ' + entry.strip().split(':', 1)[0].strip() + ' : ' + C + entry.strip().split(':', 1)[1].strip()) else: print(O + '\n [+] ' + entry.strip()) print('') command = HttpHeadersScanCommand() scan_result = scanner.run_scan_command(server_info, command) print(G + ' [+] HTTP Results:') for entry in scan_result.as_text(): if 'http security' not in entry.strip().lower( ) and entry != '': if '-' in entry: print(GR + ' [+] ' + entry.split('-', 1)[0].strip() + ' - ' + C + entry.split('-', 1)[1].strip()) elif ':' in entry: print(GR + ' [+] ' + entry.strip().split(':', 1)[0].strip() + ' : ' + C + entry.strip().split(':', 1)[1].strip()) else: print(O + '\n [+] ' + entry.strip()) print('') except Exception as e: print(R + ' [-] Unhandled SSL Runtime Exception : ' + str(e)) pass except requests.exceptions.SSLError as e: print(R + ' [-] Distant Server SSL not working : ' + str(e)) print(G + ' [+] SSlScan Module Completed!')
def test_ssl_basic(self, hostname, port=443): ''' Uses the `ServerConnectivityTester` functionality of SSlyze to perform a basic test. Port defaults to 443 unless provided otherwise hostname is mandatory | test ssl basic | hostname | port (optional | ''' try: tester = ServerConnectivityTester(hostname=hostname, port=port) server_info = tester.perform() scanner = ConcurrentScanner() # scanner.queue_scan_command(info, certificate_info_plugin.CertificateInfoScanCommand()) scanner.queue_scan_command(server_info, Sslv20ScanCommand()) scanner.queue_scan_command(server_info, Sslv30ScanCommand()) scanner.queue_scan_command(server_info, Tlsv10ScanCommand()) scanner.queue_scan_command(server_info, Tlsv10ScanCommand()) scanner.queue_scan_command(server_info, Tlsv11ScanCommand()) scanner.queue_scan_command(server_info, Tlsv12ScanCommand()) scanner.queue_scan_command(server_info, HeartbleedScanCommand()) scanner.queue_scan_command(server_info, RobotScanCommand()) # scanner.queue_scan_command(server_info, CertificateInfoScanCommand()) for scan_result in scanner.get_results(): # logger.info("Scan result for: {} on hostname: {}".format(scan_result.scan_command.__class__.__name__, scan_result.server_info.hostname)) if isinstance(scan_result, PluginRaisedExceptionScanResult): raise Exception("Scan Command Failed: {}".format( scan_result.as_text())) if isinstance(scan_result.scan_command, Sslv20ScanCommand): if scan_result.accepted_cipher_list: logger.warn("SSLv2 ciphersuites accepted") for suite in scan_result.accepted_cipher_list: logger.info("\t{}".format(suite.name)) else: logger.info("SSLv2 ciphersuites not accepted") if isinstance(scan_result.scan_command, Sslv30ScanCommand): if scan_result.accepted_cipher_list: logger.warn("SSLv3 Cipher Suites accepted") for suite in scan_result.accepted_cipher_list: logger.info("\t{}".format(suite.name)) else: logger.info("SSLv3 ciphersuites not accepted") if isinstance(scan_result.scan_command, Tlsv10ScanCommand): if scan_result.accepted_cipher_list: logger.warn("TLSv1 Cipher Suites accepted") for suite in scan_result.accepted_cipher_list: logger.info("\t{}".format(suite.name)) else: logger.info("TLSv1 ciphersuites not accepted") if isinstance(scan_result.scan_command, Tlsv11ScanCommand): if scan_result.accepted_cipher_list: logger.info("TLSv1.1 Cipher Suites accepted") for suite in scan_result.accepted_cipher_list: logger.info("\t{}".format(suite.name)) else: logger.info("TLSv1.1 ciphersuites not accepted") if isinstance(scan_result.scan_command, Tlsv12ScanCommand): if scan_result.accepted_cipher_list: logger.info("TLSv1.2 Cipher Suites accepted") for suite in scan_result.accepted_cipher_list: logger.info("\t{}".format(suite.name)) else: logger.info("TLSv1.2 ciphersuites not accepted") if isinstance(scan_result.scan_command, HeartbleedScanCommand): if scan_result.is_vulnerable_to_heartbleed: logger.warn( "Server TLS implementation is vulnerable to Heartbleed" ) else: logger.info( "Server TLS Implementation not vulnerable to Heartbleed" ) if isinstance(scan_result.scan_command, RobotScanCommand): logger.info("Test for ROBOT Vulnerability") if scan_result.robot_result_enum.NOT_VULNERABLE_NO_ORACLE: logger.info( "\tNot Vulnerable: The server supports RSA cipher suites but does not act as an oracle" ) elif scan_result.robot_result_enum.VULNERABLE_WEAK_ORACLE: logger.warn( "\tVulnerable: The server is vulnerable but the attack would take too long" ) elif scan_result.robot_result_enum.VULNERABLE_STRONG_ORACLE: logger.warn( "\tVulnerable: The server is vulnerable and real attacks are feasible" ) elif scan_result.robot_result_enum.NOT_VULNERABLE_RSA_NOT_SUPPORTED: logger.info( "\tNot Vulnerable: The server does not supports RSA cipher suites" ) else: logger.info( "\tUnable to determine if implementation is vulnerable" ) # if isinstance(scan_result.scan_command, CertificateInfoScanCommand): # logger.info(u'Server Certificate CN: {}'.format( # dict(scan_result.certificate_chain[0])[u'subject'][u'commonName'] # )) except ServerConnectivityError as e: logger.error('Error when trying to connect to {}: {}'.format( e.server_info.hostname, e.error_message))