def testWeakCipher(host,port,protocolList):
# Create a list to put all analysed data
protoDataList = []
# Test the size of the cipher for each protocol avaiable and get the Cipher Suite
for proto in protocolList:
try:
# Construct the socket
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
# Estabilish a SSL connection
client_ssl = Connection(Context(methods[proto]), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(host)
# Try to perform an SSL handshake
client_ssl.do_handshake()
# Obtain the name of the protocol being used
protoName = (client_ssl.get_protocol_version_name())
# Obtain the size of the cipher being used by the protocol
bitSize = (client_ssl.get_cipher_bits())
# Obtain the Cipher Suite
suite = client_ssl.get_cipher_name()
# Create a compiled data
data = (protoName,bitSize,suite)
# Put the data obtained on the list
protoDataList.append(data)
# Close the connection
client_ssl.close()
client.close()
except openSSLError as e: # Server may be down or avoiding SSL connection
print _('Servidor nao esta respondendo')
return
except ValueError as e: # Not configured or not allowed
print _('Servidor nao esta configurado')
return
# Print the results
print bcolors.BOLD + _("Protocolo\tTamanho da Cifra\tCifra") + bcolors.ENDC
for protoData in protoDataList:
print protoData[0] + '\t\t' + str(protoData[1]) + ' bits' + ( '(OK)' if (protoData[1] >=128) else _('(FRACA)')) + '\the\t' + str(protoData[2])
def identifyProtocol(host,port):
# Create a list to put all analysed data
protoDataList = []
try:
# Construct the socket
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
client.connect((host, port))
# Estabilish a SSL connection using the server's preferred connection
client_ssl = Connection(Context(SSLv23_METHOD), client)
client_ssl.set_connect_state()
client_ssl.set_tlsext_host_name(host)
# Try to perform an SSL handshake
client_ssl.do_handshake()
# Obtain the name of the protocol being used
protoName = (client_ssl.get_protocol_version_name())
# Obtain the size of the cipher being used by the protocol
bitSize = (client_ssl.get_cipher_bits())
# Obtain the Cipher Suite
suite = client_ssl.get_cipher_name()
# Create a compiled data
data = (protoName,bitSize,suite)
# Put the data obtained on the list
protoDataList.append(data)
# Close the connection
client_ssl.close()
client.close()
# Shpw the data
print _('Preferido: ') + str(protoName) + _('\nCifra: ') + str(suite) + _('\nTamanho em bits: ') + str(bitSize)
# Return the protocol method used by pyOpenSSL
return methodName[protoName]
except openSSLError as e: # Server may be down or avoiding SSL connection
print _('\nNao foi possivel identificar o protocolo padrao\n')
return 0
except ValueError as e: # Not configured or not allowed
print _('\nNao foi possivel identificar o protocolo padrao\n')
return 0
print " \n\n Unable to complet the SSL Handshake %s" % msg
exit(1)
pass
#--- Get the remote host name
rhost = soc.getpeername()
log(("\nRemote Host name :" + host), sink)
log(("\nRemote Host IPv4 :" + rhost[0]), sink)
log(("\nRemote Host Port :" + str(rhost[1])), sink)
#--- Get and Analyse Server Certificate
cert = soc_ssl.get_peer_certificate()
cipher = soc_ssl.get_cipher_name()
log(("\nCipher Suite used : " + cipher), sink)
#--- Get Subject Info
subject_comps = cert.get_subject().get_components()
subject_name = cert.get_subject().commonName
if (not subject_name):
subject_name = get_x509_val(subject_comps, "O")
log("\nSubject Name = " + subject_name, sink)
subject_email = cert.get_subject().emailAddress
exit(1)
pass
#--- Get the remote host name
rhost = soc.getpeername()
log(("\nRemote Host name :" + host), sink)
log(("\nRemote Host IPv4 :" + rhost[0]), sink)
log(("\nRemote Host Port :" + str(rhost[1])), sink)
#--- Get and Analyse Server Certificate
cert = soc_ssl.get_peer_certificate()
cipher = soc_ssl.get_cipher_name()
log(("\nCipher Suite used : " + cipher), sink)
#--- Get Subject Info
subject_comps = cert.get_subject().get_components()
subject_name = cert.get_subject().commonName
if (not subject_name):
subject_name = get_x509_val(subject_comps, "O")
log("\nSubject Name = " + subject_name, sink)
subject_email = cert.get_subject().emailAddress
