def testWeakCipher(host,port,protocolList): # Create a list to put all analysed data protoDataList = [] # Test the size of the cipher for each protocol avaiable and get the Cipher Suite for proto in protocolList: try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection client_ssl = Connection(Context(methods[proto]), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Obtain the name of the protocol being used protoName = (client_ssl.get_protocol_version_name()) # Obtain the size of the cipher being used by the protocol bitSize = (client_ssl.get_cipher_bits()) # Obtain the Cipher Suite suite = client_ssl.get_cipher_name() # Create a compiled data data = (protoName,bitSize,suite) # Put the data obtained on the list protoDataList.append(data) # Close the connection client_ssl.close() client.close() except openSSLError as e: # Server may be down or avoiding SSL connection print _('Servidor nao esta respondendo') return except ValueError as e: # Not configured or not allowed print _('Servidor nao esta configurado') return # Print the results print bcolors.BOLD + _("Protocolo\tTamanho da Cifra\tCifra") + bcolors.ENDC for protoData in protoDataList: print protoData[0] + '\t\t' + str(protoData[1]) + ' bits' + ( '(OK)' if (protoData[1] >=128) else _('(FRACA)')) + '\the\t' + str(protoData[2])
def identifyProtocol(host,port): # Create a list to put all analysed data protoDataList = [] try: # Construct the socket client = socket.socket(socket.AF_INET, socket.SOCK_STREAM) client.connect((host, port)) # Estabilish a SSL connection using the server's preferred connection client_ssl = Connection(Context(SSLv23_METHOD), client) client_ssl.set_connect_state() client_ssl.set_tlsext_host_name(host) # Try to perform an SSL handshake client_ssl.do_handshake() # Obtain the name of the protocol being used protoName = (client_ssl.get_protocol_version_name()) # Obtain the size of the cipher being used by the protocol bitSize = (client_ssl.get_cipher_bits()) # Obtain the Cipher Suite suite = client_ssl.get_cipher_name() # Create a compiled data data = (protoName,bitSize,suite) # Put the data obtained on the list protoDataList.append(data) # Close the connection client_ssl.close() client.close() # Shpw the data print _('Preferido: ') + str(protoName) + _('\nCifra: ') + str(suite) + _('\nTamanho em bits: ') + str(bitSize) # Return the protocol method used by pyOpenSSL return methodName[protoName] except openSSLError as e: # Server may be down or avoiding SSL connection print _('\nNao foi possivel identificar o protocolo padrao\n') return 0 except ValueError as e: # Not configured or not allowed print _('\nNao foi possivel identificar o protocolo padrao\n') return 0
print " \n\n Unable to complet the SSL Handshake %s" % msg exit(1) pass #--- Get the remote host name rhost = soc.getpeername() log(("\nRemote Host name :" + host), sink) log(("\nRemote Host IPv4 :" + rhost[0]), sink) log(("\nRemote Host Port :" + str(rhost[1])), sink) #--- Get and Analyse Server Certificate cert = soc_ssl.get_peer_certificate() cipher = soc_ssl.get_cipher_name() log(("\nCipher Suite used : " + cipher), sink) #--- Get Subject Info subject_comps = cert.get_subject().get_components() subject_name = cert.get_subject().commonName if (not subject_name): subject_name = get_x509_val(subject_comps, "O") log("\nSubject Name = " + subject_name, sink) subject_email = cert.get_subject().emailAddress
exit(1) pass #--- Get the remote host name rhost = soc.getpeername() log(("\nRemote Host name :" + host), sink) log(("\nRemote Host IPv4 :" + rhost[0]), sink) log(("\nRemote Host Port :" + str(rhost[1])), sink) #--- Get and Analyse Server Certificate cert = soc_ssl.get_peer_certificate() cipher = soc_ssl.get_cipher_name() log(("\nCipher Suite used : " + cipher), sink) #--- Get Subject Info subject_comps = cert.get_subject().get_components() subject_name = cert.get_subject().commonName if (not subject_name): subject_name = get_x509_val(subject_comps, "O") log("\nSubject Name = " + subject_name, sink) subject_email = cert.get_subject().emailAddress