示例#1
0
def active_scanning(test_params, test_cases):
    """Perform active scanning based on provided test params."""
    alive_before = service_ping(test_params)
    if not alive_before and not test_params.ignore_ping_check:
        print(
            "[+] Server {}:{} is not responding before starting scan - skipping this host!"
            "\n    (use --ignore-ping-check if you want to continue anyway)".
            format(test_params.dst_endpoint.ip_addr,
                   test_params.dst_endpoint.port))
        return
    scanner = DTLSScanner(test_params)
    scanner.scan(
        (test_params.dst_endpoint.ip_addr, test_params.dst_endpoint.port))
    print_verbose(test_params, scanner.capabilities)
    print("\nHost: {}:{}".format(test_params.dst_endpoint.ip_addr,
                                 test_params.dst_endpoint.port))
    print("\n[*] Supported ciphers: %s/%s" % (len(
        scanner.capabilities.info.server.ciphers), len(DTLS_CIPHER_SUITES)))
    print(" * " + "\n * ".join(("%s (0x%0.4x)" % (
        DTLS_CIPHER_SUITES.get(c, "SSLv2_%s" % SSLv2_CIPHER_SUITES.get(c, c)),
        c,
    ) for c in scanner.capabilities.info.server.ciphers)))
    print("\n[*] Supported protocol versions: %s/%s" %
          (len(scanner.capabilities.info.server.versions), len(DTLS_VERSIONS)))
    print(" * " +
          "\n * ".join(("%s (0x%0.4x)" % (DTLS_VERSIONS.get(c, c), c)
                        for c in scanner.capabilities.info.server.versions)))
    print("\n[*] Supported compressions methods: %s/%s" % (
        len(scanner.capabilities.info.server.compressions),
        len(DTLS_COMPRESSION_METHODS),
    ))
    print(" * " + "\n * ".join(
        ("%s (0x%0.4x)" % (DTLS_COMPRESSION_METHODS.get(c, c), c)
         for c in scanner.capabilities.info.server.compressions)))
    events = scanner.capabilities.get_events()
    print(
        "\n[*] Server certificates: %s \n * (to see details use verbose mode)"
        % (len(scanner.capabilities.info.server.certificates)))
    print("\n[*] Events: %s" % len(events))
    print("* EVENT - " + "\n* EVENT - ".join(e[0] for e in events))
示例#2
0
    def get_events(self):
        """Return list of all reported events."""
        events = []
        for dtlsinfo in (self.info.client, self.info.server):
            # test CRIME - compressions offered?
            tmp = dtlsinfo.compressions.copy()
            if 0 in tmp:
                tmp.remove(0)
            if tmp:
                self.report_issue(
                    "CRIME - %s supports compression" % dtlsinfo.__name__,
                    dtlsinfo.compressions,
                )
            # test RC4
            cipher_namelist = [
                DTLS_CIPHER_SUITES.get(
                    c, "SSLv2_%s" % SSLv2_CIPHER_SUITES.get(c, c))
                for c in dtlsinfo.ciphers
            ]

            tmp = [
                c for c in cipher_namelist if isinstance(c, str)
                and "SSLV2" in c.upper() and "EXP" in c.upper()
            ]
            if tmp:
                self.report_issue("DROWN - SSLv2 with EXPORT ciphers enabled",
                                  tmp)
            tmp = [
                c for c in cipher_namelist
                if isinstance(c, str) and "EXP" in c.upper()
            ]
            if tmp:
                self.report_issue("CIPHERS - Export ciphers enabled", tmp)
            self.check_cipher(cipher_namelist, "RC4")
            self.check_cipher(cipher_namelist, "MD2")
            self.check_cipher(cipher_namelist, "MD4")
            self.check_cipher(cipher_namelist, "MD5")
            tmp = [
                c for c in cipher_namelist
                if isinstance(c, str) and "RSA_EXP" in c.upper()
            ]
            if tmp:
                # only check DHE EXPORT for now. we might want to add DH1024 here.
                self.report_issue(
                    "FREAK - server supports RSA_EXPORT cipher suites", tmp)
            tmp = [
                c for c in cipher_namelist if isinstance(c, str)
                and "DHE_" in c.upper() and "EXPORT_" in c.upper()
            ]
            if tmp:
                # only check DHE EXPORT for now. we might want to add DH1024 here.
                self.report_issue(
                    "LOGJAM - server supports weak DH-Group (512) (DHE_*_EXPORT) cipher suites",
                    tmp,
                )
            self.check_sloth(dtlsinfo)
            self.check_public_key(dtlsinfo)
            if TLSHeartbeatMode.PEER_ALLOWED_TO_SEND == dtlsinfo.heartbeat:
                self.report_issue(
                    "HEARTBEAT - enabled (non conclusive heartbleed) ",
                    dtlsinfo.versions,
                )

        if self.info.server.fallback_scsv:
            self.report_issue(
                "DOWNGRADE / POODLE - FALLBACK_SCSV honored "
                "(alert.inappropriate_fallback seen)",
                self.info.server.fallback_scsv,
            )
        events.extend(self.events)
        return events