cipherscan/top1m/testtop1m.sh

#!/usr/bin/env bash
parallel=50
max_bg=50
[ ! -e "results" ] && mkdir results

function wait_for_jobs() {
    local no_jobs
    no_jobs=$(jobs | wc -l)

    while [ $no_jobs -gt $1 ]; do
        sleep 1
        no_jobs=$(jobs | wc -l)
    done
}

function scan_host() {
    tcping -u 10000000 $2 443;
    if [ $? -gt 0 ]; then
        return
    fi
    ../cipherscan -json -servername $1 $2:443 > results/$1@$2
}

function scan_hostname() {
    local host_ips=$(host $1 | awk '/has address/ {print $4}')
    local www_ips=$(host www.$1 | awk '/has address/ {print $4}')
    if [ ! -z "$host_ips" ] && [ ! -z "$www_ips" ]; then
        # list of IPs that are in www but not in host
        local diff=$(grep -Fv "$host_ips" <<< "$www_ips")
        while read ip; do
            scan_host $1 $ip
        done <<< "$host_ips"
        if [ ! -z "$diff" ]; then
            while read ip; do
                scan_host www.$1 $ip
            done <<< "$diff"
        fi
    else
        if [ ! -z "$host_ips" ]; then
            while read ip; do
                scan_host $1 $ip
            done <<< "$host_ips"
        fi
        if [ ! -z "$www_ips" ]; then
            while read ip; do
                scan_host www.$1 $ip
            done <<< "$www_ips"
        fi
    fi
}

i=0
count=$(wc -l top-1m.csv | awk '{print $1}')
while [ $i -lt $count ]
do
    echo processings sites $i to $((i + parallel))
    for t in $(tail -$(($count - $i)) top-1m.csv | head -$parallel |cut -d ',' -f 2)
    do
        (scan_hostname $t)&
    done
    i=$(( i + parallel))
    wait_for_jobs $max_bg
done
wait
Script to scan Alexa's top 1m websites 2014-01-09 17:52:17 +01:00			`#!/usr/bin/env bash`
tweaks 2014-01-09 21:16:40 +01:00			`parallel=50`
testtop1m.sh: correct counting of background jobs `jobs` command returns multiple lines for a jobs with `if` so counting number of background jobs was off 2014-04-26 22:43:44 +02:00			`max_bg=50`
Script to scan Alexa's top 1m websites 2014-01-09 17:52:17 +01:00			`[ ! -e "results" ] && mkdir results`
Improve scanning performance and reduce false negatives scan all the machines from top-1m.csv file, wait for completion of all jobs i=1 is an off-by-one-error support top-1m.csv files with arbitrary number of sites run scans for many hosts at a time, but don't run more than specified amount in case where default domain name doesn't resolve or doesn't have port 443 open, retry with www. prefix 2014-04-04 20:12:50 +02:00
			`function wait_for_jobs() {`
			`local no_jobs`
			`no_jobs=$(jobs \| wc -l)`

			`while [ $no_jobs -gt $1 ]; do`
			`sleep 1`
			`no_jobs=$(jobs \| wc -l)`
			`done`
			`}`

testtop1m.sh: correct counting of background jobs `jobs` command returns multiple lines for a jobs with `if` so counting number of background jobs was off 2014-04-26 22:43:44 +02:00			`function scan_host() {`
perform SNI enabled scan for example, youtube requires SNI extension to be present to return ECDSA certificates, use it for scanning 2014-05-08 02:03:50 +02:00			`tcping -u 10000000 $2 443;`
			`if [ $? -gt 0 ]; then`
			`return`
			`fi`
			`../cipherscan -json -servername $1 $2:443 > results/$1@$2`
			`}`

			`function scan_hostname() {`
			`local host_ips=$(host $1 \| awk '/has address/ {print $4}')`
			`local www_ips=$(host www.$1 \| awk '/has address/ {print $4}')`
			`if [ ! -z "$host_ips" ] && [ ! -z "$www_ips" ]; then`
			`# list of IPs that are in www but not in host`
			`local diff=$(grep -Fv "$host_ips" <<< "$www_ips")`
			`while read ip; do`
			`scan_host $1 $ip`
			`done <<< "$host_ips"`
			`if [ ! -z "$diff" ]; then`
			`while read ip; do`
			`scan_host www.$1 $ip`
			`done <<< "$diff"`
			`fi`
			`else`
			`if [ ! -z "$host_ips" ]; then`
			`while read ip; do`
			`scan_host $1 $ip`
			`done <<< "$host_ips"`
			`fi`
			`if [ ! -z "$www_ips" ]; then`
			`while read ip; do`
			`scan_host www.$1 $ip`
			`done <<< "$www_ips"`
			`fi`
			`fi`
testtop1m.sh: correct counting of background jobs `jobs` command returns multiple lines for a jobs with `if` so counting number of background jobs was off 2014-04-26 22:43:44 +02:00			`}`

Improve scanning performance and reduce false negatives scan all the machines from top-1m.csv file, wait for completion of all jobs i=1 is an off-by-one-error support top-1m.csv files with arbitrary number of sites run scans for many hosts at a time, but don't run more than specified amount in case where default domain name doesn't resolve or doesn't have port 443 open, retry with www. prefix 2014-04-04 20:12:50 +02:00			`i=0`
			`count=$(wc -l top-1m.csv \| awk '{print $1}')`
			`while [ $i -lt $count ]`
Script to scan Alexa's top 1m websites 2014-01-09 17:52:17 +01:00			`do`
tweaks 2014-01-09 21:16:40 +01:00			`echo processings sites $i to $((i + parallel))`
Improve scanning performance and reduce false negatives scan all the machines from top-1m.csv file, wait for completion of all jobs i=1 is an off-by-one-error support top-1m.csv files with arbitrary number of sites run scans for many hosts at a time, but don't run more than specified amount in case where default domain name doesn't resolve or doesn't have port 443 open, retry with www. prefix 2014-04-04 20:12:50 +02:00			`for t in $(tail -$(($count - $i)) top-1m.csv \| head -$parallel \|cut -d ',' -f 2)`
Script to scan Alexa's top 1m websites 2014-01-09 17:52:17 +01:00			`do`
perform SNI enabled scan for example, youtube requires SNI extension to be present to return ECDSA certificates, use it for scanning 2014-05-08 02:03:50 +02:00			`(scan_hostname $t)&`
Script to scan Alexa's top 1m websites 2014-01-09 17:52:17 +01:00			`done`
tweaks 2014-01-09 21:16:40 +01:00			`i=$(( i + parallel))`
Improve scanning performance and reduce false negatives scan all the machines from top-1m.csv file, wait for completion of all jobs i=1 is an off-by-one-error support top-1m.csv files with arbitrary number of sites run scans for many hosts at a time, but don't run more than specified amount in case where default domain name doesn't resolve or doesn't have port 443 open, retry with www. prefix 2014-04-04 20:12:50 +02:00			`wait_for_jobs $max_bg`
Script to scan Alexa's top 1m websites 2014-01-09 17:52:17 +01:00			`done`
Improve scanning performance and reduce false negatives scan all the machines from top-1m.csv file, wait for completion of all jobs i=1 is an off-by-one-error support top-1m.csv files with arbitrary number of sites run scans for many hosts at a time, but don't run more than specified amount in case where default domain name doesn't resolve or doesn't have port 443 open, retry with www. prefix 2014-04-04 20:12:50 +02:00			`wait`