2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 22:33:40 +01:00

perform SNI enabled scan

for example, youtube requires SNI extension to be present to return
ECDSA certificates, use it for scanning
This commit is contained in:
Hubert Kario 2014-05-08 02:03:50 +02:00
parent c48c012771
commit 00b20a20ed

View File

@ -14,17 +14,39 @@ function wait_for_jobs() {
} }
function scan_host() { function scan_host() {
tcping -u 10000000 $1 443; tcping -u 10000000 $2 443;
if [ $? -gt 0 ]; then if [ $? -gt 0 ]; then
tcping -u 10000000 www.$1 443; return
if [ $? -gt 0 ]; then fi
return; ../cipherscan -json -servername $1 $2:443 > results/$1@$2
}
function scan_hostname() {
local host_ips=$(host $1 | awk '/has address/ {print $4}')
local www_ips=$(host www.$1 | awk '/has address/ {print $4}')
if [ ! -z "$host_ips" ] && [ ! -z "$www_ips" ]; then
# list of IPs that are in www but not in host
local diff=$(grep -Fv "$host_ips" <<< "$www_ips")
while read ip; do
scan_host $1 $ip
done <<< "$host_ips"
if [ ! -z "$diff" ]; then
while read ip; do
scan_host www.$1 $ip
done <<< "$diff"
fi
else else
../cipherscan -json www.$1:443 > results/www.$t if [ ! -z "$host_ips" ]; then
return; while read ip; do
fi; scan_host $1 $ip
fi; done <<< "$host_ips"
../cipherscan -json $t:443 > results/$t fi
if [ ! -z "$www_ips" ]; then
while read ip; do
scan_host www.$1 $ip
done <<< "$www_ips"
fi
fi
} }
i=0 i=0
@ -34,7 +56,7 @@ do
echo processings sites $i to $((i + parallel)) echo processings sites $i to $((i + parallel))
for t in $(tail -$(($count - $i)) top-1m.csv | head -$parallel |cut -d ',' -f 2) for t in $(tail -$(($count - $i)) top-1m.csv | head -$parallel |cut -d ',' -f 2)
do do
(scan_host $t)& (scan_hostname $t)&
done done
i=$(( i + parallel)) i=$(( i + parallel))
wait_for_jobs $max_bg wait_for_jobs $max_bg