mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
perform SNI enabled scan
for example, youtube requires SNI extension to be present to return ECDSA certificates, use it for scanning
This commit is contained in:
parent
c48c012771
commit
00b20a20ed
@ -14,17 +14,39 @@ function wait_for_jobs() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function scan_host() {
|
function scan_host() {
|
||||||
tcping -u 10000000 $1 443;
|
tcping -u 10000000 $2 443;
|
||||||
if [ $? -gt 0 ];then
|
if [ $? -gt 0 ]; then
|
||||||
tcping -u 10000000 www.$1 443;
|
return
|
||||||
if [ $? -gt 0 ]; then
|
fi
|
||||||
return;
|
../cipherscan -json -servername $1 $2:443 > results/$1@$2
|
||||||
else
|
}
|
||||||
../cipherscan -json www.$1:443 > results/www.$t
|
|
||||||
return;
|
function scan_hostname() {
|
||||||
fi;
|
local host_ips=$(host $1 | awk '/has address/ {print $4}')
|
||||||
fi;
|
local www_ips=$(host www.$1 | awk '/has address/ {print $4}')
|
||||||
../cipherscan -json $t:443 > results/$t
|
if [ ! -z "$host_ips" ] && [ ! -z "$www_ips" ]; then
|
||||||
|
# list of IPs that are in www but not in host
|
||||||
|
local diff=$(grep -Fv "$host_ips" <<< "$www_ips")
|
||||||
|
while read ip; do
|
||||||
|
scan_host $1 $ip
|
||||||
|
done <<< "$host_ips"
|
||||||
|
if [ ! -z "$diff" ]; then
|
||||||
|
while read ip; do
|
||||||
|
scan_host www.$1 $ip
|
||||||
|
done <<< "$diff"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
if [ ! -z "$host_ips" ]; then
|
||||||
|
while read ip; do
|
||||||
|
scan_host $1 $ip
|
||||||
|
done <<< "$host_ips"
|
||||||
|
fi
|
||||||
|
if [ ! -z "$www_ips" ]; then
|
||||||
|
while read ip; do
|
||||||
|
scan_host www.$1 $ip
|
||||||
|
done <<< "$www_ips"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
i=0
|
i=0
|
||||||
@ -34,7 +56,7 @@ do
|
|||||||
echo processings sites $i to $((i + parallel))
|
echo processings sites $i to $((i + parallel))
|
||||||
for t in $(tail -$(($count - $i)) top-1m.csv | head -$parallel |cut -d ',' -f 2)
|
for t in $(tail -$(($count - $i)) top-1m.csv | head -$parallel |cut -d ',' -f 2)
|
||||||
do
|
do
|
||||||
(scan_host $t)&
|
(scan_hostname $t)&
|
||||||
done
|
done
|
||||||
i=$(( i + parallel))
|
i=$(( i + parallel))
|
||||||
wait_for_jobs $max_bg
|
wait_for_jobs $max_bg
|
||||||
|
Loading…
Reference in New Issue
Block a user