2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-12-25 12:13:41 +01:00

Merge pull request #59 from tomato42/parsing-fixes

Fixes for results parsing
This commit is contained in:
Julien Vehent 2015-06-10 07:33:17 +02:00
commit 0119b9c115

View File

@ -49,6 +49,24 @@ client_ciphers['FF 29']=[
'RC4-SHA',
'RC4-MD5']
client_ciphers['FF 35']=[
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-GCM-SHA256',
'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES128-SHA',
'ECDHE-RSA-AES128-SHA',
'ECDHE-RSA-AES256-SHA',
'ECDHE-ECDSA-RC4-SHA',
'ECDHE-RSA-RC4-SHA',
'DHE-RSA-AES128-SHA',
'DHE-DSS-AES128-SHA',
'DHE-RSA-AES256-SHA',
'AES128-SHA',
'AES256-SHA',
'DES-CBC3-SHA',
'RC4-SHA',
'RC4-MD5']
report_untrused=False
cipherstats = defaultdict(int)
@ -97,6 +115,7 @@ for r,d,flist in os.walk(path):
tempcipherstats = {}
ciphertypes = 0
AESGCM = False
AESCBC = False
AES = False
CHACHA20 = False
DES3 = False
@ -190,18 +209,24 @@ for r,d,flist in os.walk(path):
temp_client_incompat[client_name][entry['cipher']] = 1
""" store the ciphers supported """
if 'ADH' in entry['cipher'] or 'AECDH' in entry['cipher']:
if 'ADH' in entry['cipher'] or 'AECDH' in entry['cipher'] or \
'EXP' in entry['cipher'] or \
'DES-CBC3-MD5' in entry['cipher'] or \
'RC4-64-MD5' in entry['cipher'] or \
'IDEA-CBC-MD5' in entry['cipher']:
ciphertypes += 1
name = "z:" + entry['cipher']
tempcipherstats[name] = 1
tempcipherstats['Insecure'] = 1
elif 'AES128-GCM' in entry['cipher'] or 'AES256-GCM' in entry['cipher']:
if not AESGCM:
AES = True
AESGCM = True
ciphertypes += 1
elif 'AES' in entry['cipher']:
if not AES:
if not AESCBC:
AES = True
AESCBC = True
ciphertypes += 1
elif 'DES-CBC3' in entry['cipher']:
if not DES3:
@ -235,16 +260,18 @@ for r,d,flist in os.walk(path):
tempcipherstats['Insecure'] = 1
""" store key handshake methods """
if 'ECDHE' in entry['cipher']:
if 'EXP' in entry['cipher']:
pass
elif 'AECDH' in entry['cipher']:
AECDH = True
elif 'ADH' in entry['cipher']:
ADH = True
elif 'ECDHE' in entry['cipher']:
ECDHE = True
temppfsstats[entry['pfs']] = 1
elif 'DHE' in entry['cipher'] or 'EDH' in entry['cipher']:
DHE = True
temppfsstats[entry['pfs']] = 1
elif 'AECDH' in entry['cipher']:
AECDH = True
elif 'ADH' in entry['cipher']:
ADH = True
elif 'ECDH' in entry['cipher']:
ECDH = True
elif 'DH' in entry['cipher']:
@ -393,10 +420,12 @@ for r,d,flist in os.walk(path):
cipherstats['AES-GCM Only'] += 1
if AES:
cipherstats['AES'] += 1
if AESCBC:
cipherstats['AES-CBC'] += 1
if ciphertypes == 1:
cipherstats['AES-CBC Only'] += 1
if (AES and ciphertypes == 1) or (AESGCM and ciphertypes == 1)\
or (AES and AESGCM and ciphertypes == 2):
if (AESCBC and ciphertypes == 1) or (AESGCM and ciphertypes == 1)\
or (AESCBC and AESGCM and ciphertypes == 2):
cipherstats['AES Only'] += 1
if CHACHA20:
cipherstats['CHACHA20'] += 1
@ -432,11 +461,11 @@ for r,d,flist in os.walk(path):
client_selected_cipherstats[client_name][client_selected[client_name]] += 1
if client_RC4_Only[client_name] and ciphertypes != 1:
if client_RC4_Only[client_name]:
cipherstats['x:' + client_name + ' RC4 Only'] += 1
for cipher in temp_client_incompat[client_name]:
client_RC4_Only_cipherstats[client_name][cipher] += 1
if client_RC4_Pref[client_name] and not 'RC4' in results['ciphersuite'][0]['cipher']:
if client_RC4_Pref[client_name]:
cipherstats['x:' + client_name + ' RC4 Preferred'] += 1
for cipher in temp_client_incompat[client_name]:
client_RC4_preferred_cipherstats[client_name][cipher] += 1
@ -477,10 +506,14 @@ for r,d,flist in os.walk(path):
protocolstats['SSL3'] += 1
if not SSL2 and not TLS1 and not TLS1_1 and not TLS1_2:
protocolstats['SSL3 Only'] += 1
if not TLS1 and not TLS1_1 and not TLS1_2:
protocolstats['SSL3 or lower Only'] += 1
if TLS1:
protocolstats['TLS1'] += 1
if not SSL2 and not SSL3 and not TLS1_1 and not TLS1_2:
protocolstats['TLS1 Only'] += 1
if not TLS1_1 and not TLS1_2:
protocolstats['TLS1 or lower Only'] += 1
if not SSL2 and (SSL3 or TLS1) and not TLS1_1 and not TLS1_2:
protocolstats['SSL3 or TLS1 Only'] += 1
if not SSL2 and not SSL3 and not TLS1:
@ -504,10 +537,6 @@ for r,d,flist in os.walk(path):
effectively prefer RC4 when using given client, to make reporting more
readable, sum it with sites that do that for all ciphers"""
for client_name in client_ciphers:
if 'x:' + client_name + ' RC4 Preferred' in cipherstats and 'RC4 Preferred' in cipherstats:
cipherstats['x:' + client_name + ' RC4 Preferred'] += cipherstats['RC4 Preferred']
print("SSL/TLS survey of %i websites from Alexa's top 1 million" % total)
if report_untrused == False:
print("Stats only from connections that did provide valid certificates")
@ -606,6 +635,8 @@ for stat in sorted(keysize):
percent = round(keysize[stat] / total * 100, 4)
sys.stdout.write(stat.ljust(25) + " " + str(keysize[stat]).ljust(10) + str(percent).ljust(9) + "\n")
if total == 0:
total = 1
sys.stdout.write("RSA/ECDSA Dual Stack".ljust(25) + " " + str(dsarsastack).ljust(10) + str(round(dsarsastack/total * 100, 4)) + "\n")
print("\nOCSP stapling Count Percent ")