2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00

Merge pull request #59 from tomato42/parsing-fixes

Fixes for results parsing
This commit is contained in:
Julien Vehent 2015-06-10 07:33:17 +02:00
commit 0119b9c115

View File

@ -49,6 +49,24 @@ client_ciphers['FF 29']=[
'RC4-SHA', 'RC4-SHA',
'RC4-MD5'] 'RC4-MD5']
client_ciphers['FF 35']=[
'ECDHE-ECDSA-AES128-GCM-SHA256',
'ECDHE-RSA-AES128-GCM-SHA256',
'ECDHE-ECDSA-AES256-SHA',
'ECDHE-ECDSA-AES128-SHA',
'ECDHE-RSA-AES128-SHA',
'ECDHE-RSA-AES256-SHA',
'ECDHE-ECDSA-RC4-SHA',
'ECDHE-RSA-RC4-SHA',
'DHE-RSA-AES128-SHA',
'DHE-DSS-AES128-SHA',
'DHE-RSA-AES256-SHA',
'AES128-SHA',
'AES256-SHA',
'DES-CBC3-SHA',
'RC4-SHA',
'RC4-MD5']
report_untrused=False report_untrused=False
cipherstats = defaultdict(int) cipherstats = defaultdict(int)
@ -97,6 +115,7 @@ for r,d,flist in os.walk(path):
tempcipherstats = {} tempcipherstats = {}
ciphertypes = 0 ciphertypes = 0
AESGCM = False AESGCM = False
AESCBC = False
AES = False AES = False
CHACHA20 = False CHACHA20 = False
DES3 = False DES3 = False
@ -190,18 +209,24 @@ for r,d,flist in os.walk(path):
temp_client_incompat[client_name][entry['cipher']] = 1 temp_client_incompat[client_name][entry['cipher']] = 1
""" store the ciphers supported """ """ store the ciphers supported """
if 'ADH' in entry['cipher'] or 'AECDH' in entry['cipher']: if 'ADH' in entry['cipher'] or 'AECDH' in entry['cipher'] or \
'EXP' in entry['cipher'] or \
'DES-CBC3-MD5' in entry['cipher'] or \
'RC4-64-MD5' in entry['cipher'] or \
'IDEA-CBC-MD5' in entry['cipher']:
ciphertypes += 1 ciphertypes += 1
name = "z:" + entry['cipher'] name = "z:" + entry['cipher']
tempcipherstats[name] = 1 tempcipherstats[name] = 1
tempcipherstats['Insecure'] = 1 tempcipherstats['Insecure'] = 1
elif 'AES128-GCM' in entry['cipher'] or 'AES256-GCM' in entry['cipher']: elif 'AES128-GCM' in entry['cipher'] or 'AES256-GCM' in entry['cipher']:
if not AESGCM: if not AESGCM:
AES = True
AESGCM = True AESGCM = True
ciphertypes += 1 ciphertypes += 1
elif 'AES' in entry['cipher']: elif 'AES' in entry['cipher']:
if not AES: if not AESCBC:
AES = True AES = True
AESCBC = True
ciphertypes += 1 ciphertypes += 1
elif 'DES-CBC3' in entry['cipher']: elif 'DES-CBC3' in entry['cipher']:
if not DES3: if not DES3:
@ -235,16 +260,18 @@ for r,d,flist in os.walk(path):
tempcipherstats['Insecure'] = 1 tempcipherstats['Insecure'] = 1
""" store key handshake methods """ """ store key handshake methods """
if 'ECDHE' in entry['cipher']: if 'EXP' in entry['cipher']:
pass
elif 'AECDH' in entry['cipher']:
AECDH = True
elif 'ADH' in entry['cipher']:
ADH = True
elif 'ECDHE' in entry['cipher']:
ECDHE = True ECDHE = True
temppfsstats[entry['pfs']] = 1 temppfsstats[entry['pfs']] = 1
elif 'DHE' in entry['cipher'] or 'EDH' in entry['cipher']: elif 'DHE' in entry['cipher'] or 'EDH' in entry['cipher']:
DHE = True DHE = True
temppfsstats[entry['pfs']] = 1 temppfsstats[entry['pfs']] = 1
elif 'AECDH' in entry['cipher']:
AECDH = True
elif 'ADH' in entry['cipher']:
ADH = True
elif 'ECDH' in entry['cipher']: elif 'ECDH' in entry['cipher']:
ECDH = True ECDH = True
elif 'DH' in entry['cipher']: elif 'DH' in entry['cipher']:
@ -393,10 +420,12 @@ for r,d,flist in os.walk(path):
cipherstats['AES-GCM Only'] += 1 cipherstats['AES-GCM Only'] += 1
if AES: if AES:
cipherstats['AES'] += 1 cipherstats['AES'] += 1
if AESCBC:
cipherstats['AES-CBC'] += 1
if ciphertypes == 1: if ciphertypes == 1:
cipherstats['AES-CBC Only'] += 1 cipherstats['AES-CBC Only'] += 1
if (AES and ciphertypes == 1) or (AESGCM and ciphertypes == 1)\ if (AESCBC and ciphertypes == 1) or (AESGCM and ciphertypes == 1)\
or (AES and AESGCM and ciphertypes == 2): or (AESCBC and AESGCM and ciphertypes == 2):
cipherstats['AES Only'] += 1 cipherstats['AES Only'] += 1
if CHACHA20: if CHACHA20:
cipherstats['CHACHA20'] += 1 cipherstats['CHACHA20'] += 1
@ -432,11 +461,11 @@ for r,d,flist in os.walk(path):
client_selected_cipherstats[client_name][client_selected[client_name]] += 1 client_selected_cipherstats[client_name][client_selected[client_name]] += 1
if client_RC4_Only[client_name] and ciphertypes != 1: if client_RC4_Only[client_name]:
cipherstats['x:' + client_name + ' RC4 Only'] += 1 cipherstats['x:' + client_name + ' RC4 Only'] += 1
for cipher in temp_client_incompat[client_name]: for cipher in temp_client_incompat[client_name]:
client_RC4_Only_cipherstats[client_name][cipher] += 1 client_RC4_Only_cipherstats[client_name][cipher] += 1
if client_RC4_Pref[client_name] and not 'RC4' in results['ciphersuite'][0]['cipher']: if client_RC4_Pref[client_name]:
cipherstats['x:' + client_name + ' RC4 Preferred'] += 1 cipherstats['x:' + client_name + ' RC4 Preferred'] += 1
for cipher in temp_client_incompat[client_name]: for cipher in temp_client_incompat[client_name]:
client_RC4_preferred_cipherstats[client_name][cipher] += 1 client_RC4_preferred_cipherstats[client_name][cipher] += 1
@ -477,10 +506,14 @@ for r,d,flist in os.walk(path):
protocolstats['SSL3'] += 1 protocolstats['SSL3'] += 1
if not SSL2 and not TLS1 and not TLS1_1 and not TLS1_2: if not SSL2 and not TLS1 and not TLS1_1 and not TLS1_2:
protocolstats['SSL3 Only'] += 1 protocolstats['SSL3 Only'] += 1
if not TLS1 and not TLS1_1 and not TLS1_2:
protocolstats['SSL3 or lower Only'] += 1
if TLS1: if TLS1:
protocolstats['TLS1'] += 1 protocolstats['TLS1'] += 1
if not SSL2 and not SSL3 and not TLS1_1 and not TLS1_2: if not SSL2 and not SSL3 and not TLS1_1 and not TLS1_2:
protocolstats['TLS1 Only'] += 1 protocolstats['TLS1 Only'] += 1
if not TLS1_1 and not TLS1_2:
protocolstats['TLS1 or lower Only'] += 1
if not SSL2 and (SSL3 or TLS1) and not TLS1_1 and not TLS1_2: if not SSL2 and (SSL3 or TLS1) and not TLS1_1 and not TLS1_2:
protocolstats['SSL3 or TLS1 Only'] += 1 protocolstats['SSL3 or TLS1 Only'] += 1
if not SSL2 and not SSL3 and not TLS1: if not SSL2 and not SSL3 and not TLS1:
@ -504,10 +537,6 @@ for r,d,flist in os.walk(path):
effectively prefer RC4 when using given client, to make reporting more effectively prefer RC4 when using given client, to make reporting more
readable, sum it with sites that do that for all ciphers""" readable, sum it with sites that do that for all ciphers"""
for client_name in client_ciphers:
if 'x:' + client_name + ' RC4 Preferred' in cipherstats and 'RC4 Preferred' in cipherstats:
cipherstats['x:' + client_name + ' RC4 Preferred'] += cipherstats['RC4 Preferred']
print("SSL/TLS survey of %i websites from Alexa's top 1 million" % total) print("SSL/TLS survey of %i websites from Alexa's top 1 million" % total)
if report_untrused == False: if report_untrused == False:
print("Stats only from connections that did provide valid certificates") print("Stats only from connections that did provide valid certificates")
@ -606,6 +635,8 @@ for stat in sorted(keysize):
percent = round(keysize[stat] / total * 100, 4) percent = round(keysize[stat] / total * 100, 4)
sys.stdout.write(stat.ljust(25) + " " + str(keysize[stat]).ljust(10) + str(percent).ljust(9) + "\n") sys.stdout.write(stat.ljust(25) + " " + str(keysize[stat]).ljust(10) + str(percent).ljust(9) + "\n")
if total == 0:
total = 1
sys.stdout.write("RSA/ECDSA Dual Stack".ljust(25) + " " + str(dsarsastack).ljust(10) + str(round(dsarsastack/total * 100, 4)) + "\n") sys.stdout.write("RSA/ECDSA Dual Stack".ljust(25) + " " + str(dsarsastack).ljust(10) + str(round(dsarsastack/total * 100, 4)) + "\n")
print("\nOCSP stapling Count Percent ") print("\nOCSP stapling Count Percent ")