mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-25 15:33:41 +01:00
small fixes for delay
firstly, test_cipher_on_target() will try at least 4 connections before incurring the sleep, for aggressive rate limiter on server side it may be too much, so sleep before every connection secondly, because running external commands like sleep incurs a fork penalty, we first check if it is necessary
This commit is contained in:
parent
71ba3c88b0
commit
11ce6187de
12
cipherscan
12
cipherscan
@ -48,6 +48,14 @@ TIMEOUT=30
|
|||||||
# trust anchors are stored
|
# trust anchors are stored
|
||||||
CAPATH=""
|
CAPATH=""
|
||||||
|
|
||||||
|
# because running external commands like sleep incurs a fork penalty, we
|
||||||
|
# first check if it is necessary
|
||||||
|
ratelimit() {
|
||||||
|
if [[ $DELAY != "0" ]]; then
|
||||||
|
sleep $DELAY
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [--capath directory] [-d|--delay seconds] [-D|--debug] [-j|--json] [-v|--verbose] [-o|--openssl file] [openssl s_client args] <target:port>
|
echo -e "usage: $0 [-a|--allciphers] [-b|--benchmark] [--capath directory] [-d|--delay seconds] [-D|--debug] [-j|--json] [-v|--verbose] [-o|--openssl file] [openssl s_client args] <target:port>
|
||||||
usage: $0 -h|--help
|
usage: $0 -h|--help
|
||||||
@ -109,6 +117,7 @@ test_cipher_on_target() {
|
|||||||
else
|
else
|
||||||
cmnd=$sslcommand
|
cmnd=$sslcommand
|
||||||
fi
|
fi
|
||||||
|
ratelimit
|
||||||
debug echo \"Q\" \| $cmnd $tls_version
|
debug echo \"Q\" \| $cmnd $tls_version
|
||||||
local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null)
|
local tmp=$(echo "Q" | $cmnd $tls_version 1>/dev/stdout 2>/dev/null)
|
||||||
if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then
|
if grep 'OCSP Response Data' <<<"$tmp" >/dev/null; then
|
||||||
@ -237,7 +246,6 @@ get_cipher_pref() {
|
|||||||
get_cipher_pref "!$pciph:$ciphersuite"
|
get_cipher_pref "!$pciph:$ciphersuite"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
sleep $DELAY
|
|
||||||
}
|
}
|
||||||
|
|
||||||
display_results_in_terminal() {
|
display_results_in_terminal() {
|
||||||
@ -521,7 +529,5 @@ if [ $ALLCIPHERS -gt 0 ]; then
|
|||||||
r="pass"
|
r="pass"
|
||||||
fi
|
fi
|
||||||
echo "$c $r"|awk '{printf "%-35s %s\n",$1,$2}'
|
echo "$c $r"|awk '{printf "%-35s %s\n",$1,$2}'
|
||||||
debug "Sleeping for $DELAY."
|
|
||||||
sleep $DELAY
|
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
parallel=10
|
parallel=10
|
||||||
max_bg=50
|
max_bg=50
|
||||||
absolute_max_bg=100
|
absolute_max_bg=400
|
||||||
max_load_avg=50
|
max_load_avg=50
|
||||||
|
|
||||||
if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then
|
if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then
|
||||||
@ -32,7 +32,7 @@ function scan_host() {
|
|||||||
if [ $? -gt 0 ]; then
|
if [ $? -gt 0 ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
../cipherscan -json -servername $1 $2:443 > results/$1@$2
|
../cipherscan --delay 2 -json -servername $1 $2:443 > results/$1@$2
|
||||||
}
|
}
|
||||||
|
|
||||||
function scan_host_no_sni() {
|
function scan_host_no_sni() {
|
||||||
@ -44,7 +44,7 @@ function scan_host_no_sni() {
|
|||||||
if [ $? -gt 0 ]; then
|
if [ $? -gt 0 ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
../cipherscan -json $1:443 > results/$1
|
../cipherscan --delay 2 -json $1:443 > results/$1
|
||||||
}
|
}
|
||||||
|
|
||||||
function scan_hostname() {
|
function scan_hostname() {
|
||||||
|
Loading…
Reference in New Issue
Block a user