From 54a54aa4281ec251681856f8e40d7ea188ac50d8 Mon Sep 17 00:00:00 2001 From: Olivier Paroz Date: Sun, 21 Sep 2014 15:59:28 +0200 Subject: [PATCH] New option to enable SNI Simulates a SNI capable client --- cipherscan | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/cipherscan b/cipherscan index 99017e3..b02e27d 100755 --- a/cipherscan +++ b/cipherscan @@ -39,6 +39,7 @@ DELAY=0 ALLCIPHERS=0 OUTPUTFORMAT="terminal" TIMEOUT=10 +SNISCAN=0 usage() { @@ -50,7 +51,7 @@ $0 attempts to connect to a target site using all the ciphersuites it knows. Original script by Julien Vehent. [:ulfr] - https://github.com/jvehent/cipherscan FreeBSD version by Olivier Paroz. [:ulfr] - https://github.com/oparoz/cipherscan -On FreeBSD, you will need the following ports on FreeBSD: textproc/gnugrep and sysutils/coreutils +OpenSSL 1.0.2 is a REQUIREMENT and you will also need the following ports on FreeBSD: textproc/gnugrep and sysutils/coreutils Port defaults to 443 @@ -65,6 +66,7 @@ Use one of the options below: -h | --help Shows this help text. -j | --json Output results in JSON format. -o | --openssl path/to/your/openssl binary you want to use. +-s | --sni Activates SNI -v | --verbose Increase verbosity. The rest of the arguments will be interpreted as openssl s_client argument. @@ -337,6 +339,10 @@ do -o | --openssl) OPENSSLBIN=$2 # You might want to check if you really got FILE shift 2 + ;; + -s | --sni) + SNISCAN=1 + shift ;; -a | --allciphers) ALLCIPHERS=1 @@ -401,8 +407,11 @@ debug "Port: $PORT" TARGET=$HOST:$PORT debug "target: $TARGET" -SNI_FIX="-servername ${HOST}" -SCLIENTARGS="$SNI_FIX $(sed -e s,${TEMPTARGET},,<<<"${@}")" +SNIPARAM="" +if [ $SNISCAN -gt 0 ]; then + SNIPARAM="-servername ${HOST}" +fi +SCLIENTARGS="$SNIPARAM $(sed -e s,${TEMPTARGET},,<<<"${@}")" debug "sclientargs: $SCLIENTARGS"