mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
commit
90ed0bbb3e
27
analyze.py
27
analyze.py
@ -5,6 +5,8 @@
|
||||
#
|
||||
# Contributor: Julien Vehent jvehent@mozilla.com [:ulfr]
|
||||
|
||||
from __future__ import print_function
|
||||
|
||||
import sys, os, json, subprocess, logging, argparse, platform
|
||||
from collections import namedtuple
|
||||
from datetime import datetime
|
||||
@ -51,7 +53,7 @@ def is_fubar(results):
|
||||
has_ssl2 = True
|
||||
logging.debug('SSLv2 is in the list of fubar protocols')
|
||||
fubar = True
|
||||
if conn['pubkey'] < 2048:
|
||||
if int(conn['pubkey'][0]) < 2048:
|
||||
has_wrong_pubkey = True
|
||||
logging.debug(conn['pubkey'] + ' is a fubar pubkey size')
|
||||
fubar = True
|
||||
@ -319,8 +321,8 @@ def process_results(data, level=None, do_json=False, do_nagios=False):
|
||||
level='none'
|
||||
try:
|
||||
results = json.loads(data)
|
||||
except ValueError, e:
|
||||
print("invalid json data")
|
||||
except ValueError as e:
|
||||
print("invalid json data: " + str(e))
|
||||
try:
|
||||
if results:
|
||||
if do_json:
|
||||
@ -342,12 +344,13 @@ def process_results(data, level=None, do_json=False, do_nagios=False):
|
||||
print("and complies with the '" + level + "' level")
|
||||
else:
|
||||
print("and DOES NOT comply with the '" + level + "' level")
|
||||
except TypeError, e:
|
||||
except TypeError as e:
|
||||
print("Error processing data: " + str(e))
|
||||
return False
|
||||
|
||||
if do_json:
|
||||
json_output['failures'] = deepcopy(failures)
|
||||
print json.dumps(json_output)
|
||||
print(json.dumps(json_output))
|
||||
return True
|
||||
|
||||
if len(failures['fubar']) > 0:
|
||||
@ -419,16 +422,20 @@ def build_ciphers_lists(opensslbin):
|
||||
|
||||
logging.debug('Loading all ciphers: ' + allC)
|
||||
all_ciphers = subprocess.Popen([opensslbin, 'ciphers', allC],
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip()
|
||||
all_ciphers = str(all_ciphers).split(":")
|
||||
logging.debug('Loading old ciphers: ' + oldC)
|
||||
old_ciphers = subprocess.Popen([opensslbin, 'ciphers', oldC],
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip()
|
||||
old_ciphers = str(old_ciphers).split(':')
|
||||
logging.debug('Loading intermediate ciphers: ' + intC)
|
||||
intermediate_ciphers = subprocess.Popen([opensslbin, 'ciphers', intC],
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip()
|
||||
intermediate_ciphers = str(intermediate_ciphers).split(':')
|
||||
logging.debug('Loading modern ciphers: ' + modernC)
|
||||
modern_ciphers = subprocess.Popen([opensslbin, 'ciphers', modernC],
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip().split(':')
|
||||
stderr=blackhole, stdout=subprocess.PIPE).communicate()[0].rstrip()
|
||||
modern_ciphers = str(modern_ciphers).split(':')
|
||||
blackhole.close()
|
||||
|
||||
def main():
|
||||
@ -481,7 +488,7 @@ def main():
|
||||
data = subprocess.check_output([mypath + '/cipherscan', '-o', args.openssl, '-j', args.target])
|
||||
else:
|
||||
data = subprocess.check_output([mypath + '/cipherscan', '-j', args.target])
|
||||
exit_status=process_results(data, args.level, args.json, args.nagios)
|
||||
exit_status=process_results(str(data), args.level, args.json, args.nagios)
|
||||
else:
|
||||
if os.fstat(args.infile.fileno()).st_size < 2:
|
||||
logging.error("invalid input file")
|
||||
|
@ -5,7 +5,7 @@
|
||||
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
# Author: Hubert Kario - 2014
|
||||
|
||||
from __future__ import division
|
||||
from __future__ import division, print_function
|
||||
|
||||
path = "./results/"
|
||||
ca_certs_path = "./ca_files"
|
||||
@ -61,7 +61,7 @@ def get_path_for_hash(cert_hash):
|
||||
if not os.path.exists(f_name):
|
||||
f_name = ca_certs_path + '/' + cert_hash + '.pem'
|
||||
if not os.path.exists(f_name):
|
||||
#print "File with hash " + c_hash + " is missing!"
|
||||
#print("File with hash " + c_hash + " is missing!")
|
||||
return None
|
||||
return f_name
|
||||
|
||||
@ -201,7 +201,7 @@ with open("parsed") as res_file:
|
||||
try:
|
||||
res = json.loads(line)
|
||||
except ValueError as e:
|
||||
print "can't process line: " + line
|
||||
print("can't process line: " + line)
|
||||
continue
|
||||
|
||||
f=res
|
||||
@ -248,13 +248,13 @@ with open("parsed") as res_file:
|
||||
if server_chain_trusted:
|
||||
if server_chain_complete:
|
||||
chains["complete"] += 1
|
||||
print "complete: " + f['host']
|
||||
print("complete: " + f['host'])
|
||||
else:
|
||||
chains["incomplete"] += 1
|
||||
print "incomplete: " + f['host']
|
||||
print("incomplete: " + f['host'])
|
||||
else:
|
||||
chains["untrusted"] += 1
|
||||
print "untrusted: " + f['host']
|
||||
print("untrusted: " + f['host'])
|
||||
|
||||
if valid:
|
||||
hosts += 1
|
||||
@ -276,9 +276,9 @@ with open("parsed") as res_file:
|
||||
continue
|
||||
|
||||
""" Display stats """
|
||||
#print "openssl invocations: " + str(invocations["openssl"])
|
||||
#print("openssl invocations: " + str(invocations["openssl"]))
|
||||
|
||||
print "Statistics from " + str(total) + " chains provided by " + str(hosts) + " hosts"
|
||||
print("Statistics from " + str(total) + " chains provided by " + str(hosts) + " hosts")
|
||||
|
||||
print("\nServer provided chains Count Percent")
|
||||
print("-------------------------+---------+-------")
|
||||
|
@ -6,7 +6,7 @@
|
||||
# Author: Julien Vehent [:ulfr] - 2013
|
||||
# Contributors: Hubert Kario - 2014
|
||||
|
||||
from __future__ import division
|
||||
from __future__ import division, print_function
|
||||
|
||||
path = "./results/"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user