mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 22:33:40 +01:00
Report the signature type used on server certificate
Parse the certificate used by server and report the signature used: prio ciphersuite protocols pubkey_size signature_algorithm pfs_keysize 1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption ECDH,P-256,256bits 2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ecdsa-with-SHA512 ECDH,P-256,256bits 3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption 4 AECDH-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None ECDH,P-256,256bits 5 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption 6 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption RSA,512bits
This commit is contained in:
parent
f9fdd62a59
commit
946cc6a9ac
16
cipherscan
16
cipherscan
@ -76,6 +76,10 @@ test_cipher_on_target() {
|
|||||||
if [ -z $current_pubkey ]; then
|
if [ -z $current_pubkey ]; then
|
||||||
current_pubkey=0
|
current_pubkey=0
|
||||||
fi
|
fi
|
||||||
|
current_sigalg=$(openssl x509 -noout -text 2>/dev/null <<<"$tmp"|grep Signature\ Algorithm | head -n 1 | awk '{print $3}') || current_sigalg="None"
|
||||||
|
if [ -z $current_sigalg ]; then
|
||||||
|
current_sigalg=None
|
||||||
|
fi
|
||||||
if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then
|
if [[ -z "$current_protocol" || "$current_cipher" == '(NONE)' ]]; then
|
||||||
# connection failed, try again with next TLS version
|
# connection failed, try again with next TLS version
|
||||||
continue
|
continue
|
||||||
@ -97,6 +101,7 @@ test_cipher_on_target() {
|
|||||||
cipher=$current_cipher
|
cipher=$current_cipher
|
||||||
pfs=$current_pfs
|
pfs=$current_pfs
|
||||||
pubkey=$current_pubkey
|
pubkey=$current_pubkey
|
||||||
|
sigalg=$current_sigalg
|
||||||
# grab the cipher and PFS key size
|
# grab the cipher and PFS key size
|
||||||
done
|
done
|
||||||
# if cipher is empty, that means none of the TLS version worked with
|
# if cipher is empty, that means none of the TLS version worked with
|
||||||
@ -108,13 +113,13 @@ test_cipher_on_target() {
|
|||||||
|
|
||||||
# if cipher contains NONE, the cipher wasn't accepted
|
# if cipher contains NONE, the cipher wasn't accepted
|
||||||
elif [ "$cipher" == '(NONE) ' ]; then
|
elif [ "$cipher" == '(NONE) ' ]; then
|
||||||
result="$cipher $protocols $pubkey $pfs"
|
result="$cipher $protocols $pubkey $sigalg $pfs"
|
||||||
verbose "handshake failed, server returned ciphersuite '$result'"
|
verbose "handshake failed, server returned ciphersuite '$result'"
|
||||||
return 1
|
return 1
|
||||||
|
|
||||||
# the connection succeeded
|
# the connection succeeded
|
||||||
else
|
else
|
||||||
result="$cipher $protocols $pubkey $pfs"
|
result="$cipher $protocols $pubkey $sigalg $pfs"
|
||||||
verbose "handshake succeeded, server returned ciphersuite '$result'"
|
verbose "handshake succeeded, server returned ciphersuite '$result'"
|
||||||
return 0
|
return 0
|
||||||
fi
|
fi
|
||||||
@ -178,9 +183,9 @@ display_results_in_terminal() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
if [ $DOBENCHMARK -eq 1 ]; then
|
if [ $DOBENCHMARK -eq 1 ]; then
|
||||||
header="prio ciphersuite protocols pubkey_size pfs_keysize avg_handshake_microsec"
|
header="prio ciphersuite protocols pubkey_size signature_algoritm pfs_keysize avg_handshake_microsec"
|
||||||
else
|
else
|
||||||
header="prio ciphersuite protocols pubkey_size pfs_keysize"
|
header="prio ciphersuite protocols pubkey_size signature_algorithm pfs_keysize"
|
||||||
fi
|
fi
|
||||||
ctr=0
|
ctr=0
|
||||||
for result in "${results[@]}"; do
|
for result in "${results[@]}"; do
|
||||||
@ -202,7 +207,8 @@ display_results_in_json() {
|
|||||||
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
|
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
|
||||||
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
|
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
|
||||||
echo -n "\"pubkey\":[\"$(echo $cipher|awk '{print $3}'|sed 's/,/","/g')\"],"
|
echo -n "\"pubkey\":[\"$(echo $cipher|awk '{print $3}'|sed 's/,/","/g')\"],"
|
||||||
pfs=$(echo $cipher|awk '{print $4}')
|
echo -n "\"sigalg\":[\"$(echo $cipher|awk '{print $4}'|sed 's/,/","/g')\"],"
|
||||||
|
pfs=$(echo $cipher|awk '{print $5}')
|
||||||
[ "$pfs" == "" ] && pfs="None"
|
[ "$pfs" == "" ] && pfs="None"
|
||||||
echo -n "\"pfs\":\"$pfs\"}"
|
echo -n "\"pfs\":\"$pfs\"}"
|
||||||
ctr=$((ctr+1))
|
ctr=$((ctr+1))
|
||||||
|
Loading…
Reference in New Issue
Block a user