From ca0ef2fc5c6c270d9f79f6c8a14c4408bd98542d Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Sat, 4 Oct 2014 14:46:36 +0200 Subject: [PATCH] fixes for the pull request #18 there were few small issues with the pull #18 even though jvehent merged it, this fixes them --- cipherscan | 2 ++ top1m/parse_results.py | 1 + top1m/testtop1m.sh | 8 +++++--- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/cipherscan b/cipherscan index 4a00981..b7e8e4d 100755 --- a/cipherscan +++ b/cipherscan @@ -22,6 +22,8 @@ fi if [ ! -e "$CACERTS" ]; then echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2 fi +# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers +# (probably a result of a workaround for the bug in Apple implementation of ECDSA) CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA" DEBUG=0 VERBOSE=0 diff --git a/top1m/parse_results.py b/top1m/parse_results.py index 5766c2d..bdcd304 100644 --- a/top1m/parse_results.py +++ b/top1m/parse_results.py @@ -44,6 +44,7 @@ for r,d,flist in os.walk(path): tempdsakeystats = {} tempsigstats = {} tempticketstats = {} + """ supported ciphers by the server under scan """ tempcipherstats = {} ciphertypes = 0 AESGCM = False diff --git a/top1m/testtop1m.sh b/top1m/testtop1m.sh index b2cb0ef..e77c1e1 100755 --- a/top1m/testtop1m.sh +++ b/top1m/testtop1m.sh @@ -2,7 +2,7 @@ parallel=10 max_bg=50 absolute_max_bg=100 -max_load=50 +max_load_avg=50 if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then echo "max user processes too low, use ulimit -u to increase" @@ -14,8 +14,8 @@ function wait_for_jobs() { local no_jobs no_jobs=$(jobs | wc -l) - while [ $no_jobs -gt $1 ] || awk -v maxload=$max_load '{ if ($1 < maxload) exit 1 }' /proc/loadavg; do - if awk -v maxload=$max_load '{ if ($1 > maxload) exit 1 }' /proc/loadavg && [ $no_jobs -lt $absolute_max_bg ]; then + while [ $no_jobs -gt $1 ] || awk -v maxload=$max_load_avg '{ if ($1 < maxload) exit 1 }' /proc/loadavg; do + if awk -v maxload=$max_load_avg '{ if ($1 > maxload) exit 1 }' /proc/loadavg && [ $no_jobs -lt $absolute_max_bg ]; then return fi sleep 1 @@ -48,6 +48,8 @@ function scan_host_no_sni() { } function scan_hostname() { + # check if the hostname isn't an IP address (since we can't put IP + # addresses to SNI extension) if [[ ! -z $(awk -F. '$1>=0 && $1<=255 && $2>=0 && $2<=255 && $3>=0 && $3<=255 && $4>=0 && $4<=255 && NF==4' <<<"$1") ]]; then scan_host_no_sni $1