mirror of
https://github.com/mozilla/cipherscan.git
synced 2024-11-22 14:23:41 +01:00
fixes for the pull request #18
there were few small issues with the pull #18 even though jvehent merged it, this fixes them
This commit is contained in:
parent
29109f1e64
commit
ca0ef2fc5c
@ -22,6 +22,8 @@ fi
|
|||||||
if [ ! -e "$CACERTS" ]; then
|
if [ ! -e "$CACERTS" ]; then
|
||||||
echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
|
echo "Warning: CA Certificates not found at $CACERTS, export CACERTS variable with location of your trust anchors" 1>&2
|
||||||
fi
|
fi
|
||||||
|
# RSA ciphers are put at the end to force Google servers to accept ECDSA ciphers
|
||||||
|
# (probably a result of a workaround for the bug in Apple implementation of ECDSA)
|
||||||
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"
|
CIPHERSUITE="ALL:COMPLEMENTOFALL:+aRSA"
|
||||||
DEBUG=0
|
DEBUG=0
|
||||||
VERBOSE=0
|
VERBOSE=0
|
||||||
|
@ -44,6 +44,7 @@ for r,d,flist in os.walk(path):
|
|||||||
tempdsakeystats = {}
|
tempdsakeystats = {}
|
||||||
tempsigstats = {}
|
tempsigstats = {}
|
||||||
tempticketstats = {}
|
tempticketstats = {}
|
||||||
|
""" supported ciphers by the server under scan """
|
||||||
tempcipherstats = {}
|
tempcipherstats = {}
|
||||||
ciphertypes = 0
|
ciphertypes = 0
|
||||||
AESGCM = False
|
AESGCM = False
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
parallel=10
|
parallel=10
|
||||||
max_bg=50
|
max_bg=50
|
||||||
absolute_max_bg=100
|
absolute_max_bg=100
|
||||||
max_load=50
|
max_load_avg=50
|
||||||
|
|
||||||
if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then
|
if [ $(ulimit -u) -lt $((10*absolute_max_bg)) ]; then
|
||||||
echo "max user processes too low, use ulimit -u to increase"
|
echo "max user processes too low, use ulimit -u to increase"
|
||||||
@ -14,8 +14,8 @@ function wait_for_jobs() {
|
|||||||
local no_jobs
|
local no_jobs
|
||||||
no_jobs=$(jobs | wc -l)
|
no_jobs=$(jobs | wc -l)
|
||||||
|
|
||||||
while [ $no_jobs -gt $1 ] || awk -v maxload=$max_load '{ if ($1 < maxload) exit 1 }' /proc/loadavg; do
|
while [ $no_jobs -gt $1 ] || awk -v maxload=$max_load_avg '{ if ($1 < maxload) exit 1 }' /proc/loadavg; do
|
||||||
if awk -v maxload=$max_load '{ if ($1 > maxload) exit 1 }' /proc/loadavg && [ $no_jobs -lt $absolute_max_bg ]; then
|
if awk -v maxload=$max_load_avg '{ if ($1 > maxload) exit 1 }' /proc/loadavg && [ $no_jobs -lt $absolute_max_bg ]; then
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
sleep 1
|
sleep 1
|
||||||
@ -48,6 +48,8 @@ function scan_host_no_sni() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function scan_hostname() {
|
function scan_hostname() {
|
||||||
|
# check if the hostname isn't an IP address (since we can't put IP
|
||||||
|
# addresses to SNI extension)
|
||||||
if [[ ! -z $(awk -F. '$1>=0 && $1<=255 && $2>=0 && $2<=255 &&
|
if [[ ! -z $(awk -F. '$1>=0 && $1<=255 && $2>=0 && $2<=255 &&
|
||||||
$3>=0 && $3<=255 && $4>=0 && $4<=255 && NF==4' <<<"$1") ]]; then
|
$3>=0 && $3<=255 && $4>=0 && $4<=255 && NF==4' <<<"$1") ]]; then
|
||||||
scan_host_no_sni $1
|
scan_host_no_sni $1
|
||||||
|
Loading…
Reference in New Issue
Block a user