Support JSON output with -json

2024-11-22 06:13:42 +01:00 · 2013-12-09 10:16:45 -05:00 · 2013-12-09 10:16:45 -05:00 · f7c159b568
commit f7c159b568
parent 4420db6f9b
2 changed files with 86 additions and 26 deletions
--- a/CiphersScan.sh
+++ b/CiphersScan.sh
@ -98,7 +98,7 @@ EOF
 # Connect to the target and retrieve the chosen cipher
 # recursively until the connection fails
 get_cipher_pref() {
-    echo -n '.'
+    [ "$OUTPUTFORMAT" == "terminal" ] && echo -n '.'
    local ciphersuite="$1"
    local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -connect $TARGET -cipher $ciphersuite"
    verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'"
@ -113,6 +113,76 @@ get_cipher_pref() {
    fi
 }

+display_results_in_terminal() {
+    # Display the results
+    ctr=1
+    for cipher in "${cipherspref[@]}"; do
+        pciph=$(echo $cipher|awk '{print $1}')
+        if [ $DOBENCHMARK -eq 1 ]; then
+            bench_cipher "$pciph"
+            r="$ctr $cipher $cipherbenchms"
+        else
+            r="$ctr $cipher"
+        fi
+        results=("${results[@]}" "$r")
+        ctr=$((ctr+1))
+    done
+
+    if [ $DOBENCHMARK -eq 1 ]; then
+        header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
+    else
+        header="prio ciphersuite protocols pfs_keysize"
+    fi
+    ctr=0
+    for result in "${results[@]}"; do
+        if [ $ctr -eq 0 ]; then
+            echo $header
+            ctr=$((ctr+1))
+        fi
+        echo $result|grep -v '(NONE)'
+    done|column -t
+}
+
+display_results_in_json() {
+    # Display the results in json
+    # {
+    #    "target": "www.google.com:443",
+    #    "date": "Mon, 09 Dec 2013 09:34:45 -0500",
+    #    "ciphersuite": [
+    #        {
+    #            "cipher": "AES128-SHA",
+    #            "protocols": [
+    #                "tls1",
+    #                "tls1.1",
+    #                "tls1.2"
+    #            ],
+    #            "pfs": "1024bits"
+    #        },
+    #        {
+    #            "cipher": "AES256-SHA",
+    #            "protocols": [
+    #                "tls1",
+    #                "tls1.1",
+    #                "tls1.2"
+    #            ],
+    #            "pfs": "1024bits"
+    #        }
+    #    ]
+    # }
+    ctr=0
+    echo -n "{\"target\":\"$TARGET\",\"date\":\"$(date -R)\",\"ciphersuite\": ["
+    for cipher in "${cipherspref[@]}"; do
+        [ $ctr -gt 0 ] && echo -n ','
+        echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
+        echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
+        pfs=$(echo $cipher|awk '{print $3}')
+        [ "$pfs" == "" ] && pfs="None"
+        echo -n "\"pfs\":\"$pfs\"}"
+        ctr=$((ctr+1))
+    done
+    echo ']}'
+}
+

 if [ -z $1 ]; then
    echo "
@ -126,6 +196,7 @@ fi
 TARGET=$1
 VERBOSE=0
 ALLCIPHERS=0
+OUTPUTFORMAT="terminal"
 if [ ! -z $2 ]; then
    if [ "$2" == "-v" ]; then
        VERBOSE=1
@ -135,6 +206,9 @@ if [ ! -z $2 ]; then
    if [ "$2" == "-a" ]; then
        ALLCIPHERS=1
    fi
+    if [ "$2" == "-json" ]; then
+        OUTPUTFORMAT="json"
+    fi
 fi

 cipherspref=();
@ -142,34 +216,13 @@ results=()

 # Call to the recursive loop that retrieves the cipher preferences
 get_cipher_pref $CIPHERSUITE
-echo
-# Display the results
-ctr=1
-for cipher in "${cipherspref[@]}"; do
-    pciph=$(echo $cipher|awk '{print $1}')
-    if [ $DOBENCHMARK -eq 1 ]; then
-        bench_cipher "$pciph"
-        r="$ctr $cipher $cipherbenchms"
-    else
-        r="$ctr $cipher"
-    fi
-    results=("${results[@]}" "$r")
-    ctr=$((ctr+1))
-done

-if [ $DOBENCHMARK -eq 1 ]; then
-    header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
+if [ "$OUTPUTFORMAT" == "json" ]; then
+    display_results_in_json
 else
-    header="prio ciphersuite protocols pfs_keysize"
+    echo
+    display_results_in_terminal
 fi
-ctr=0
-for result in "${results[@]}"; do
-    if [ $ctr -eq 0 ]; then
-        echo $header
-        ctr=$((ctr+1))
-    fi
-    echo $result|grep -v '(NONE)'
-done|column -t

 # If asked, test every single cipher individually
 if [ $ALLCIPHERS -gt 0 ]; then
--- a/README.md
+++ b/README.md
@ -12,15 +12,22 @@ Options
 -------
 Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.

+You can use one of the options below (only one. yes, I know...)
+
 Use '-v' to get more stuff to read.

 Use '-a' to force openssl to test every single cipher it know.

+Use '-json' to output the results in json format
+```
+$ ./CiphersScan.sh www.google.com:443 -json
+```

 Example
 -------

 ```
+$ ./CiphersScan.sh www.google.com:443
 prio  ciphersuite                  protocols                    pfs_keysize
 1     ECDHE-RSA-AES128-GCM-SHA256  SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
 2     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits