From f7c159b568048017d28008ee1ac6b316d0684283 Mon Sep 17 00:00:00 2001 From: Julien Vehent Date: Mon, 9 Dec 2013 10:16:45 -0500 Subject: [PATCH] Support JSON output with -json --- CiphersScan.sh | 105 +++++++++++++++++++++++++++++++++++++------------ README.md | 7 ++++ 2 files changed, 86 insertions(+), 26 deletions(-) diff --git a/CiphersScan.sh b/CiphersScan.sh index 3cb8a88..5d9e4db 100755 --- a/CiphersScan.sh +++ b/CiphersScan.sh @@ -98,7 +98,7 @@ EOF # Connect to the target and retrieve the chosen cipher # recursively until the connection fails get_cipher_pref() { - echo -n '.' + [ "$OUTPUTFORMAT" == "terminal" ] && echo -n '.' local ciphersuite="$1" local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -connect $TARGET -cipher $ciphersuite" verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'" @@ -113,6 +113,76 @@ get_cipher_pref() { fi } +display_results_in_terminal() { + # Display the results + ctr=1 + for cipher in "${cipherspref[@]}"; do + pciph=$(echo $cipher|awk '{print $1}') + if [ $DOBENCHMARK -eq 1 ]; then + bench_cipher "$pciph" + r="$ctr $cipher $cipherbenchms" + else + r="$ctr $cipher" + fi + results=("${results[@]}" "$r") + ctr=$((ctr+1)) + done + + if [ $DOBENCHMARK -eq 1 ]; then + header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec" + else + header="prio ciphersuite protocols pfs_keysize" + fi + ctr=0 + for result in "${results[@]}"; do + if [ $ctr -eq 0 ]; then + echo $header + ctr=$((ctr+1)) + fi + echo $result|grep -v '(NONE)' + done|column -t +} + +display_results_in_json() { + # Display the results in json + # { + # "target": "www.google.com:443", + # "date": "Mon, 09 Dec 2013 09:34:45 -0500", + # "ciphersuite": [ + # { + # "cipher": "AES128-SHA", + # "protocols": [ + # "tls1", + # "tls1.1", + # "tls1.2" + # ], + # "pfs": "1024bits" + # }, + # { + # "cipher": "AES256-SHA", + # "protocols": [ + # "tls1", + # "tls1.1", + # "tls1.2" + # ], + # "pfs": "1024bits" + # } + # ] + # } + ctr=0 + echo -n "{\"target\":\"$TARGET\",\"date\":\"$(date -R)\",\"ciphersuite\": [" + for cipher in "${cipherspref[@]}"; do + [ $ctr -gt 0 ] && echo -n ',' + echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\"," + echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"]," + pfs=$(echo $cipher|awk '{print $3}') + [ "$pfs" == "" ] && pfs="None" + echo -n "\"pfs\":\"$pfs\"}" + ctr=$((ctr+1)) + done + echo ']}' +} + if [ -z $1 ]; then echo " @@ -126,6 +196,7 @@ fi TARGET=$1 VERBOSE=0 ALLCIPHERS=0 +OUTPUTFORMAT="terminal" if [ ! -z $2 ]; then if [ "$2" == "-v" ]; then VERBOSE=1 @@ -135,6 +206,9 @@ if [ ! -z $2 ]; then if [ "$2" == "-a" ]; then ALLCIPHERS=1 fi + if [ "$2" == "-json" ]; then + OUTPUTFORMAT="json" + fi fi cipherspref=(); @@ -142,34 +216,13 @@ results=() # Call to the recursive loop that retrieves the cipher preferences get_cipher_pref $CIPHERSUITE -echo -# Display the results -ctr=1 -for cipher in "${cipherspref[@]}"; do - pciph=$(echo $cipher|awk '{print $1}') - if [ $DOBENCHMARK -eq 1 ]; then - bench_cipher "$pciph" - r="$ctr $cipher $cipherbenchms" - else - r="$ctr $cipher" - fi - results=("${results[@]}" "$r") - ctr=$((ctr+1)) -done -if [ $DOBENCHMARK -eq 1 ]; then - header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec" +if [ "$OUTPUTFORMAT" == "json" ]; then + display_results_in_json else - header="prio ciphersuite protocols pfs_keysize" + echo + display_results_in_terminal fi -ctr=0 -for result in "${results[@]}"; do - if [ $ctr -eq 0 ]; then - echo $header - ctr=$((ctr+1)) - fi - echo $result|grep -v '(NONE)' -done|column -t # If asked, test every single cipher individually if [ $ALLCIPHERS -gt 0 ]; then diff --git a/README.md b/README.md index 666baa3..7451754 100644 --- a/README.md +++ b/README.md @@ -12,15 +12,22 @@ Options ------- Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script. +You can use one of the options below (only one. yes, I know...) + Use '-v' to get more stuff to read. Use '-a' to force openssl to test every single cipher it know. +Use '-json' to output the results in json format +``` +$ ./CiphersScan.sh www.google.com:443 -json +``` Example ------- ``` +$ ./CiphersScan.sh www.google.com:443 prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits