From f7c159b568048017d28008ee1ac6b316d0684283 Mon Sep 17 00:00:00 2001
From: Julien Vehent <julien@linuxwall.info>
Date: Mon, 9 Dec 2013 10:16:45 -0500
Subject: [PATCH] Support JSON output with -json

---
 CiphersScan.sh | 105 +++++++++++++++++++++++++++++++++++++------------
 README.md      |   7 ++++
 2 files changed, 86 insertions(+), 26 deletions(-)

diff --git a/CiphersScan.sh b/CiphersScan.sh
index 3cb8a88..5d9e4db 100755
--- a/CiphersScan.sh
+++ b/CiphersScan.sh
@@ -98,7 +98,7 @@ EOF
 # Connect to the target and retrieve the chosen cipher
 # recursively until the connection fails
 get_cipher_pref() {
-    echo -n '.'
+    [ "$OUTPUTFORMAT" == "terminal" ] && echo -n '.'
     local ciphersuite="$1"
     local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -connect $TARGET -cipher $ciphersuite"
     verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'"
@@ -113,6 +113,76 @@ get_cipher_pref() {
     fi
 }
 
+display_results_in_terminal() {
+    # Display the results
+    ctr=1
+    for cipher in "${cipherspref[@]}"; do
+        pciph=$(echo $cipher|awk '{print $1}')
+        if [ $DOBENCHMARK -eq 1 ]; then
+            bench_cipher "$pciph"
+            r="$ctr $cipher $cipherbenchms"
+        else
+            r="$ctr $cipher"
+        fi
+        results=("${results[@]}" "$r")
+        ctr=$((ctr+1))
+    done
+
+    if [ $DOBENCHMARK -eq 1 ]; then
+        header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
+    else
+        header="prio ciphersuite protocols pfs_keysize"
+    fi
+    ctr=0
+    for result in "${results[@]}"; do
+        if [ $ctr -eq 0 ]; then
+            echo $header
+            ctr=$((ctr+1))
+        fi
+        echo $result|grep -v '(NONE)'
+    done|column -t
+}
+
+display_results_in_json() {
+    # Display the results in json
+    # {
+    #    "target": "www.google.com:443",
+    #    "date": "Mon, 09 Dec 2013 09:34:45 -0500",
+    #    "ciphersuite": [
+    #        {
+    #            "cipher": "AES128-SHA",
+    #            "protocols": [
+    #                "tls1",
+    #                "tls1.1",
+    #                "tls1.2"
+    #            ],
+    #            "pfs": "1024bits"
+    #        },
+    #        {
+    #            "cipher": "AES256-SHA",
+    #            "protocols": [
+    #                "tls1",
+    #                "tls1.1",
+    #                "tls1.2"
+    #            ],
+    #            "pfs": "1024bits"
+    #        }
+    #    ]
+    # }
+    ctr=0
+    echo -n "{\"target\":\"$TARGET\",\"date\":\"$(date -R)\",\"ciphersuite\": ["
+    for cipher in "${cipherspref[@]}"; do
+        [ $ctr -gt 0 ] && echo -n ','
+        echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
+        echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
+        pfs=$(echo $cipher|awk '{print $3}')
+        [ "$pfs" == "" ] && pfs="None"
+        echo -n "\"pfs\":\"$pfs\"}"
+        ctr=$((ctr+1))
+    done
+    echo ']}'
+}
+
 
 if [ -z $1 ]; then
     echo "
@@ -126,6 +196,7 @@ fi
 TARGET=$1
 VERBOSE=0
 ALLCIPHERS=0
+OUTPUTFORMAT="terminal"
 if [ ! -z $2 ]; then
     if [ "$2" == "-v" ]; then
         VERBOSE=1
@@ -135,6 +206,9 @@ if [ ! -z $2 ]; then
     if [ "$2" == "-a" ]; then
         ALLCIPHERS=1
     fi
+    if [ "$2" == "-json" ]; then
+        OUTPUTFORMAT="json"
+    fi
 fi
 
 cipherspref=();
@@ -142,34 +216,13 @@ results=()
 
 # Call to the recursive loop that retrieves the cipher preferences
 get_cipher_pref $CIPHERSUITE
-echo
-# Display the results
-ctr=1
-for cipher in "${cipherspref[@]}"; do
-    pciph=$(echo $cipher|awk '{print $1}')
-    if [ $DOBENCHMARK -eq 1 ]; then
-        bench_cipher "$pciph"
-        r="$ctr $cipher $cipherbenchms"
-    else
-        r="$ctr $cipher"
-    fi
-    results=("${results[@]}" "$r")
-    ctr=$((ctr+1))
-done
 
-if [ $DOBENCHMARK -eq 1 ]; then
-    header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
+if [ "$OUTPUTFORMAT" == "json" ]; then
+    display_results_in_json
 else
-    header="prio ciphersuite protocols pfs_keysize"
+    echo
+    display_results_in_terminal
 fi
-ctr=0
-for result in "${results[@]}"; do
-    if [ $ctr -eq 0 ]; then
-        echo $header
-        ctr=$((ctr+1))
-    fi
-    echo $result|grep -v '(NONE)'
-done|column -t
 
 # If asked, test every single cipher individually
 if [ $ALLCIPHERS -gt 0 ]; then
diff --git a/README.md b/README.md
index 666baa3..7451754 100644
--- a/README.md
+++ b/README.md
@@ -12,15 +12,22 @@ Options
 -------
 Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.
 
+You can use one of the options below (only one. yes, I know...)
+
 Use '-v' to get more stuff to read.
 
 Use '-a' to force openssl to test every single cipher it know.
 
+Use '-json' to output the results in json format
+```
+$ ./CiphersScan.sh www.google.com:443 -json
+```
 
 Example
 -------
 
 ```
+$ ./CiphersScan.sh www.google.com:443
 prio  ciphersuite                  protocols                    pfs_keysize
 1     ECDHE-RSA-AES128-GCM-SHA256  SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits
 2     ECDHE-RSA-RC4-SHA            SSLv3,TLSv1,TLSv1.1,TLSv1.2  ECDH,P-256,256bits