2
0
mirror of https://github.com/mozilla/cipherscan.git synced 2024-11-22 14:23:41 +01:00

Support JSON output with -json

This commit is contained in:
Julien Vehent 2013-12-09 10:16:45 -05:00
parent 4420db6f9b
commit f7c159b568
2 changed files with 86 additions and 26 deletions

View File

@ -98,7 +98,7 @@ EOF
# Connect to the target and retrieve the chosen cipher # Connect to the target and retrieve the chosen cipher
# recursively until the connection fails # recursively until the connection fails
get_cipher_pref() { get_cipher_pref() {
echo -n '.' [ "$OUTPUTFORMAT" == "terminal" ] && echo -n '.'
local ciphersuite="$1" local ciphersuite="$1"
local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -connect $TARGET -cipher $ciphersuite" local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -connect $TARGET -cipher $ciphersuite"
verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'" verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'"
@ -113,36 +113,7 @@ get_cipher_pref() {
fi fi
} }
display_results_in_terminal() {
if [ -z $1 ]; then
echo "
usage: $0 <target:port> <-v>
$0 attempts to connect to a target site using all the ciphersuites it knowns.
jvehent - ulfr - 2013
"
exit 1
fi
TARGET=$1
VERBOSE=0
ALLCIPHERS=0
if [ ! -z $2 ]; then
if [ "$2" == "-v" ]; then
VERBOSE=1
echo "Loading $($OPENSSLBIN ciphers -v $CIPHERSUITE 2>/dev/null|grep Kx|wc -l) ciphersuites from $(echo -n $($OPENSSLBIN version 2>/dev/null))"
$OPENSSLBIN ciphers ALL 2>/dev/null
fi
if [ "$2" == "-a" ]; then
ALLCIPHERS=1
fi
fi
cipherspref=();
results=()
# Call to the recursive loop that retrieves the cipher preferences
get_cipher_pref $CIPHERSUITE
echo
# Display the results # Display the results
ctr=1 ctr=1
for cipher in "${cipherspref[@]}"; do for cipher in "${cipherspref[@]}"; do
@ -170,6 +141,88 @@ for result in "${results[@]}"; do
fi fi
echo $result|grep -v '(NONE)' echo $result|grep -v '(NONE)'
done|column -t done|column -t
}
display_results_in_json() {
# Display the results in json
# {
# "target": "www.google.com:443",
# "date": "Mon, 09 Dec 2013 09:34:45 -0500",
# "ciphersuite": [
# {
# "cipher": "AES128-SHA",
# "protocols": [
# "tls1",
# "tls1.1",
# "tls1.2"
# ],
# "pfs": "1024bits"
# },
# {
# "cipher": "AES256-SHA",
# "protocols": [
# "tls1",
# "tls1.1",
# "tls1.2"
# ],
# "pfs": "1024bits"
# }
# ]
# }
ctr=0
echo -n "{\"target\":\"$TARGET\",\"date\":\"$(date -R)\",\"ciphersuite\": ["
for cipher in "${cipherspref[@]}"; do
[ $ctr -gt 0 ] && echo -n ','
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
pfs=$(echo $cipher|awk '{print $3}')
[ "$pfs" == "" ] && pfs="None"
echo -n "\"pfs\":\"$pfs\"}"
ctr=$((ctr+1))
done
echo ']}'
}
if [ -z $1 ]; then
echo "
usage: $0 <target:port> <-v>
$0 attempts to connect to a target site using all the ciphersuites it knowns.
jvehent - ulfr - 2013
"
exit 1
fi
TARGET=$1
VERBOSE=0
ALLCIPHERS=0
OUTPUTFORMAT="terminal"
if [ ! -z $2 ]; then
if [ "$2" == "-v" ]; then
VERBOSE=1
echo "Loading $($OPENSSLBIN ciphers -v $CIPHERSUITE 2>/dev/null|grep Kx|wc -l) ciphersuites from $(echo -n $($OPENSSLBIN version 2>/dev/null))"
$OPENSSLBIN ciphers ALL 2>/dev/null
fi
if [ "$2" == "-a" ]; then
ALLCIPHERS=1
fi
if [ "$2" == "-json" ]; then
OUTPUTFORMAT="json"
fi
fi
cipherspref=();
results=()
# Call to the recursive loop that retrieves the cipher preferences
get_cipher_pref $CIPHERSUITE
if [ "$OUTPUTFORMAT" == "json" ]; then
display_results_in_json
else
echo
display_results_in_terminal
fi
# If asked, test every single cipher individually # If asked, test every single cipher individually
if [ $ALLCIPHERS -gt 0 ]; then if [ $ALLCIPHERS -gt 0 ]; then

View File

@ -12,15 +12,22 @@ Options
------- -------
Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script. Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.
You can use one of the options below (only one. yes, I know...)
Use '-v' to get more stuff to read. Use '-v' to get more stuff to read.
Use '-a' to force openssl to test every single cipher it know. Use '-a' to force openssl to test every single cipher it know.
Use '-json' to output the results in json format
```
$ ./CiphersScan.sh www.google.com:443 -json
```
Example Example
------- -------
``` ```
$ ./CiphersScan.sh www.google.com:443
prio ciphersuite protocols pfs_keysize prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits