Hubert Kario
7a92186122
Improve scanning performance and reduce false negatives
...
scan all the machines from top-1m.csv file, wait for completion
of all jobs
i=1 is an off-by-one-error
support top-1m.csv files with arbitrary number of sites
run scans for many hosts at a time, but don't run more than
specified amount
in case where default domain name doesn't resolve or doesn't have
port 443 open, retry with www. prefix
2014-04-05 19:43:49 +02:00
Hubert Kario
9931ca2a2d
update README with new examples
...
New features = new examples
2014-04-05 19:40:19 +02:00
Hubert Kario
f04567d40e
check if certificate used by server is trused
...
Use system trust anchors to check if certificate chain used by server
is actually valid.
2014-04-05 19:36:51 +02:00
Hubert Kario
946cc6a9ac
Report the signature type used on server certificate
...
Parse the certificate used by server and report the signature used:
prio ciphersuite protocols pubkey_size signature_algorithm pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ecdsa-with-SHA512 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
4 AECDH-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None ECDH,P-256,256bits
5 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption
6 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption RSA,512bits
2014-04-05 19:23:04 +02:00
Hubert Kario
f9fdd62a59
report key size used in server's certificate
...
Extend the report to show also server certificate key size:
prio ciphersuite protocols pubkey_size pfs_keysize
1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 ECDH,P-256,256bits
2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ECDH,P-256,256bits
3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
4 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048
5 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 RSA,512bits
2014-04-05 19:23:04 +02:00
Hubert Kario
32eba4e644
update examples from README
...
since now the scan reports protocols correctly, update the example
to illustrate that
2014-04-05 18:47:37 +02:00
Hubert Kario
ac3e5f4d62
Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2
...
Previously scan would report:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
Now it correctly reports:
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2014-04-05 18:47:37 +02:00
Julien Vehent
afcc92db02
Merge pull request #5 from mzeltner/master
...
Cleaned up options and documented custom OpenSSL build
2014-04-04 21:26:59 -04:00
Michael Zeltner
05bd24b405
Cleaning up old style, fixing --allciphers
2014-04-04 20:46:40 -04:00
Michael Zeltner
bf48cd2a3c
Documenting how to build OpenSSL with ChaCha20-Poly1305
...
Also updating README.md with new options by MacLemon
2014-04-01 14:29:55 -04:00
Michael Zeltner
45f0f3305d
Merge branch 'master' of https://github.com/MacLemon/cipherscan
2014-04-01 13:04:08 -04:00
Pepi Zawodsky
49214fc508
Verbose and Debug output go to stderr now. Added simple --delay function.
2014-02-18 02:05:26 +01:00
Michael Zeltner
8480e63ff7
Fixing a typo
2014-02-14 20:44:15 +01:00
Pepi Zawodsky
3282c2c3a5
Improved reference of switches documentation formatting.
2014-02-10 19:46:46 +01:00
Pepi Zawodsky
0282ae9209
Added simple debug function
2014-02-08 18:37:30 +01:00
Pepi Zawodsky
0d93b5d37e
Updated README to reflect the changes in cipherscan.
2014-02-08 17:07:54 +01:00
Pepi Zawodsky
490c86c43e
Changed grep invocation to prevent strange grep versions to balk on -E
2014-02-08 01:14:40 +01:00
Michael Zeltner
26b52d4e17
Make mktemp obsolete
...
We have pipes, we shall use them!
2014-02-07 00:56:31 +01:00
Pepi Zawodsky
57f41d7376
Fixed variable renaming.
2014-02-06 23:32:12 +01:00
Pepi Zawodsky
9e5ce9cca3
Removed neccessity for timeout, thanks to mzeltner. Better parameter parsing with short- and longoptions. Can now pass a path to use any openssl. Now works on OS X.
2014-02-06 23:26:19 +01:00
Julien Vehent
1f92094b3d
Merge pull request #4 from mzeltner/master
...
Support s_client args, give -starttls example. Contributed by mzeltner.
2014-02-02 18:15:27 -08:00
Michael Zeltner
5c07a6e552
Support s_client args, give -starttls example
2014-02-02 15:41:16 +01:00
Julien Vehent
ae5d7ad15c
Merge branch 'master' of github.com:jvehent/cipherscan
2014-01-31 10:24:02 -05:00
Julien Vehent
b3ca13a5ae
Rebuilt openssl to support ChaCha20/Poly1305. Test against google servers.
2014-01-31 10:22:21 -05:00
Julien Vehent
5e8b495a18
added many tests
2014-01-11 01:07:32 +00:00
Julien Vehent
1414973531
basic results parsing script in python
2014-01-10 05:50:03 +00:00
Julien Vehent
f3c8b24b8b
tweaks
2014-01-09 20:16:40 +00:00
Julien Vehent
5df0fe3d52
Merge branch 'master' of github.com:jvehent/cipherscan
2014-01-09 11:53:54 -05:00
Julien Vehent
19d443b8fe
OpenSSL binary location fix
2014-01-09 11:52:43 -05:00
Julien Vehent
e4ea957c8d
Script to scan Alexa's top 1m websites
2014-01-09 11:52:17 -05:00
Julien Vehent
26948cbccf
Merge pull request #3 from simondeziel/clean-temp
...
Cleanup old temp files when a connection failed
2014-01-07 19:04:43 -08:00
Simon Deziel
93ee5e3f33
Cleanup old temp files when a connection failed
2014-01-07 18:32:09 -05:00
Julien Vehent
af7b4ce18c
Rename CiphersScan to cipherscan
2013-12-09 11:01:30 -05:00
Julien Vehent
34a011ab71
Better doc
2013-12-09 10:40:23 -05:00
Julien Vehent
f7c159b568
Support JSON output with -json
2013-12-09 10:16:45 -05:00
Julien Vehent
4420db6f9b
prevent http keep-alive from blocking the scan
2013-11-20 11:51:37 -05:00
Julien Vehent
7c55288a7e
Fix test of all ciphers individually
2013-11-20 10:47:59 -05:00
Julien Vehent
d6556f5620
Progress indicator
2013-11-20 10:47:23 -05:00
Julien Vehent
889a75722d
doc update
2013-11-20 10:33:58 -05:00
Julien Vehent
a0e4f96a7b
Test all versions of SSL and TLS
2013-11-20 10:30:45 -05:00
Julien Vehent
69087f27ac
User larger list of cipher with COMPLEMENTOFALL
2013-11-20 10:30:14 -05:00
Julien Vehent
eaa586a1fa
add comment for system openssl
2013-11-20 09:30:52 -05:00
Julien Vehent
d794fa75ee
Added OpenSSL License
2013-11-05 15:53:55 -05:00
Julien Vehent
ee3200ebe5
remove last entry NONE
2013-11-05 15:51:00 -05:00
Julien Vehent
5a483775d7
Updated README
2013-09-26 09:33:22 +02:00
Julien Vehent
627701ec63
Add PFS key size to results
2013-09-24 17:02:31 +02:00
Julien Vehent
4a51ef71d6
Added protocol
2013-08-07 10:40:03 -04:00
Julien Vehent
d2b82ed871
Added option to scan all known ciphers "-a"
2013-08-03 22:07:13 -04:00
Julien Vehent
f5ff56344a
Use local openssl & return microseconds for benchmark
2013-07-19 09:45:06 -04:00
Julien Vehent
a651af9857
Updated README
2013-07-18 21:01:44 -04:00