cipherscan

mirror of https://github.com/mozilla/cipherscan.git synced 2024-09-13 01:03:18 +02:00

Author	SHA1	Message	Date
Hubert Kario	2b794ebfe0	fix and extend reporting of AES-GCM ciphers AES-GCM ciphers don't have "AES-GCM" substring in the openssl name extend reporting of AES ciphers, split to AES-CBC, AES-GCM and AES in general	2014-04-19 23:14:57 +02:00
Hubert Kario	fd6fcdd359	fix spelling in TLS stats (TLS1_1 vs TLS1.1)	2014-04-19 23:14:57 +02:00
Hubert Kario	faef8d692f	in "no-untrusted mode": filter out ADH and AECDH suites If server negotiates ADH or AECDH suite, openssl returns "ok" in cert checking. Don't mark server as trusted because of that. Don't collect statistics on servers that provide only untrusted connections.	2014-04-19 23:14:47 +02:00
Hubert Kario	45dc1da3f6	add ability to ignore results from untrusted servers	2014-04-19 23:07:01 +02:00
Hubert Kario	ff620f5b26	report number of servers that use ECDSA and RSA certificates Since use of both ECDSA and RSA certificates is easy, it is relatively simple to support both. Report the total number of such servers	2014-04-19 23:07:00 +02:00
Hubert Kario	863441a179	parsing of signature algorithm and key size add parsing of signature algorithm and key size from the individual results, report summary	2014-04-19 23:07:00 +02:00
Hubert Kario	b6b9a1a364	Improve scanning performance and reduce false negatives scan all the machines from top-1m.csv file, wait for completion of all jobs i=1 is an off-by-one-error support top-1m.csv files with arbitrary number of sites run scans for many hosts at a time, but don't run more than specified amount in case where default domain name doesn't resolve or doesn't have port 443 open, retry with www. prefix	2014-04-19 22:56:41 +02:00
Julien Vehent	370348ba1b	Updated README	2014-04-19 12:04:09 -04:00
Julien Vehent	f703ca9c26	Merge pull request #12 from tomato42/certificate-scanning-02 Certificate scanning 02 (alternative version)	2014-04-19 11:46:25 -04:00
Hubert Kario	4e0e03b61e	make default output more narrow If server uses the same certificate for all connections, it's useless to print the same information over and over. In such case, omit those columns and print a summary at the end	2014-04-06 18:01:13 +02:00
Hubert Kario	9931ca2a2d	update README with new examples New features = new examples	2014-04-05 19:40:19 +02:00
Hubert Kario	f04567d40e	check if certificate used by server is trused Use system trust anchors to check if certificate chain used by server is actually valid.	2014-04-05 19:36:51 +02:00
Hubert Kario	946cc6a9ac	Report the signature type used on server certificate Parse the certificate used by server and report the signature used: prio ciphersuite protocols pubkey_size signature_algorithm pfs_keysize 1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 sha1WithRSAEncryption ECDH,P-256,256bits 2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ecdsa-with-SHA512 ECDH,P-256,256bits 3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption 4 AECDH-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 0 None ECDH,P-256,256bits 5 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption 6 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha1WithRSAEncryption RSA,512bits	2014-04-05 19:23:04 +02:00
Hubert Kario	f9fdd62a59	report key size used in server's certificate Extend the report to show also server certificate key size: prio ciphersuite protocols pubkey_size pfs_keysize 1 ECDHE-RSA-AES128-SHA256 TLSv1.2 2048 ECDH,P-256,256bits 2 ECDHE-ECDSA-AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 256 ECDH,P-256,256bits 3 AES128-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 4 RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 5 EXP-RC4-MD5 SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 RSA,512bits	2014-04-05 19:23:04 +02:00
Hubert Kario	32eba4e644	update examples from README since now the scan reports protocols correctly, update the example to illustrate that	2014-04-05 18:47:37 +02:00
Hubert Kario	ac3e5f4d62	Correctly report TLSv1.2 only ciphers as negotiable with TLSv1.2 Previously scan would report: prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits Now it correctly reports: prio ciphersuite protocols pfs_keysize 1 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits 2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits	2014-04-05 18:47:37 +02:00
Julien Vehent	afcc92db02	Merge pull request #5 from mzeltner/master Cleaned up options and documented custom OpenSSL build	2014-04-04 21:26:59 -04:00
Michael Zeltner	05bd24b405	Cleaning up old style, fixing --allciphers	2014-04-04 20:46:40 -04:00
Michael Zeltner	bf48cd2a3c	Documenting how to build OpenSSL with ChaCha20-Poly1305 Also updating README.md with new options by MacLemon	2014-04-01 14:29:55 -04:00
Michael Zeltner	45f0f3305d	Merge branch 'master' of https://github.com/MacLemon/cipherscan	2014-04-01 13:04:08 -04:00
Pepi Zawodsky	49214fc508	Verbose and Debug output go to stderr now. Added simple --delay function.	2014-02-18 02:05:26 +01:00
Michael Zeltner	8480e63ff7	Fixing a typo	2014-02-14 20:44:15 +01:00
Pepi Zawodsky	3282c2c3a5	Improved reference of switches documentation formatting.	2014-02-10 19:46:46 +01:00
Pepi Zawodsky	0282ae9209	Added simple debug function	2014-02-08 18:37:30 +01:00
Pepi Zawodsky	0d93b5d37e	Updated README to reflect the changes in cipherscan.	2014-02-08 17:07:54 +01:00
Pepi Zawodsky	490c86c43e	Changed grep invocation to prevent strange grep versions to balk on -E	2014-02-08 01:14:40 +01:00
Michael Zeltner	26b52d4e17	Make mktemp obsolete We have pipes, we shall use them!	2014-02-07 00:56:31 +01:00
Pepi Zawodsky	57f41d7376	Fixed variable renaming.	2014-02-06 23:32:12 +01:00
Pepi Zawodsky	9e5ce9cca3	Removed neccessity for timeout, thanks to mzeltner. Better parameter parsing with short- and longoptions. Can now pass a path to use any openssl. Now works on OS X.	2014-02-06 23:26:19 +01:00
Julien Vehent	1f92094b3d	Merge pull request #4 from mzeltner/master Support s_client args, give -starttls example. Contributed by mzeltner.	2014-02-02 18:15:27 -08:00
Michael Zeltner	5c07a6e552	Support s_client args, give -starttls example	2014-02-02 15:41:16 +01:00
Julien Vehent	ae5d7ad15c	Merge branch 'master' of github.com:jvehent/cipherscan	2014-01-31 10:24:02 -05:00
Julien Vehent	b3ca13a5ae	Rebuilt openssl to support ChaCha20/Poly1305. Test against google servers.	2014-01-31 10:22:21 -05:00
Julien Vehent	5e8b495a18	added many tests	2014-01-11 01:07:32 +00:00
Julien Vehent	1414973531	basic results parsing script in python	2014-01-10 05:50:03 +00:00
Julien Vehent	f3c8b24b8b	tweaks	2014-01-09 20:16:40 +00:00
Julien Vehent	5df0fe3d52	Merge branch 'master' of github.com:jvehent/cipherscan	2014-01-09 11:53:54 -05:00
Julien Vehent	19d443b8fe	OpenSSL binary location fix	2014-01-09 11:52:43 -05:00
Julien Vehent	e4ea957c8d	Script to scan Alexa's top 1m websites	2014-01-09 11:52:17 -05:00
Julien Vehent	26948cbccf	Merge pull request #3 from simondeziel/clean-temp Cleanup old temp files when a connection failed	2014-01-07 19:04:43 -08:00
Simon Deziel	93ee5e3f33	Cleanup old temp files when a connection failed	2014-01-07 18:32:09 -05:00
Julien Vehent	af7b4ce18c	Rename CiphersScan to cipherscan	2013-12-09 11:01:30 -05:00
Julien Vehent	34a011ab71	Better doc	2013-12-09 10:40:23 -05:00
Julien Vehent	f7c159b568	Support JSON output with -json	2013-12-09 10:16:45 -05:00
Julien Vehent	4420db6f9b	prevent http keep-alive from blocking the scan	2013-11-20 11:51:37 -05:00
Julien Vehent	7c55288a7e	Fix test of all ciphers individually	2013-11-20 10:47:59 -05:00
Julien Vehent	d6556f5620	Progress indicator	2013-11-20 10:47:23 -05:00
Julien Vehent	889a75722d	doc update	2013-11-20 10:33:58 -05:00
Julien Vehent	a0e4f96a7b	Test all versions of SSL and TLS	2013-11-20 10:30:45 -05:00
Julien Vehent	69087f27ac	User larger list of cipher with COMPLEMENTOFALL	2013-11-20 10:30:14 -05:00

1 2 3 4

164 Commits