class SSLScan::Main
Constants
- BANNER
- COPYRIGHT
- EXIT_FAILURE
- EXIT_SUCCESS
- SYNTAX
- WEBSITE
Attributes
options[RW]
Public Class Methods
parse_options(args)
click to toggle source
# File lib/ssl_scan/main.rb, line 190 def self.parse_options(args) options = OpenStruct.new options.file = false options.no_failed = false options.only_ssl2 = false options.only_ssl3 = false options.only_tls1 = false options.only_cert = false opts = OptionParser.new do |opts| opts.banner = sprintf("%s%s", BANNER, version_info) opts.separator "" opts.separator "Usage: #{SYNTAX}" opts.separator "" opts.separator "Options:" # File containing list of hosts to check opts.on( "-t", _("--targets FILE"), _("A file containing a list of hosts to check with syntax ( host | host:port).")) do |filename| options.file = filename end # List only accepted ciphers opts.on( "--no-failed", "List only accepted ciphers.") do options.no_failed = true end opts.on( "--ssl2", "Only check SSLv2 ciphers.") do options.only_ssl2 = :SSLv2 end opts.on( "--ssl3", "Only check SSLv3 ciphers.") do options.only_ssl3 = :SSLv3 end opts.on( "--tls1", "Only check TLSv1 ciphers.") do options.only_tls1 = :TLSv1 end opts.on( "-c", "--cert", "Only get the server certificate") do options.only_cert = true end opts.on( "-d", "--debug", "Print any SSL errors to stderr.") do OpenSSL.debug = true end opts.on_tail( "-h", "--help", "Display the help text you are now reading.") do puts opts exit(EXIT_SUCCESS) end opts.on_tail( "-v", "--version", "Display the program version.") do printf("%s", version_info) exit(EXIT_SUCCESS) end end opts.parse!(args) options.freeze end
version_info()
click to toggle source
# File lib/ssl_scan/main.rb, line 127 def self.version_info _("ssl_scan version %{version}\n%{web}\n%{copy}\n") % { version: VERSION::STRING, web: WEBSITE, copy: COPYRIGHT} end
Public Instance Methods
check_host(host, die_on_fail=true)
click to toggle source
# File lib/ssl_scan/main.rb, line 66 def check_host(host, die_on_fail=true) valid = true port = 443 error_msg = _("Host invalid") begin if !host error_msg = _("Host not given") valid = false else host_parts = host.split(":") host = host_parts.first port = host_parts.last.to_i if host_parts.last != host ::Socket.gethostbyname(host) end rescue ::SocketError => ex error_msg = ex.message valid = false end unless valid printf _("Error: %{error}\n") % { error: error_msg } exit(EXIT_FAILURE) unless !die_on_fail end return valid end
main(argc, argv)
click to toggle source
# File lib/ssl_scan/main.rb, line 92 def main(argc, argv) @options = self.class.parse_options(argv) host = argv.last if options.file file = File.read(options.file) hosts = file.split("\n").map(&:strip).select { |h| h.length > 0 } hosts.each do |h| if check_host(h, false) command = SSLScan::Commands::Host.new(h, options) command.execute if command.errors.empty? show_results(command.results) else show_command_errors(h, command.errors) end end end else check_host(host) command = SSLScan::Commands::Host.new(host, options) command.execute if command.errors.empty? show_results(host, command.results) else show_command_errors(host, command.errors) end end end
Also aliased as: run
show_certificate(cert)
click to toggle source
# File lib/ssl_scan/main.rb, line 145 def show_certificate(cert) printf _("SSL Certificate:\n") printf _(" Version: %{version}\n") % { version: cert.version } printf(" Serial Number: %s\n", cert.serial.to_s(16)) printf(" Signature Algorithm: %s\n", cert.signature_algorithm) printf(" Issuer: %s\n", cert.issuer.to_s) printf(" Not valid before: %s\n", cert.not_before.to_s) printf(" Not valid after: %s\n", cert.not_after.to_s) printf(" Subject: %s\n", cert.subject.to_s) printf(" %s", cert.public_key.to_text) unless cert.extensions.empty? puts _("X509v3 Extensions:") cert.extensions.each do |extension| case extension.oid when 'keyUsage' puts _(" X509v3 Key Usage: critical") if extension.critical? when 'certificatePolicies' puts _(" X509v3 Certificate Policies:") when 'subjectAltName' puts _(" X509v3 Subject Alternative Name:") when 'basicConstraints' puts _(" X509v3 Basic Constraints:") when 'extendedKeyUsage' puts _(" X509v3 Extended Key Usage:") when 'crlDistributionPoints' puts _(" X509v3 CRL Distribution Points:") when 'authorityInfoAccess' puts _(" Authority Information Access:") when 'subjectKeyIdentifier' puts _(" X509v3 Subject Key Identifier:") when 'authorityKeyIdentifier' puts _(" X509v3 Authority Key Identifier:") else puts extension.oid end puts _(" %{value}") % { value: extension.value } end end end
show_command_errors(host, errors)
click to toggle source
# File lib/ssl_scan/main.rb, line 186 def show_command_errors(host, errors) printf("Error[%s]: (%s)\n", host, errors.join(" ")) end
show_results(host, results)
click to toggle source
# File lib/ssl_scan/main.rb, line 131 def show_results(host, results) result_set = results.compact unless result_set.empty? result_set.each do |result| show_certificate(result.cert) # TODO: Implement certificate verification printf _("Verify Certificate:") printf _(" NOT IMPLEMENTED") printf("\n") end end end