|
|
|
@ -23,6 +23,7 @@ print_help(){ |
|
|
|
list_vulnerabilites(){ |
|
|
|
list_vulnerabilites(){ |
|
|
|
echo "Beast" |
|
|
|
echo "Beast" |
|
|
|
echo "Sweet32" |
|
|
|
echo "Sweet32" |
|
|
|
|
|
|
|
echo "Lucky13" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
check-beast(){ |
|
|
|
check-beast(){ |
|
|
|
@ -67,6 +68,18 @@ check-sweet32(){ |
|
|
|
rm "$tmpfile" |
|
|
|
rm "$tmpfile" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
check-lucky13(){ |
|
|
|
|
|
|
|
local tmpfile="$(mktemp)" |
|
|
|
|
|
|
|
$openssl ciphers -v | grep -i cbc3 | cut -d' ' -f1 | while read cipher; do |
|
|
|
|
|
|
|
echo "\$ openssl s_client -tls1 -cipher $cipher -connect ${host}:${port}" >> "$tmpfile" |
|
|
|
|
|
|
|
echo "" | $openssl s_client -tls1 -cipher "$cipher" -connect "${host}:${port}" >> "$tmpfile" 2>&1 |
|
|
|
|
|
|
|
if [ "$?" -eq 0 ]; then |
|
|
|
|
|
|
|
cat "$tmpfile" |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
rm "$tmpfile" |
|
|
|
|
|
|
|
done |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
while [ "$#" -gt 0 ]; do |
|
|
|
while [ "$#" -gt 0 ]; do |
|
|
|
case "$1" in |
|
|
|
case "$1" in |
|
|
|
-p|--port) |
|
|
|
-p|--port) |
|
|
|
@ -107,6 +120,9 @@ case "$(echo "$vulnerability" | tr '[:upper:]' '[:lower:]')" in |
|
|
|
sweet32) |
|
|
|
sweet32) |
|
|
|
check-sweet32 |
|
|
|
check-sweet32 |
|
|
|
;; |
|
|
|
;; |
|
|
|
|
|
|
|
lucky13) |
|
|
|
|
|
|
|
check-lucky13 |
|
|
|
|
|
|
|
;; |
|
|
|
*) |
|
|
|
*) |
|
|
|
die "Unknown vulnerability $vulnerability" |
|
|
|
die "Unknown vulnerability $vulnerability" |
|
|
|
;; |
|
|
|
;; |
|
|
|
|
Jonathan Hodgson
3 years ago