deac
/
cipherscan
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support JSON output with -json

master
Julien Vehent 2013-12-09 10:16:45 -05:00
parent 4420db6f9b
commit f7c159b568
2 changed files with 86 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
CiphersScan.sh
View File

@ -98,7 +98,7 @@ EOF
# Connect to the target and retrieve the chosen cipher
# recursively until the connection fails
get_cipher_pref() {
echo -n '.'
[ "$OUTPUTFORMAT" == "terminal" ] && echo -n '.'
local ciphersuite="$1"
local sslcommand="timeout $TIMEOUT $OPENSSLBIN s_client -connect $TARGET -cipher $ciphersuite"
verbose "Connecting to '$TARGET' with ciphersuite '$ciphersuite'"
@ -113,6 +113,76 @@ get_cipher_pref() {
fi
}
display_results_in_terminal() {
# Display the results
ctr=1
for cipher in "${cipherspref[@]}"; do
pciph=$(echo $cipher|awk '{print $1}')
if [ $DOBENCHMARK -eq 1 ]; then
bench_cipher "$pciph"
r="$ctr $cipher $cipherbenchms"
else
r="$ctr $cipher"
fi
results=("${results[@]}" "$r")
ctr=$((ctr+1))
done
if [ $DOBENCHMARK -eq 1 ]; then
header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
else
header="prio ciphersuite protocols pfs_keysize"
fi
ctr=0
for result in "${results[@]}"; do
if [ $ctr -eq 0 ]; then
echo $header
ctr=$((ctr+1))
fi
echo $result|grep -v '(NONE)'
done|column -t
}
display_results_in_json() {
# Display the results in json
# {
# "target": "www.google.com:443",
# "date": "Mon, 09 Dec 2013 09:34:45 -0500",
# "ciphersuite": [
# {
# "cipher": "AES128-SHA",
# "protocols": [
# "tls1",
# "tls1.1",
# "tls1.2"
# ],
# "pfs": "1024bits"
# },
# {
# "cipher": "AES256-SHA",
# "protocols": [
# "tls1",
# "tls1.1",
# "tls1.2"
# ],
# "pfs": "1024bits"
# }
# ]
# }
ctr=0
echo -n "{\"target\":\"$TARGET\",\"date\":\"$(date -R)\",\"ciphersuite\": ["
for cipher in "${cipherspref[@]}"; do
[ $ctr -gt 0 ] && echo -n ','
echo -n "{\"cipher\":\"$(echo $cipher|awk '{print $1}')\","
echo -n "\"protocols\":[\"$(echo $cipher|awk '{print $2}'|sed 's/,/","/g')\"],"
pfs=$(echo $cipher|awk '{print $3}')
[ "$pfs" == "" ] && pfs="None"
echo -n "\"pfs\":\"$pfs\"}"
ctr=$((ctr+1))
done
echo ']}'
}
if [ -z $1 ]; then
echo "
@ -126,6 +196,7 @@ fi
TARGET=$1
VERBOSE=0
ALLCIPHERS=0
OUTPUTFORMAT="terminal"
if [ ! -z $2 ]; then
if [ "$2" == "-v" ]; then
VERBOSE=1
@ -135,6 +206,9 @@ if [ ! -z $2 ]; then
if [ "$2" == "-a" ]; then
ALLCIPHERS=1
fi
if [ "$2" == "-json" ]; then
OUTPUTFORMAT="json"
fi
fi
cipherspref=();
@ -142,34 +216,13 @@ results=()
# Call to the recursive loop that retrieves the cipher preferences
get_cipher_pref $CIPHERSUITE
echo
# Display the results
ctr=1
for cipher in "${cipherspref[@]}"; do
pciph=$(echo $cipher|awk '{print $1}')
if [ $DOBENCHMARK -eq 1 ]; then
bench_cipher "$pciph"
r="$ctr $cipher $cipherbenchms"
else
r="$ctr $cipher"
fi
results=("${results[@]}" "$r")
ctr=$((ctr+1))
done
if [ $DOBENCHMARK -eq 1 ]; then
header="prio ciphersuite protocols pfs_keysize avg_handshake_microsec"
if [ "$OUTPUTFORMAT" == "json" ]; then
display_results_in_json
else
header="prio ciphersuite protocols pfs_keysize"
echo
display_results_in_terminal
fi
ctr=0
for result in "${results[@]}"; do
if [ $ctr -eq 0 ]; then
echo $header
ctr=$((ctr+1))
fi
echo $result|grep -v '(NONE)'
done|column -t
# If asked, test every single cipher individually
if [ $ALLCIPHERS -gt 0 ]; then

7
README.md
View File

@ -12,15 +12,22 @@ Options
-------
Enable benchmarking by setting DOBENCHMARK to 1 at the top of the script.
You can use one of the options below (only one. yes, I know...)
Use '-v' to get more stuff to read.
Use '-a' to force openssl to test every single cipher it know.
Use '-json' to output the results in json format
```
$ ./CiphersScan.sh www.google.com:443 -json
```
Example
-------
```
$ ./CiphersScan.sh www.google.com:443
prio ciphersuite protocols pfs_keysize
1 ECDHE-RSA-AES128-GCM-SHA256 SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits
2 ECDHE-RSA-RC4-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits