2013-02-09 06:03:58 +00:00
|
|
|
require 'rex/socket'
|
2013-02-10 01:06:17 +00:00
|
|
|
require 'rex/sslscan/result'
|
2013-02-07 22:16:41 +00:00
|
|
|
|
|
|
|
|
module Rex::SSLScan
|
2013-02-09 06:03:58 +00:00
|
|
|
|
2013-02-07 22:16:41 +00:00
|
|
|
class Scanner
|
|
|
|
|
|
2013-02-25 21:01:42 +00:00
|
|
|
attr_accessor :context
|
2013-02-09 06:03:58 +00:00
|
|
|
attr_accessor :host
|
|
|
|
|
attr_accessor :port
|
|
|
|
|
attr_accessor :timeout
|
2013-02-09 07:07:56 +00:00
|
|
|
|
|
|
|
|
attr_reader :supported_versions
|
2013-02-09 06:03:58 +00:00
|
|
|
|
2013-02-21 00:47:20 +00:00
|
|
|
# Initializes the scanner object
|
|
|
|
|
# @param host [String] IP address or hostname to scan
|
|
|
|
|
# @param port [Fixnum] Port number to scan, default: 443
|
2013-02-26 19:20:16 +00:00
|
|
|
# @param timeout [Fixnum] Timeout for connections, in seconds. default: 2
|
2013-02-21 00:47:20 +00:00
|
|
|
# @raise [StandardError] Raised when the configuration is invalid
|
2013-02-26 19:20:16 +00:00
|
|
|
def initialize(host,port = 443,context = {},timeout=2)
|
2013-02-09 06:03:58 +00:00
|
|
|
@host = host
|
|
|
|
|
@port = port
|
2013-02-25 21:01:42 +00:00
|
|
|
@timeout = timeout
|
|
|
|
|
@context = context
|
2013-02-09 07:07:56 +00:00
|
|
|
@supported_versions = [:SSLv2, :SSLv3, :TLSv1]
|
|
|
|
|
raise StandardError, "The scanner configuration is invalid" unless valid?
|
2013-02-09 06:03:58 +00:00
|
|
|
end
|
|
|
|
|
|
2013-02-21 00:47:20 +00:00
|
|
|
# Checks whether the scanner option has a valid configuration
|
|
|
|
|
# @return [Boolean] True or False, the configuration is valid.
|
2013-02-09 06:03:58 +00:00
|
|
|
def valid?
|
|
|
|
|
begin
|
|
|
|
|
@host = Rex::Socket.getaddress(@host, true)
|
|
|
|
|
rescue
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
return false unless @port.kind_of? Fixnum
|
|
|
|
|
return false unless @port >= 0 and @port <= 65535
|
|
|
|
|
return false unless @timeout.kind_of? Fixnum
|
|
|
|
|
return true
|
|
|
|
|
end
|
|
|
|
|
|
2013-02-21 00:47:20 +00:00
|
|
|
# Initiate the Scan against the target. Will test each cipher one at a time.
|
|
|
|
|
# @return [Result] object containing the details of the scan
|
2013-02-09 06:03:58 +00:00
|
|
|
def scan
|
|
|
|
|
scan_result = Rex::SSLScan::Result.new
|
2013-02-10 01:06:17 +00:00
|
|
|
@supported_versions.each do |ssl_version|
|
|
|
|
|
sslctx = OpenSSL::SSL::SSLContext.new(ssl_version)
|
|
|
|
|
sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length|
|
|
|
|
|
status = test_cipher(ssl_version, cipher_name)
|
|
|
|
|
scan_result.add_cipher(ssl_version, cipher_name, key_length, status)
|
|
|
|
|
if status == :accepted and scan_result.cert.nil?
|
|
|
|
|
scan_result.cert = get_cert(ssl_version, cipher_name)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
scan_result
|
2013-02-09 07:07:56 +00:00
|
|
|
end
|
2013-02-09 06:03:58 +00:00
|
|
|
|
2013-02-21 00:47:20 +00:00
|
|
|
# Tests the specified SSL Version and Cipher against the configured target
|
|
|
|
|
# @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1)
|
|
|
|
|
# @param cipher [String] The SSL Cipher to use
|
|
|
|
|
# @return [Symbol] Either :accepted or :rejected
|
2013-02-09 07:07:56 +00:00
|
|
|
def test_cipher(ssl_version, cipher)
|
|
|
|
|
validate_params(ssl_version,cipher)
|
|
|
|
|
begin
|
|
|
|
|
scan_client = Rex::Socket::Tcp.create(
|
2013-02-25 21:01:42 +00:00
|
|
|
'Context' => @context,
|
2013-02-20 21:33:24 +00:00
|
|
|
'PeerHost' => @host,
|
|
|
|
|
'PeerPort' => @port,
|
|
|
|
|
'SSL' => true,
|
|
|
|
|
'SSLVersion' => ssl_version,
|
|
|
|
|
'SSLCipher' => cipher,
|
|
|
|
|
'Timeout' => @timeout
|
2013-02-09 07:07:56 +00:00
|
|
|
)
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
return :rejected
|
|
|
|
|
end
|
|
|
|
|
return :accepted
|
2013-02-09 06:03:58 +00:00
|
|
|
end
|
|
|
|
|
|
2013-02-21 00:47:20 +00:00
|
|
|
# Retrieve the X509 Cert from the target service,
|
|
|
|
|
# @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1)
|
|
|
|
|
# @param cipher [String] The SSL Cipher to use
|
|
|
|
|
# @return [OpenSSL::X509::Certificate] if the certificate was retrieved
|
|
|
|
|
# @return [Nil] if the cert couldn't be retrieved
|
2013-02-10 01:06:17 +00:00
|
|
|
def get_cert(ssl_version, cipher)
|
|
|
|
|
validate_params(ssl_version,cipher)
|
|
|
|
|
begin
|
|
|
|
|
scan_client = Rex::Socket::Tcp.create(
|
2013-02-20 21:33:24 +00:00
|
|
|
'PeerHost' => @host,
|
|
|
|
|
'PeerPort' => @port,
|
|
|
|
|
'SSL' => true,
|
|
|
|
|
'SSLVersion' => ssl_version,
|
|
|
|
|
'SSLCipher' => cipher,
|
|
|
|
|
'Timeout' => @timeout
|
2013-02-10 01:06:17 +00:00
|
|
|
)
|
|
|
|
|
cert = scan_client.peer_cert
|
|
|
|
|
if cert.kind_of? OpenSSL::X509::Certificate
|
|
|
|
|
return cert
|
|
|
|
|
else
|
|
|
|
|
return nil
|
|
|
|
|
end
|
|
|
|
|
rescue ::Exception => e
|
|
|
|
|
return nil
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2013-02-09 06:03:58 +00:00
|
|
|
|
2013-02-09 07:07:56 +00:00
|
|
|
protected
|
|
|
|
|
|
2013-02-21 00:47:20 +00:00
|
|
|
# Validates that the SSL Version and Cipher are valid both seperately and
|
|
|
|
|
# together as part of an SSL Context.
|
|
|
|
|
# @param ssl_version [Symbol] The SSL version to use (:SSLv2, :SSLv3, :TLSv1)
|
|
|
|
|
# @param cipher [String] The SSL Cipher to use
|
|
|
|
|
# @raise [StandardError] If an invalid or unsupported SSL Version was supplied
|
|
|
|
|
# @raise [StandardError] If the cipher is not valid for that version of SSL
|
2013-02-09 07:07:56 +00:00
|
|
|
def validate_params(ssl_version, cipher)
|
|
|
|
|
raise StandardError, "The scanner configuration is invalid" unless valid?
|
|
|
|
|
unless @supported_versions.include? ssl_version
|
|
|
|
|
raise StandardError, "SSL Version must be one of: #{@supported_versions.to_s}"
|
|
|
|
|
end
|
|
|
|
|
unless OpenSSL::SSL::SSLContext.new(ssl_version).ciphers.flatten.include? cipher
|
2013-02-21 00:47:20 +00:00
|
|
|
raise StandardError, "Must be a valid SSL Cipher for #{version}!"
|
2013-02-09 07:07:56 +00:00
|
|
|
end
|
2013-02-09 06:03:58 +00:00
|
|
|
end
|
|
|
|
|
|
2013-02-07 22:16:41 +00:00
|
|
|
end
|
|
|
|
|
end
|
