infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added new SSL Labs API fields and fixed minor errors

bug/bundler_fix
Denis Kolegov 2015-06-16 02:59:12 -04:00
parent 5ac97d1362
commit 2778274e47
1 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
modules/auxiliary/gather/ssllabs_scan.rb
View File

@ -180,9 +180,12 @@ class Metasploit3 < Msf::Auxiliary
:crlURIs,
:ocspURIs,
:revocationStatus,
:crlRevocationStatus,
:ocspRevocationStatus,
:sgc?,
:validationType,
:issues
:issues,
:sct?,
def valid?
issues == 0
@ -196,10 +199,19 @@ class Metasploit3 < Msf::Auxiliary
class ChainCert < ApiObject
has_fields :subject,
:label,
:notBefore,
:notAfter,
:issuerSubject,
:issuerLabel,
:sigAlg,
:issues,
:raw
:keyAlg,
:keySize,
:keyStrength,
:revocationStatus,
:crlRevocationStatus,
:ocspRevocationStatus,
:raw,
def valid?
issues == 0
@ -354,6 +366,8 @@ class Metasploit3 < Msf::Auxiliary
:npnProtocols,
:sessionTickets,
:ocspStapling?,
:staplingRevocationStatus,
:staplingRevocationErrorMessage,
:sniRequired?,
:httpStatusCode,
:httpForwarding,
@ -364,8 +378,11 @@ class Metasploit3 < Msf::Auxiliary
has_fields :heartbleed?,
:heartbeat?,
:openSslCcs,
:poodle?,
:poodleTls,
:fallbackScsv?
:fallbackScsv?,
:freak?,
:hasSct
end
class Endpoint < ApiObject
@ -375,6 +392,7 @@ class Metasploit3 < Msf::Auxiliary
:statusDetails,
:statusDetailsMessage,
:grade,
:gradeTrustIgnored,
:hasWarnings?,
:isExceptional?,
:progress,
@ -408,7 +426,7 @@ class Metasploit3 < Msf::Auxiliary
SSL/TLS assessment during a penetration test.
},
'License' => MSF_LICENSE,
'Author' =>
'Author' =>
[
'Denis Kolegov <dnkolegov[at]gmail.com>',
'Francois Chagnon' # ssllab.rb author (https://github.com/Shopify/ssllabs.rb)
@ -472,6 +490,8 @@ class Metasploit3 < Msf::Auxiliary
report_bad "Overall rating: #{r.grade} - Server's certificate is not trusted"
end
report_warning "Grade is #{r.grade_trust_ignored}, if trust issues are ignored)" if r.grade.to_s != r.grade_trust_ignored.to_s
# Supported protocols
r.details.protocols.each do |i|
p = ssl_protocols.detect { |x| x[:id] == i.id }
@ -511,7 +531,12 @@ class Metasploit3 < Msf::Auxiliary
report_good "BEAST attack - No"
end
# puts "POODLE (SSLv3)- ?"
# POODLE (SSLv3)
if r.details.poodle?
report_bad "POODLE SSLv3 - Vulnerable"
else
report_good "POODLE SSLv3 - Not vulnerable"
end
# POODLE TLS
case r.details.poodle_tls
@ -520,16 +545,23 @@ class Metasploit3 < Msf::Auxiliary
when 0
report_warning "POODLE TLS - Unknown"
when 1
report_good "POODLE TLS - No"
report_good "POODLE TLS - Not vulnerable"
when 2
report_bad "POODLE TLS - Yes"
report_bad "POODLE TLS - Vulnerable"
end
# Downgrade attack prevention
if r.details.fallback_scsv?
report_good "Downgrade attack prevention - Yes"
report_good "Downgrade attack prevention - Yes, TLS_FALLBACK_SCSV supported"
else
report_bad "Downgrade attack prevention - No"
report_bad "Downgrade attack prevention - No, TLS_FALLBACK_SCSV not supported"
end
# Freak
if r.details.freak?
report_bad "Freak - Vulnerable"
else
report_good "Freak - Not vulnerable"
end
# RC4
@ -553,7 +585,7 @@ class Metasploit3 < Msf::Auxiliary
if r.details.heartbleed?
report_bad "Heartbleed (vulnerability) - Yes"
else
report_good "Heartbeat (vulnerability) - No"
report_good "Heartbleed (vulnerability) - No"
end
# OpenSSL CCS