From 2778274e478821df2ffe8daa8a37ebfd4bbe9a79 Mon Sep 17 00:00:00 2001 From: Denis Kolegov Date: Tue, 16 Jun 2015 02:59:12 -0400 Subject: [PATCH 1/4] Added new SSL Labs API fields and fixed minor errors --- modules/auxiliary/gather/ssllabs_scan.rb | 52 +++++++++++++++++++----- 1 file changed, 42 insertions(+), 10 deletions(-) diff --git a/modules/auxiliary/gather/ssllabs_scan.rb b/modules/auxiliary/gather/ssllabs_scan.rb index c763058e9d..495f3f477b 100644 --- a/modules/auxiliary/gather/ssllabs_scan.rb +++ b/modules/auxiliary/gather/ssllabs_scan.rb @@ -180,9 +180,12 @@ class Metasploit3 < Msf::Auxiliary :crlURIs, :ocspURIs, :revocationStatus, + :crlRevocationStatus, + :ocspRevocationStatus, :sgc?, :validationType, - :issues + :issues, + :sct?, def valid? issues == 0 @@ -196,10 +199,19 @@ class Metasploit3 < Msf::Auxiliary class ChainCert < ApiObject has_fields :subject, :label, + :notBefore, + :notAfter, :issuerSubject, :issuerLabel, + :sigAlg, :issues, - :raw + :keyAlg, + :keySize, + :keyStrength, + :revocationStatus, + :crlRevocationStatus, + :ocspRevocationStatus, + :raw, def valid? issues == 0 @@ -354,6 +366,8 @@ class Metasploit3 < Msf::Auxiliary :npnProtocols, :sessionTickets, :ocspStapling?, + :staplingRevocationStatus, + :staplingRevocationErrorMessage, :sniRequired?, :httpStatusCode, :httpForwarding, @@ -364,8 +378,11 @@ class Metasploit3 < Msf::Auxiliary has_fields :heartbleed?, :heartbeat?, :openSslCcs, + :poodle?, :poodleTls, - :fallbackScsv? + :fallbackScsv?, + :freak?, + :hasSct end class Endpoint < ApiObject @@ -375,6 +392,7 @@ class Metasploit3 < Msf::Auxiliary :statusDetails, :statusDetailsMessage, :grade, + :gradeTrustIgnored, :hasWarnings?, :isExceptional?, :progress, @@ -408,7 +426,7 @@ class Metasploit3 < Msf::Auxiliary SSL/TLS assessment during a penetration test. }, 'License' => MSF_LICENSE, - 'Author' => + 'Author' => [ 'Denis Kolegov ', 'Francois Chagnon' # ssllab.rb author (https://github.com/Shopify/ssllabs.rb) @@ -472,6 +490,8 @@ class Metasploit3 < Msf::Auxiliary report_bad "Overall rating: #{r.grade} - Server's certificate is not trusted" end + report_warning "Grade is #{r.grade_trust_ignored}, if trust issues are ignored)" if r.grade.to_s != r.grade_trust_ignored.to_s + # Supported protocols r.details.protocols.each do |i| p = ssl_protocols.detect { |x| x[:id] == i.id } @@ -511,7 +531,12 @@ class Metasploit3 < Msf::Auxiliary report_good "BEAST attack - No" end - # puts "POODLE (SSLv3)- ?" + # POODLE (SSLv3) + if r.details.poodle? + report_bad "POODLE SSLv3 - Vulnerable" + else + report_good "POODLE SSLv3 - Not vulnerable" + end # POODLE TLS case r.details.poodle_tls @@ -520,16 +545,23 @@ class Metasploit3 < Msf::Auxiliary when 0 report_warning "POODLE TLS - Unknown" when 1 - report_good "POODLE TLS - No" + report_good "POODLE TLS - Not vulnerable" when 2 - report_bad "POODLE TLS - Yes" + report_bad "POODLE TLS - Vulnerable" end # Downgrade attack prevention if r.details.fallback_scsv? - report_good "Downgrade attack prevention - Yes" + report_good "Downgrade attack prevention - Yes, TLS_FALLBACK_SCSV supported" else - report_bad "Downgrade attack prevention - No" + report_bad "Downgrade attack prevention - No, TLS_FALLBACK_SCSV not supported" + end + + # Freak + if r.details.freak? + report_bad "Freak - Vulnerable" + else + report_good "Freak - Not vulnerable" end # RC4 @@ -553,7 +585,7 @@ class Metasploit3 < Msf::Auxiliary if r.details.heartbleed? report_bad "Heartbleed (vulnerability) - Yes" else - report_good "Heartbeat (vulnerability) - No" + report_good "Heartbleed (vulnerability) - No" end # OpenSSL CCS From c3d2797f100269b29bfc44856cdb843fad59abee Mon Sep 17 00:00:00 2001 From: Denis Kolegov Date: Tue, 16 Jun 2015 04:22:22 -0400 Subject: [PATCH 2/4] Fixed Info fields --- modules/auxiliary/gather/ssllabs_scan.rb | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/modules/auxiliary/gather/ssllabs_scan.rb b/modules/auxiliary/gather/ssllabs_scan.rb index 495f3f477b..0eb62bd5e6 100644 --- a/modules/auxiliary/gather/ssllabs_scan.rb +++ b/modules/auxiliary/gather/ssllabs_scan.rb @@ -224,12 +224,7 @@ class Metasploit3 < Msf::Auxiliary class Chain < ApiObject has_objects_list :certs, ChainCert - has_fields :subject, - :label, - :issuerSubject, - :issuerLabel, - :issues, - :raw + has_fields :issues def valid? issues == 0 @@ -747,7 +742,6 @@ class Metasploit3 < Msf::Auxiliary def run delay = datastore['DELAY'] - hostname = datastore['HOSTNAME'] unless valid_hostname?(hostname) print_status "Invalid hostname" From 5a277389f2eb86f4ce8b40b74b0cc0de57eb393e Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Fri, 19 Jun 2015 11:38:22 -0500 Subject: [PATCH 3/4] remove some trailing commas --- modules/auxiliary/gather/ssllabs_scan.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/gather/ssllabs_scan.rb b/modules/auxiliary/gather/ssllabs_scan.rb index 0eb62bd5e6..b488864ca5 100644 --- a/modules/auxiliary/gather/ssllabs_scan.rb +++ b/modules/auxiliary/gather/ssllabs_scan.rb @@ -185,7 +185,7 @@ class Metasploit3 < Msf::Auxiliary :sgc?, :validationType, :issues, - :sct?, + :sct? def valid? issues == 0 @@ -211,7 +211,7 @@ class Metasploit3 < Msf::Auxiliary :revocationStatus, :crlRevocationStatus, :ocspRevocationStatus, - :raw, + :raw def valid? issues == 0 From bf170a195dd130210ab255bbd8d30fc80ab86529 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Fri, 19 Jun 2015 11:38:36 -0500 Subject: [PATCH 4/4] the API sometimes returns negative percents - treat these as 0 --- modules/auxiliary/gather/ssllabs_scan.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/auxiliary/gather/ssllabs_scan.rb b/modules/auxiliary/gather/ssllabs_scan.rb index b488864ca5..316dd0886a 100644 --- a/modules/auxiliary/gather/ssllabs_scan.rb +++ b/modules/auxiliary/gather/ssllabs_scan.rb @@ -714,7 +714,7 @@ class Metasploit3 < Msf::Auxiliary return unless r.status == "IN_PROGRESS" if r.endpoints.length == 1 - print_status "#{r.host} (#{r.endpoints[0].ip_address}) - Progress #{r.endpoints[0].progress}% (#{r.endpoints[0].status_details_message})" + print_status "#{r.host} (#{r.endpoints[0].ip_address}) - Progress #{[r.endpoints[0].progress, 0].max}% (#{r.endpoints[0].status_details_message})" elsif r.endpoints.length > 1 in_progress_srv_num = 0 ready_srv_num = 0 @@ -723,7 +723,7 @@ class Metasploit3 < Msf::Auxiliary case e.status_message.to_s when "In progress" in_progress_srv_num += 1 - print_status "Scanned host: #{e.ip_address} (#{e.server_name})- #{e.progress}% complete (#{e.status_details_message})" + print_status "Scanned host: #{e.ip_address} (#{e.server_name})- #{[e.progress, 0].max}% complete (#{e.status_details_message})" when "Pending" pending_srv_num += 1 when "Ready"