Skip to content

Latest commit

 

History

History
82 lines (61 loc) · 3.81 KB

CHANGELOG.md

File metadata and controls

82 lines (61 loc) · 3.81 KB

Changelog

All notable changes to this project will be documented in this file.

0.0.3 - Oct 13, 2021

Added

  • -t --timeout option
  • -cs --cipher-suites option to scan for cipher suite support
  • Automatic Cipher suite support scanning for SSLv2 protocol version if chosen as the main protocol
  • Support for symmetric encryption modification values like EDE3 and EXPORT40
  • Expansion of the ciher_suites.json file with protocol support for each cipher suite
    • This is used when creating cipher suites for client hellos in vulnerability tests, SSL protocol scanning and cipher suite scanning
  • DROWN, Sweet32 and Forward secrecy support vulnerability tests
  • Split the run.py file into two logical sections for code readability
  • Additional logging levels (Warning, Error) and improve the logging system
  • Creation of backups when modifying the /etc/ssl/openssl.cnf file with -fc option
  • Properer handling for servers with no HTTPS support

Changed

  • Instead of choosing the best protocol version, protocol is chosen by the server for TLS protocols, for SSL protocols the best SSL protocol is chosen
  • Change -i --info option to -l --logging
  • Add -st -sudo--tty and -ss -sudo--stdin options for entering the sudo password instead of automatic detection

Removed

0.0.2 - Sep 7, 2021

Added

  • Certificate verification for SSLv3/SSLv2 using the Mozilla CA Certificate list
  • Whole certificate chain scanning for SSLv3, not just the endpoint certificate
  • More detailed logging for -d and -i options
  • Choice to pipe in a sudo password via a pipe (|) to stdin for the purposes of running the OpenSSL config file fix
  • Prompt to input the sudo password while running the tool for the purposes of running the OpenSSL config file fix
  • -w --worst option to connect with the worst available protocol, otherwise the best option is chosen
  • Reworked vulnerability testing system which includes:
    • Tests running on every valid protocol version to scan for vulnerabilities (still in parallel)
    • New vulnerabilities can be implemented easier than before
    • Improved logging
  • Fallback SCSV support vulnerability

Changed

  • TLS protocol version scanning using the native python ssl library instead of pyOpenSSL, which fixed many bugs
  • Script no longer needs to be run as root to run the OpenSSL config file fix
  • SSLv2 cipher suite is now chosen at random (why)
  • Chosen cipher suites for client hellos in vulnerability tests are generated using the python ssl library to improve compatibility

0.0.1 - Aug 10, 2021

Added

  • A forked repository from https://github.com/SamoKopecky/BP
  • SSLv3 protocol support scanning, cipher suite and endpoint certificate scanning
  • SSLv2 protocol support scanning, endpoint certificate scanning
  • Fixed cipher suite while connecting on SSLv2 (why)
  • Option -t 0 for not running any tests, if no -t option is present all tests are ran
  • Script integration with the penterep tools template
  • -v --version option to show tool version
  • LICENSE file

Changed

  • Rename the tool to SSLTest instead of TLSTest
  • TLSv1 now appears everywhere in the program as TLSv1.0
  • Change verbose (-v) option to debug (-d)

Removed

  • Removed the web server GUI/rest API functionality