Merge pull request #5 from SamoKopecky/dev

Merge v0.1.0 into master

.github/workflows/release.yml

@@ -0,0 +1,14 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create release
+        uses: softprops/action-gh-release@v1
+        with:
+          body: "- All the changes can be found in the [changelog](CHANGELOG.md) file"

CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All notable changes to this project will be documented in this file.
 
+# [0.1.0](https://github.com/SamoKopecky/SSLTest/compare/v0.0.3...v0.1.0) - Oct 24, 2021
+
+### Added
+- Improved text output in console
+- `-sc --short-cert` option to shorten alternative names output
+
+### Changed
+- Vulnerability tests no longer need to be hardcoded in a dictionary to run, they are automatically parsed
+from the tests module
+
 # [0.0.3](https://github.com/SamoKopecky/SSLTest/compare/v0.0.2...v0.0.3) - Oct 13, 2021
 
 ### Added

README.md

@@ -9,7 +9,32 @@
 
 # SSLTest
 
-Script that scans web servers cryptographic parameters and vulnerabilities
+A Python script that scans web servers cryptographic parameters and vulnerabilities. All available Vulnerability tests
+can be found in the `help` output of the script or in the [options](#Options) section.
+
+## Main features
+Scan or test:
+- Supported SSL/TLS protocols
+- Detailed information about the certificate
+- Detailed information about the cipher suite the connection was made with
+- Web server software used by the server
+- Chosen vulnerability tests
+- Supported cipher suites for all SSL/TLS protocols
+
+## Dependencies
+
+Dependencies are listed in the `requirements.txt` file, if you don't want to install with `setup.py` 
+and just want to run the script install them like this:
+
+```
+$ pip3 install -r requirements.txt
+```
+
+Nmap is required for some functions of the script, install on ubuntu-like distros with:
+
+```
+$ sudo apt-get install -y nmap
+```
 
 ## Installation
 
@@ -45,6 +70,9 @@ $ sudo ptmanager -ut SSLTest
                                     9: Session Ticket Support
                                     10: Sweet32
                              If this argument isn't specified all tests will be ran
+-to  --timeout  <duration>   Set a duration for the timeout of connections
+-sc  --short-cert            Limit alternative names to first 5
+-cs  --cipher-suites         Scan all supported cipher suites by the server
 -fc --fix-conf               Fix the /etc/ssl/openssl.cnf file to allow the use of older TLS protocols (TLSv1 and TLSv1.1) 
 -st --sudo-tty               Use the terminal prompt to enter the sudo password
 -ss --sudo-stdin             Use the stdin of the script to enter the sudo password
@@ -71,6 +99,7 @@ $ SSLTest.py -u https://example.com -t 1 2 -cs
 ## Version History
 
 * Full changelog [here](/CHANGELOG.md)
+* [0.1.0](https://github.com/SamoKopecky/SSLTest/releases/tag/v0.1.0)  
 * [0.0.3](https://github.com/SamoKopecky/SSLTest/releases/tag/v0.0.3)
 * [0.0.2](https://github.com/SamoKopecky/SSLTest/releases/tag/v0.0.2)
 * [0.0.1](https://github.com/SamoKopecky/SSLTest/releases/tag/v0.0.1)

SSLTest/SSLTest.py

@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 
-__version__ = "0.0.3"
+__version__ = "0.1.0"
 
 import argparse
 import logging
@@ -11,7 +11,7 @@
 from ptlibs import ptjsonlib, ptmisclib
 
 from src.run import run
-from src.scan import get_tests_switcher
+from src.scan_vulnerabilities.TestRunner import TestRunner
 
 
 class SSLTest:
@@ -30,7 +30,7 @@ def run(self):
 def get_tests_help():
     tests_help = 'test the server for a specified vulnerability' \
                  'possible vulnerabilities (separate with spaces):\n'
-    for key, value in get_tests_switcher().items():
+    for key, value in TestRunner.get_tests_switcher().items():
         test_number = key
         test_desc = value[1]
         tests_help += f'{" " * 30}{test_number}: {test_desc}\n'
@@ -50,6 +50,7 @@ def get_help():
              "Change output to json format, if a file name is specified output is written to the given file"],
             ["-t", "--test", "<number ...>", get_tests_help()],
             ["-to", "--timeout", "<duration>", "Set a duration for the timeout of connections"],
+            ["-sc", "--short-cert", "", "Limit alternative names to first 5"],
             ["-cs", "--cipher-suites", "", "Scan all supported cipher suites by the server"],
             ["-fc", "--fix-conf", "", "Fix the /etc/ssl/openssl.cnf file to allow the use of older TLS protocols"
                                       " (TLSv1 and TLSv1.1)"],
@@ -82,6 +83,7 @@ def parse_args():
     parser.add_argument("-j", "--json", action="store", metavar="output_file", required=False, nargs="?", default=False)
     parser.add_argument("-t", "--test", type=int, metavar="test_num", nargs="+")
     parser.add_argument("-to", "--timeout", type=int, nargs="?", default=1)
+    parser.add_argument("-sc", "--short-cert", action="store_true", default=False)
     parser.add_argument("-cs", "--cipher-suites", action="store_true", default=False)
     parser.add_argument("-ns", "--nmap-scan", action="store_true", default=False)
     parser.add_argument("-nd", "--nmap-discover", action="store_true", default=False)
@@ -160,7 +162,7 @@ def try_to_remove_argument(short_name, full_name):
 def check_test_option(tests):
     if not tests:
         return
-    tests_switcher = get_tests_switcher()
+    tests_switcher = TestRunner.get_tests_switcher()
     test_numbers = [test for test in tests_switcher.keys()]
     unknown_tests = list(filter(lambda t: t not in test_numbers, tests))
     if unknown_tests:

SSLTest/src/run.py

@@ -4,9 +4,8 @@
 import sys
 import traceback
 
-from .scan import scan
+from .scan import handle_scan_output
 from .scan_parameters.non_ratable.port_discovery import discover_ports
-from .text_output.TextOutput import TextOutput
 
 log = logging.getLogger(__name__)
 
@@ -20,9 +19,9 @@ def run(args):
     if '/' in args.url:
         args.url = fix_url(args.url)
     nmap_discover_option(args)
-    output_data = scan_all_ports(args)
-    out = output_option(args, output_data)
-    if out: print(out)
+    json_data = scan_all_ports(args)
+    if json_data:
+        json_option(args, json_data)
 
 
 def fix_url(url):
@@ -72,31 +71,31 @@ def scan_all_ports(args):
     :rtype: dict
     """
     output_data = {}
+    if args.json is None:
+        only_json = True
+    else:
+        only_json = False
     for port in args.port:
         try:
-            output_data.update(scan(args, port))
+            output_data.update(handle_scan_output(args, port, only_json))
         except Exception as ex:
             tb = traceback.format_exc()
             log.debug(tb)
-            print(f'Unexpected exception occurred: {ex}', file=sys.stderr)
+            print(f'\n\nUnexpected exception occurred: {ex}', file=sys.stderr)
     return output_data
 
 
-def output_option(args, output_data):
+def json_option(args, json_data):
     """
-    Handle output depending on the input options
+    Handle json option
 
     :param Namespace args: Parsed input arguments
-    :param dict output_data: Collected data from scanning/testing
+    :param dict json_data: Collected data from scanning/testing
     """
-    json_output_data = json.dumps(output_data, indent=2)
-    if args.json is False:
-        text_output = TextOutput(json_output_data)
-        text_output.get_formatted_text()
-        return text_output.output
-    elif args.json is None:
-        return json_output_data
-    else:
+    json_output_data = json.dumps(json_data, indent=2)
+    if args.json is None:
+        print(json_output_data)
+    elif bool(args.json):
         file = open(args.json, 'w')
         file.write(json_output_data)
         file.close()