sslprobe

package module
v0.0.0-...-0fb23b7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 30, 2016 License: BSD-3-Clause Imports: 7 Imported by: 0

README

sslprobe

sslprobe is a tool that maps out a server's TLS configuration and identifies potential problems, such as supporting obsolete protocols or preferring weak cipher suites. I like to play with Qualys' SSLLabs a lot, so I decided to make my own.

Usage

From the command-line, type:

go run bin/sslprobe/sslprobe.go [{OPTIONS}] {HOST}

e.g.

go run bin/sslprobe/sslprobe.go github.com

Options include:

  • -f or --full: perform cipher preference scans on all supported versions instead of just the highest;
  • -q or --quick: don't perform cipher preference scans at all.

Example output: Example output

License

This repository is shared under a BSD 3-clause license. See the file COPYING for details.

This repository also contains files imported from the Go project. Luckily, these files are similarly licensed.

Documentation

Index

Constants

View Source 
const (
	SSL_2_0  TLSVersion = 0x0002
	SSL_2_99            = 0x02ff
	SSL_3_0             = 0x0300
	TLS_1_0             = 0x0301
	TLS_1_1             = 0x0302
	TLS_1_2             = 0x0303
	TLS_1_3             = 0x0304
	TLS_1_99            = 0x03ff
)
View Source 
const (
	EXT_server_name            ExtensionType = 0
	EXT_max_fragment_length                  = 1
	EXT_client_certificate_url               = 2
	EXT_trusted_ca_keys                      = 3
	EXT_truncated_hmac                       = 4
	EXT_status_request                       = 5
	EXT_elliptic_curves                      = 10
	EXT_ec_point_formats                     = 11
	EXT_signature_algorithms                 = 13
)

Variables

View Source 
var (
	KX_NULL         CipherKeyExchangeInfo = CipherKeyExchangeInfo{"NULL", false, true, true}
	KX_RSA                                = CipherKeyExchangeInfo{"xRSA", false, false, false}
	KX_PSK                                = CipherKeyExchangeInfo{"PSK", false, false, false}
	KX_KRB5_EXPORT                        = CipherKeyExchangeInfo{"KRB5_EXPORT", false, false, true}
	KX_EXPORT                             = CipherKeyExchangeInfo{"EXPORT", false, false, true}
	KX_EXPORT1024                         = CipherKeyExchangeInfo{"EXPORT1024", false, false, true}
	KX_FFDH_EXPORT                        = CipherKeyExchangeInfo{"FFDH_EXPORT", false, true, true}
	KX_FFDHE_EXPORT                       = CipherKeyExchangeInfo{"FFDHE_EXPORT", true, false, true}
	KX_KRB5                               = CipherKeyExchangeInfo{"KRB5", false, false, true}
	KX_SRP                                = CipherKeyExchangeInfo{"SRP", false, false, false}
	KX_FFDHE                              = CipherKeyExchangeInfo{"FFDHE", true, false, false}
	KX_FFDH                               = CipherKeyExchangeInfo{"FFDH", false, true, false}
	KX_ECDH                               = CipherKeyExchangeInfo{"ECDH", false, true, false}
	KX_ECDHE                              = CipherKeyExchangeInfo{"ECDHE", true, false, false}
)
View Source 
var (
	AU_NULL  CipherAuthenticationInfo = CipherAuthenticationInfo{"NULL", true}
	AU_PSK                            = CipherAuthenticationInfo{"PSK", false}
	AU_RSA                            = CipherAuthenticationInfo{"RSA", false}
	AU_KRB5                           = CipherAuthenticationInfo{"KRB5", true}
	AU_DSA                            = CipherAuthenticationInfo{"DSA", true}
	AU_ECDSA                          = CipherAuthenticationInfo{"ECDSA", false}
)
View Source 
var (
	SC_NULL        CipherSymmetricInfo = CipherSymmetricInfo{"NULL", 0, 0, true}
	SC_RC2_40                          = CipherSymmetricInfo{"RC2-40", 40, 64, true}
	SC_RC4_40                          = CipherSymmetricInfo{"RC4-40", 40, 1684, true}
	SC_DES_40                          = CipherSymmetricInfo{"DES-40", 40, 64, true}
	SC_IDEA                            = CipherSymmetricInfo{"IDEA", 128, 64, true}
	SC_DES                             = CipherSymmetricInfo{"DES", 56, 64, true}
	SC_RC2                             = CipherSymmetricInfo{"RC2", 64, 64, true}
	SC_RC4                             = CipherSymmetricInfo{"RC4", 128, 1684, true}
	SC_SEED                            = CipherSymmetricInfo{"SEED", 128, 128, false}
	SC_3DES                            = CipherSymmetricInfo{"3DES", 112, 64, false}
	SC_ARIA128                         = CipherSymmetricInfo{"ARIA128", 128, 128, false}
	SC_ARIA256                         = CipherSymmetricInfo{"ARIA256", 256, 128, false}
	SC_AES128                          = CipherSymmetricInfo{"AES128", 128, 128, false}
	SC_AES256                          = CipherSymmetricInfo{"AES256", 256, 128, false}
	SC_CAMELLIA128                     = CipherSymmetricInfo{"CAMELLIA128", 128, 128, false}
	SC_CAMELLIA256                     = CipherSymmetricInfo{"CAMELLIA256", 256, 128, false}
	SC_CHACHA20                        = CipherSymmetricInfo{"CHACHA20", 256, 256, false}
)
View Source 
var (
	MAC_NULL            CipherMACInfo = CipherMACInfo{"NULL", 0, false, true}
	MAC_MD5                           = CipherMACInfo{"MD5", 128, false, true}
	MAC_SHA1                          = CipherMACInfo{"SHA", 160, false, false}
	MAC_SHA256                        = CipherMACInfo{"SHA256", 256, false, false}
	MAC_SHA384                        = CipherMACInfo{"SHA384", 384, false, false}
	MAC_CCM                           = CipherMACInfo{"CCM", 128, true, false}
	MAC_CCM_8                         = CipherMACInfo{"CCM_8", 256, true, false}
	MAC_GCM_SHA256                    = CipherMACInfo{"GCM_SHA256", 256, true, false}
	MAC_GCM_SHA384                    = CipherMACInfo{"GCM_SHA384", 384, true, false}
	MAC_POLY1305_SHA256               = CipherMACInfo{"POLY1305_SHA256", 256, true, false}
)
View Source 
var AllCiphers []CipherInfo = AllCiphersIncludingSSL2[7:]
View Source 
var AllCiphersIncludingSSL2 []CipherInfo = []CipherInfo{}/* 333 elements not displayed */
View Source 
var AllCurves []CurveInfo = []CurveInfo{
	CurveInfo{1, "sect163k1", true, 163},
	CurveInfo{2, "sect163r1", true, 163},
	CurveInfo{3, "sect163r2", true, 163},
	CurveInfo{4, "sect193r1", true, 193},
	CurveInfo{5, "sect193r2", true, 193},
	CurveInfo{6, "sect233k1", true, 233},
	CurveInfo{7, "sect233r1", true, 233},
	CurveInfo{8, "sect239k1", true, 239},
	CurveInfo{9, "sect283k1", true, 283},
	CurveInfo{10, "sect283r1", true, 283},
	CurveInfo{11, "sect409k1", true, 409},
	CurveInfo{12, "sect409r1", true, 409},
	CurveInfo{13, "sect571k1", true, 571},
	CurveInfo{14, "sect571r1", true, 571},
	CurveInfo{15, "secp160k1", true, 160},
	CurveInfo{16, "secp160r1", true, 160},
	CurveInfo{17, "secp160r2", true, 160},
	CurveInfo{18, "secp192k1", true, 192},
	CurveInfo{19, "secp192r1", true, 192},
	CurveInfo{20, "secp224k1", true, 224},
	CurveInfo{21, "secp224r1", true, 224},
	CurveInfo{22, "secp256k1", true, 256},
	CurveInfo{23, "secp256r1", true, 256},
	CurveInfo{24, "secp384r1", true, 384},
	CurveInfo{25, "secp521r1", true, 521},
	CurveInfo{26, "brainpoolP256r1", true, 256},
	CurveInfo{27, "brainpoolP384r1", true, 384},
	CurveInfo{28, "brainpoolP512r1", true, 512},
	CurveInfo{29, "temp_curve25519", true, 256},
	CurveInfo{30, "temp_curve448", true, 448},
	CurveInfo{256, "ffdhe2048", false, 2048},
	CurveInfo{257, "ffdhe3072", false, 3072},
	CurveInfo{258, "ffdhe4096", false, 4096},
	CurveInfo{259, "ffdhe6144", false, 6144},
	CurveInfo{260, "ffdhe8192", false, 8192},
	CurveInfo{65281, "arbitrary_explicit_prime_curve", true, 0},
	CurveInfo{65282, "arbitrary_explicit_char2_curve", true, 0}}
View Source 
var AllVersions []TLSVersion = []TLSVersion{
	SSL_2_0,
	SSL_3_0,
	TLS_1_0,
	TLS_1_1,
	TLS_1_2,
	TLS_1_3}
View Source 
var ERR_EncapsulationHeader error = fmt.Errorf("Unable to read encapsulation header")
View Source 
var ERR_UnexpectedContentType error = fmt.Errorf("Unexpected ContentType")

Functions

func NextHandshake 

func NextHandshake(c net.Conn) (byte, []byte, error)

func ReadCapsule 

func ReadCapsule(c net.Conn, expectedContentType byte) ([]byte, error)

Types

type Alert 

type Alert struct {
	Level       byte
	Description byte
}

func (Alert) Error 

func (a Alert) Error() string

type CipherAuthenticationInfo 

type CipherAuthenticationInfo struct {
	Name   string
	Broken bool
}

type CipherInfo 

type CipherInfo struct {
	ID     uint32
	Name   string
	Kex    CipherKeyExchangeInfo
	Auth   CipherAuthenticationInfo
	Cipher CipherSymmetricInfo
	MAC    CipherMACInfo
}
var TLS_FALLBACK_SCSV CipherInfo = CipherInfo{0x5600, "TLS_FALLBACK_SCSV", KX_NULL, AU_NULL, SC_NULL, MAC_NULL}
var TLS_NULL CipherInfo = CipherInfo{0x0000, "TLS_NULL_WITH_NULL_NULL", KX_NULL, AU_NULL, SC_NULL, MAC_NULL}

func IDCipher 

func IDCipher(id uint32) CipherInfo

func (CipherInfo) Pretty 

func (c CipherInfo) Pretty() string

func (CipherInfo) String 

func (c CipherInfo) String() string

type CipherKeyExchangeInfo 

type CipherKeyExchangeInfo struct {
	Name          string
	ForwardSecure bool
	Static        bool
	Broken        bool
}

type CipherMACInfo 

type CipherMACInfo struct {
	Name    string
	TagSize uint16
	AEAD    bool
	Broken  bool
}

type CipherSymmetricInfo 

type CipherSymmetricInfo struct {
	Name      string
	KeySize   uint16
	BlockSize uint16
	Broken    bool
}

type CurveInfo 

type CurveInfo struct {
	ID   uint16
	Name string
	EC   bool
	Bits uint16
}
var Curve_NULL CurveInfo = CurveInfo{0, "null", false, 0}

func IDCurve 

func IDCurve(id uint16) CurveInfo

func (CurveInfo) DHBits 

func (c CurveInfo) DHBits() int

Return the equivalent DH bit strength

func (CurveInfo) SymBits 

func (c CurveInfo) SymBits() int

Return the equivalent Symmetric cipher strength

type ExtensionType 

type ExtensionType uint16

type Probe 

type Probe struct {
	Host              string
	Port              int
	SupportedVersions []versionDetails
	Results           map[string]checkResult
}

func New 

func New(host string, port int) *Probe

func (*Probe) FillDetails 

func (p *Probe) FillDetails(version TLSVersion)

func (*Probe) OtherChecks 

func (p *Probe) OtherChecks()

type Severity 

type Severity int
var (
	Bonus             Severity = -1
	OK                Severity = 0
	Bad               Severity = 1
	BigFuckingProblem Severity = 2
)

type TLSExtension 

type TLSExtension struct {
	Type     ExtensionType
	Contents []byte
}

func HelloECPointFormats 

func HelloECPointFormats() TLSExtension

func HelloSignatureAlgorithms 

func HelloSignatureAlgorithms() TLSExtension

func HelloSupportedCurves 

func HelloSupportedCurves(curves []CurveInfo) TLSExtension

func ServerNameIndication 

func ServerNameIndication(servername string) TLSExtension

func (TLSExtension) Copy 

func (x TLSExtension) Copy(buf []byte)

Copy this extension into buf

func (TLSExtension) Len 

func (x TLSExtension) Len() int

Return the total length in bytes of this extension, including headers

type TLSExtensionList 

type TLSExtensionList []TLSExtension

func (TLSExtensionList) Len 

func (l TLSExtensionList) Len() int

Total byte length of this extension list, including all headers

type TLSVersion 

type TLSVersion uint16

func (TLSVersion) String 

func (v TLSVersion) String() string

Source Files

View all Source files

Directories

Path Synopsis
bin
heartbleed
kg
scap
sslprobe
Package tls partially implements TLS 1.2, as specified in RFC 5246.
 Package tls partially implements TLS 1.2, as specified in RFC 5246.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.