forked from pentestmonkey/yaptest
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ssl-check.pl
executable file
·87 lines (77 loc) · 2.89 KB
/
ssl-check.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/bin/perl -w
use strict;
use Expect;
my $usage = "$0 ip port
Makes an SSL connection to target, then tries to renegotiate. Assumes HTTP protocol
to avoid false positives.
Grep this output for these strings to indicate the presence of security issues:
* 'Insecure Renegotiaion is possible for IP:PORT': CVE-2011-1473 + CVE-2009-3555
* 'Secure Renegotiaion is possible for IP:PORT' CVE-2011-1473
CVE-2009-3555: TLS Authentication Gap (MiTM)
CVE-2011-1473: Server-side CPU Exhaustion (DoS Attack)
The 'openssl' program is required to be in your path.
\n";
my $target = shift or die $usage;
my $port = shift or die $usage;
my $timeout = 10;
my $command = "openssl s_client -connect $target:$port";
print "[+] Spawning command: $command\n";
my $exp = new Expect;
$exp->spawn($command) or die "Cannot spawn command: $command\n";
$exp->log_stdout(1); # set to 0 for cleaner output
$exp->exp_internal(0);
my $type = "";
my $ret;
print "[+] Getting certification information\n";
system("openssl s_client -connect $target:$port | sed -n '/BEGIN CERTIFICATE/,/END CERTIFICATE/p' | openssl x509 -text");
$ret = $exp->expect($timeout, "Secure Renegotiation IS NOT supported", "Secure Renegotiation IS supported", "connect:errno=", ":error:");
if (defined($ret) and $ret == 0) {
print "[+] Timemout waiting for SSL connection. Quitting.\n";
exit 1;
}
if (defined($ret) and $ret == 1) {
print "[+] Secure Renegotiation is not supported by $target:$port\n";
$type = "Insecure";
}
if (defined($ret) and $ret == 2) {
print "[+] Secure Renegotiation is supported by $target:$port\n";
$type = "Secure";
}
if (defined($ret) and ($ret == 3 or $ret == 4)) {
print "[+] Error connecting to $target:$port\n";
exit 1;
}
$ret = $exp->expect($timeout, "\n---");
if (defined($ret) and $ret == 0) {
print "[+] Timemout waiting for SSL connection. Quitting.\n";
exit 1;
}
if (defined($ret) and $ret == 1) {
print "[+] SSL connection established to $target:$port\n";
print "[+] Sending GET Requst part #1\n";
$exp->send("GET / HTTP/1.0\r\n");
print "[+] Attempting Renegotiation\n";
$exp->send("R\r\n");
my $result = $exp->expect($timeout, "verify return:", ":error:");
if (defined($result) and $result == 0) {
print "[+] Timeout waiting for renegotiaion with $target:$port\n";
exit 1;
}
if (defined($result) and $result == 1) {
print "\n[+] $type Renegotiation seems to be successful for $target:$port\n";
$exp->send("\r\n");
my $result2 = $exp->expect($timeout, "HTTP");
if (defined($result) and $result == 1) {
print "\n[+] $type Renegotiation is possible for $target:$port\n";
exit 1;
}
print "\n[+] $type Renegotiation went wrong for $target:$port. Investigate manually.\n";
exit 1;
}
if (defined($result) and $result == 2) {
print "[+] $type Renegotiaion failed for $target:$port\n";
exit 1;
}
print "\n[+] $type Renegotiation went wrong for $target:$port. Investigate manually.\n";
}
$exp->hard_close;