예제 #1
0
func main() {
	fmt.Printf("System colours:\n")
	fmt.Printf("%s   %s\n", tc.Black("Black"), tc.Bblack("Bright Black"))
	fmt.Printf("%s    %s\n", tc.Blue("Blue"), tc.Bblue("Bright Blue"))
	fmt.Printf("%s   %s\n", tc.Green("Green"), tc.Bgreen("Bright Green"))
	fmt.Printf("%s    %s\n", tc.Cyan("Cyan"), tc.Bcyan("Bright Cyan"))
	fmt.Printf("%s     %s\n", tc.Red("Red"), tc.Bred("Bright Red"))
	fmt.Printf("%s  %s\n", tc.Purple("Purple"), tc.Bpurple("Bright Purple"))
	fmt.Printf("%s  %s\n", tc.Yellow("Yellow"), tc.Byellow("Bright Yellow"))
	fmt.Printf("%s   %s\n", tc.White("White"), tc.Bwhite("Bright White"))

	fmt.Printf("\n 256ish colour cube\n")
	fmt.Print("4-bit palette: ")
	for i := 0; i < 16; i++ {
		fmt.Print(tc.Foreground8(tc.C256(i), "::"))
	}
	fmt.Print("\n               ")
	for i := 0; i < 16; i++ {
		fmt.Print(tc.Background8(tc.C256(i), "  "))
	}
	fmt.Print("\n")
	for r0 := 0; r0 < 6; r0 += 3 {
		for g := 0; g < 6; g++ {
			for r := 0; r < 3; r++ {
				for b := 0; b < 6; b++ {
					c := tc.Colour256(r+r0, g, b)
					fmt.Print(tc.Foreground8(c, "::"))
				}
				fmt.Print("   ")
			}
			fmt.Print("     ")
			for r := 0; r < 3; r++ {
				for b := 0; b < 6; b++ {
					c := tc.Colour256(r+r0, g, b)
					fmt.Print(tc.Background8(c, "  "))
				}
				fmt.Print("   ")
			}
			fmt.Print("\n")
		}
		fmt.Print("\n")
	}
	fmt.Print("4.5-bit greyscale ramp: ")
	for i := 232; i < 256; i++ {
		fmt.Print(tc.Foreground8(tc.C256(i), "::"))
	}
	fmt.Print("\n                        ")
	for i := 232; i < 256; i++ {
		fmt.Print(tc.Background8(tc.C256(i), "  "))
	}
	fmt.Print("\n")
}
예제 #2
0
func main() {
	if flag.NArg() == 0 {
		fmt.Fprintf(os.Stderr, "Usage: %s {HOST} [{OPTIONS}]\n", os.Args[0])
		flag.PrintDefaults()
		os.Exit(1)
	}

	var col func(string) string = nil

	host := flag.Arg(0)
	fmt.Printf("Server:   %s\n", tc.Bblue(fmt.Sprintf("%s:%d", host, *port)))

	probe := sslprobe.New(host, *port)

	var max_version sslprobe.TLSVersion = 0
	fmt.Printf("Protocol support:")
	for _, sv := range probe.SupportedVersions {
		if sv.Supported {
			max_version = sv.Version
		}
		fmt.Printf("  %s", sv.Pretty())
	}
	fmt.Printf("\n")
	if max_version == 0 {
		return
	}

	// Print certificate chain(s)
	for i, _ := range probe.SupportedVersions {
		sv := &probe.SupportedVersions[len(probe.SupportedVersions)-i-1]
		if !*full && sv.Version != max_version {
			continue
		}
		if !sv.Supported || sv.CertificateChain == nil {
			continue
		}

		fmt.Printf("\nCertificate chain:\n")
		for i, b := range sv.CertificateChain {
			cert, err := x509.ParseCertificate(b)
			if err != nil {
				fmt.Printf("   %2d %s: %s\n", i, tc.Red("error"), err)
				continue
			}
			subj, iss := prettyCertificate(cert)
			fmt.Printf("   %2d %s\n      %s\n", i, subj, iss)
		}
	}

	if *quick {
		return
	}

	fmt.Printf("\nCipher suites, in server-preferred order:\n")
	var cipher_prefs []sslprobe.CipherInfo = []sslprobe.CipherInfo{}
	for i, _ := range probe.SupportedVersions {
		sv := &probe.SupportedVersions[len(probe.SupportedVersions)-i-1]
		if !*full && sv.Version != max_version {
			continue
		}
		if sv.Supported {
			probe.FillDetails(sv.Version)

			if len(cipher_prefs) == 0 {
				cipher_prefs = sv.SupportedCiphers
			}
			fmt.Printf("  %s\n", sv.Version)
			for _, c := range sv.SupportedCiphers {
				fmt.Printf("     %s\n", c.Pretty())
			}
		}
	}

	// Loop over the highest protocol version's ciphers again and figure out if
	// there's any useful information in the ServerKeyExchange
	for i, _ := range probe.SupportedVersions {
		sv := probe.SupportedVersions[len(probe.SupportedVersions)-i-1]
		if !sv.Supported {
			continue
		}

		if sv.FFDHSize > 0 || len(sv.SupportedCurves) > 0 {
			fmt.Printf("\nEphemeral Key Exchange strength\n")

			if sv.FFDHSize > 0 {
				col = cStrength(sv.FFDHSize)
				fmt.Printf("   DH Modulus size: %5s bits\n", col(fmt.Sprintf("%d", sv.FFDHSize)))
			}
			if len(sv.SupportedCurves) == 1 {
				curve := sv.SupportedCurves[0]
				dlen := curve.DHBits()
				col = cStrength(dlen)
				fmt.Printf("   Preferred Curve: %s (%d bits, eq %s bits DH)\n", col(curve.Name), curve.Bits, col(fmt.Sprintf("%d", dlen)))
			} else if len(sv.SupportedCurves) > 1 {
				fmt.Printf("   Supported elliptic curves:\n")
				for _, curve := range sv.SupportedCurves {
					dlen := curve.DHBits()
					col = cStrength(dlen)
					fmt.Printf("        %s (%d bits, eq %s bits DH)\n", col(curve.Name), curve.Bits, col(fmt.Sprintf("%d", dlen)))
				}
			}
		}

		break
	}

	probe.OtherChecks()

	if probe.Results != nil {
		fmt.Printf("\nOther scan results:\n")
		for _, result := range probe.Results {
			c := cSeverity(result.Severity)
			fmt.Printf("   %-25s :  %s\n", result.Label, c(result.Result))
		}
	}
}
예제 #3
0
func prettyCertificate(cert *x509.Certificate) (string, string) {
	key := "unknown"
	if cert.PublicKeyAlgorithm == x509.RSA {
		pk, ok := cert.PublicKey.(*rsa.PublicKey)
		if !ok {
			key = tc.Bred("RSA - error")
		} else {
			col := cStrength(pk.N.BitLen())
			key = col(fmt.Sprintf("RSA-%d", pk.N.BitLen()))
		}
	} else if cert.PublicKeyAlgorithm == x509.DSA {
		pk, ok := cert.PublicKey.(*dsa.PublicKey)
		if !ok {
			key = tc.Bred("DSA - error")
		} else {
			bl := pk.P.BitLen()
			col := tc.Red
			if bl < 1536 {
				col = tc.Bred
			}
			key = col(fmt.Sprintf("DSA-%d", bl))
		}
	} else if cert.PublicKeyAlgorithm == x509.ECDSA {
		pk, ok := cert.PublicKey.(*ecdsa.PublicKey)
		if !ok {
			key = tc.Bred("ECDSA - error")
		} else {
			bl := pk.Params().P.BitLen()
			col := tc.Green
			if bl < 224 {
				col = tc.Red
			} else if bl < 256 {
				col = tc.Yellow
			}
			key = col(fmt.Sprintf("ECDSA-%d", bl))
		}
	}

	sig := strSigAlg(cert.SignatureAlgorithm)
	if cert.SignatureAlgorithm == x509.UnknownSignatureAlgorithm ||
		cert.SignatureAlgorithm == x509.MD2WithRSA ||
		cert.SignatureAlgorithm == x509.MD5WithRSA {
		sig = tc.Bred(sig)
	} else if cert.SignatureAlgorithm == x509.SHA1WithRSA ||
		cert.SignatureAlgorithm == x509.DSAWithSHA1 ||
		cert.SignatureAlgorithm == x509.DSAWithSHA256 ||
		cert.SignatureAlgorithm == x509.ECDSAWithSHA1 {
		sig = tc.Red(sig)
	} else {
		sig = tc.Green(sig)
	}

	subject := cert.Subject.CommonName
	if len(subject) > 45 {
		subject = subject[0:45]
	}
	issuer := cert.Issuer.CommonName
	if len(issuer) > 45 {
		issuer = issuer[0:45]
	}

	fpr := tc.Bblack(fmt.Sprintf("%x", sha1.Sum(cert.Raw)))

	subject = fmt.Sprintf("subject: %-45s  key type: %s / sig: %s", subject, key, sig)
	issuer = fmt.Sprintf("issuer:  %-45s  fingerprint: %s", issuer, fpr)

	return subject, issuer
}