func main() {
fmt.Printf("System colours:\n")
fmt.Printf("%s %s\n", tc.Black("Black"), tc.Bblack("Bright Black"))
fmt.Printf("%s %s\n", tc.Blue("Blue"), tc.Bblue("Bright Blue"))
fmt.Printf("%s %s\n", tc.Green("Green"), tc.Bgreen("Bright Green"))
fmt.Printf("%s %s\n", tc.Cyan("Cyan"), tc.Bcyan("Bright Cyan"))
fmt.Printf("%s %s\n", tc.Red("Red"), tc.Bred("Bright Red"))
fmt.Printf("%s %s\n", tc.Purple("Purple"), tc.Bpurple("Bright Purple"))
fmt.Printf("%s %s\n", tc.Yellow("Yellow"), tc.Byellow("Bright Yellow"))
fmt.Printf("%s %s\n", tc.White("White"), tc.Bwhite("Bright White"))
fmt.Printf("\n 256ish colour cube\n")
fmt.Print("4-bit palette: ")
for i := 0; i < 16; i++ {
fmt.Print(tc.Foreground8(tc.C256(i), "::"))
}
fmt.Print("\n ")
for i := 0; i < 16; i++ {
fmt.Print(tc.Background8(tc.C256(i), " "))
}
fmt.Print("\n")
for r0 := 0; r0 < 6; r0 += 3 {
for g := 0; g < 6; g++ {
for r := 0; r < 3; r++ {
for b := 0; b < 6; b++ {
c := tc.Colour256(r+r0, g, b)
fmt.Print(tc.Foreground8(c, "::"))
}
fmt.Print(" ")
}
fmt.Print(" ")
for r := 0; r < 3; r++ {
for b := 0; b < 6; b++ {
c := tc.Colour256(r+r0, g, b)
fmt.Print(tc.Background8(c, " "))
}
fmt.Print(" ")
}
fmt.Print("\n")
}
fmt.Print("\n")
}
fmt.Print("4.5-bit greyscale ramp: ")
for i := 232; i < 256; i++ {
fmt.Print(tc.Foreground8(tc.C256(i), "::"))
}
fmt.Print("\n ")
for i := 232; i < 256; i++ {
fmt.Print(tc.Background8(tc.C256(i), " "))
}
fmt.Print("\n")
}
func main() {
if flag.NArg() == 0 {
fmt.Fprintf(os.Stderr, "Usage: %s {HOST} [{OPTIONS}]\n", os.Args[0])
flag.PrintDefaults()
os.Exit(1)
}
var col func(string) string = nil
host := flag.Arg(0)
fmt.Printf("Server: %s\n", tc.Bblue(fmt.Sprintf("%s:%d", host, *port)))
probe := sslprobe.New(host, *port)
var max_version sslprobe.TLSVersion = 0
fmt.Printf("Protocol support:")
for _, sv := range probe.SupportedVersions {
if sv.Supported {
max_version = sv.Version
}
fmt.Printf(" %s", sv.Pretty())
}
fmt.Printf("\n")
if max_version == 0 {
return
}
// Print certificate chain(s)
for i, _ := range probe.SupportedVersions {
sv := &probe.SupportedVersions[len(probe.SupportedVersions)-i-1]
if !*full && sv.Version != max_version {
continue
}
if !sv.Supported || sv.CertificateChain == nil {
continue
}
fmt.Printf("\nCertificate chain:\n")
for i, b := range sv.CertificateChain {
cert, err := x509.ParseCertificate(b)
if err != nil {
fmt.Printf(" %2d %s: %s\n", i, tc.Red("error"), err)
continue
}
subj, iss := prettyCertificate(cert)
fmt.Printf(" %2d %s\n %s\n", i, subj, iss)
}
}
if *quick {
return
}
fmt.Printf("\nCipher suites, in server-preferred order:\n")
var cipher_prefs []sslprobe.CipherInfo = []sslprobe.CipherInfo{}
for i, _ := range probe.SupportedVersions {
sv := &probe.SupportedVersions[len(probe.SupportedVersions)-i-1]
if !*full && sv.Version != max_version {
continue
}
if sv.Supported {
probe.FillDetails(sv.Version)
if len(cipher_prefs) == 0 {
cipher_prefs = sv.SupportedCiphers
}
fmt.Printf(" %s\n", sv.Version)
for _, c := range sv.SupportedCiphers {
fmt.Printf(" %s\n", c.Pretty())
}
}
}
// Loop over the highest protocol version's ciphers again and figure out if
// there's any useful information in the ServerKeyExchange
for i, _ := range probe.SupportedVersions {
sv := probe.SupportedVersions[len(probe.SupportedVersions)-i-1]
if !sv.Supported {
continue
}
if sv.FFDHSize > 0 || len(sv.SupportedCurves) > 0 {
fmt.Printf("\nEphemeral Key Exchange strength\n")
if sv.FFDHSize > 0 {
col = cStrength(sv.FFDHSize)
fmt.Printf(" DH Modulus size: %5s bits\n", col(fmt.Sprintf("%d", sv.FFDHSize)))
}
if len(sv.SupportedCurves) == 1 {
curve := sv.SupportedCurves[0]
dlen := curve.DHBits()
col = cStrength(dlen)
fmt.Printf(" Preferred Curve: %s (%d bits, eq %s bits DH)\n", col(curve.Name), curve.Bits, col(fmt.Sprintf("%d", dlen)))
} else if len(sv.SupportedCurves) > 1 {
fmt.Printf(" Supported elliptic curves:\n")
for _, curve := range sv.SupportedCurves {
dlen := curve.DHBits()
col = cStrength(dlen)
fmt.Printf(" %s (%d bits, eq %s bits DH)\n", col(curve.Name), curve.Bits, col(fmt.Sprintf("%d", dlen)))
}
}
}
break
}
probe.OtherChecks()
if probe.Results != nil {
fmt.Printf("\nOther scan results:\n")
for _, result := range probe.Results {
c := cSeverity(result.Severity)
fmt.Printf(" %-25s : %s\n", result.Label, c(result.Result))
}
}
}
func prettyCertificate(cert *x509.Certificate) (string, string) {
key := "unknown"
if cert.PublicKeyAlgorithm == x509.RSA {
pk, ok := cert.PublicKey.(*rsa.PublicKey)
if !ok {
key = tc.Bred("RSA - error")
} else {
col := cStrength(pk.N.BitLen())
key = col(fmt.Sprintf("RSA-%d", pk.N.BitLen()))
}
} else if cert.PublicKeyAlgorithm == x509.DSA {
pk, ok := cert.PublicKey.(*dsa.PublicKey)
if !ok {
key = tc.Bred("DSA - error")
} else {
bl := pk.P.BitLen()
col := tc.Red
if bl < 1536 {
col = tc.Bred
}
key = col(fmt.Sprintf("DSA-%d", bl))
}
} else if cert.PublicKeyAlgorithm == x509.ECDSA {
pk, ok := cert.PublicKey.(*ecdsa.PublicKey)
if !ok {
key = tc.Bred("ECDSA - error")
} else {
bl := pk.Params().P.BitLen()
col := tc.Green
if bl < 224 {
col = tc.Red
} else if bl < 256 {
col = tc.Yellow
}
key = col(fmt.Sprintf("ECDSA-%d", bl))
}
}
sig := strSigAlg(cert.SignatureAlgorithm)
if cert.SignatureAlgorithm == x509.UnknownSignatureAlgorithm ||
cert.SignatureAlgorithm == x509.MD2WithRSA ||
cert.SignatureAlgorithm == x509.MD5WithRSA {
sig = tc.Bred(sig)
} else if cert.SignatureAlgorithm == x509.SHA1WithRSA ||
cert.SignatureAlgorithm == x509.DSAWithSHA1 ||
cert.SignatureAlgorithm == x509.DSAWithSHA256 ||
cert.SignatureAlgorithm == x509.ECDSAWithSHA1 {
sig = tc.Red(sig)
} else {
sig = tc.Green(sig)
}
subject := cert.Subject.CommonName
if len(subject) > 45 {
subject = subject[0:45]
}
issuer := cert.Issuer.CommonName
if len(issuer) > 45 {
issuer = issuer[0:45]
}
fpr := tc.Bblack(fmt.Sprintf("%x", sha1.Sum(cert.Raw)))
subject = fmt.Sprintf("subject: %-45s key type: %s / sig: %s", subject, key, sig)
issuer = fmt.Sprintf("issuer: %-45s fingerprint: %s", issuer, fpr)
return subject, issuer
}