Exemplo n.º 1
0
// printCertificationPathsInfo print info about certificates in chain
func printCertificationPathsInfo(details *sslscan.EndpointDetails) {
	printCategoryHeader("Certification Paths")

	fmtc.Printf(" %-24s {s}|{!} %d\n", "Certificates provided", len(details.Chain.Certs))

	fmtc.Printf(" %-24s {s}|{!} ", "Chain issues")

	if details.Chain.Issues == 0 {
		fmtc.Println("None")
	} else {
		fmtc.Printf("{y}%s{!}\n", getChainIssuesDesc(details.Chain.Issues))
	}

	if len(details.Chain.Certs) > 1 {
		fmtutil.Separator(true)

		lastCertIndex := len(details.Chain.Certs) - 2

		for index, cert := range details.Chain.Certs[1:] {
			validUntilDate := time.Unix(cert.NotAfter/1000, 0)

			fmtc.Printf(" %-24s {s}|{!} %s\n", "Subject", cert.Label)
			fmtc.Printf(" %-24s {s}|{!} %s\n", "Valid until", timeutil.Format(validUntilDate, "%Y/%m/%d %H:%M:%S"))

			fmtc.Printf(" %-24s {s}|{!} ", "Key")

			if cert.KeyAlg == "RSA" && cert.KeyStrength < 2048 {
				fmtc.Printf("{y}%s %d bits (WEAK){!}\n", cert.KeyAlg, cert.KeySize)
			} else {
				fmtc.Printf("%s %d bits\n", cert.KeyAlg, cert.KeySize)
			}

			fmtc.Printf(" %-24s {s}|{!} %s\n", "Issuer", cert.IssuerLabel)

			fmtc.Printf(" %-24s {s}|{!} ", "Signature algorithm")

			if weakAlgorithms[cert.SigAlg] {
				fmtc.Printf("{y}%s (WEAK){!}\n", cert.SigAlg)
			} else {
				fmtc.Printf("%s\n", cert.SigAlg)
			}

			if index < lastCertIndex {
				fmtutil.Separator(true)
			}
		}
	}
}
Exemplo n.º 2
0
// printMiscellaneousInfo print miscellaneous info about endpoint
func printMiscellaneousInfo(info *sslscan.EndpointInfo) {
	printCategoryHeader("Miscellaneous")

	details := info.Details
	testDate := time.Unix(info.Details.HostStartTime/1000, 0)

	// ---

	fmtc.Printf(
		" %-24s {s}|{!} %s {s-}(%s ago){!}\n", "Test date",
		timeutil.Format(testDate, "%Y/%m/%d %H:%M:%S"),
		timeutil.PrettyDuration(time.Since(testDate)),
	)

	// ---

	fmtc.Printf(" %-24s {s}|{!} %s\n", "Test duration", timeutil.PrettyDuration(info.Duration/1000))
	fmtc.Printf(" %-24s {s}|{!} %d\n", "HTTP status code", details.HTTPStatusCode)

	// ---

	if details.HTTPForwarding != "" {
		if strings.Contains(details.HTTPForwarding, "http://") {
			fmtc.Printf(" %-24s {s}|{!} {y}%s (PLAINTEXT){!}\n", "HTTP forwarding", details.HTTPForwarding)
		} else {
			fmtc.Printf(" %-24s {s}|{!} %s\n", "HTTP forwarding", details.HTTPForwarding)
		}
	}

	// ---

	if details.ServerSignature != "" {
		fmtc.Printf(" %-24s {s}|{!} %s\n", "HTTP server signature", details.ServerSignature)
	}

	// ---

	if info.ServerName != "" {
		fmtc.Printf(" %-24s {s}|{!} %s\n", "Server hostname", info.ServerName)
	}
}
Exemplo n.º 3
0
// printCertificateInfo print basic info about server key and certificate
func printCertificateInfo(details *sslscan.EndpointDetails) {
	printCategoryHeader("Server Key and Certificate")

	validFromDate := time.Unix(details.Cert.NotBefore/1000, 0)
	validUntilDate := time.Unix(details.Cert.NotAfter/1000, 0)

	// ---

	fmtc.Printf(" %-24s {s}|{!} %s\n", "Common names", strings.Join(details.Cert.CommonNames, " "))

	if len(details.Cert.AltNames) > 0 {
		if len(details.Cert.AltNames) > 5 {
			fmtc.Printf(
				" %-24s {s}|{!} %s {s-}(+%d more){!}\n",
				"Alternative names",
				strings.Join(details.Cert.AltNames[:4], " "),
				len(details.Cert.AltNames)-4,
			)
		} else {
			fmtc.Printf(" %-24s {s}|{!} %s\n", "Alternative names", strings.Join(details.Cert.AltNames, " "))
		}
	}

	// ---

	fmtc.Printf(" %-24s {s}|{!} %s\n", "Valid from", timeutil.Format(validFromDate, "%Y/%m/%d %H:%M:%S"))

	// ---

	fmtc.Printf(" %-24s {s}|{!} ", "Valid until")

	if time.Now().Unix() >= validUntilDate.Unix() {
		fmtc.Printf("{r}%s (EXPIRED){!}\n", timeutil.Format(validUntilDate, "%Y/%m/%d %H:%M:%S"))
	} else {
		fmtc.Printf("%s\n", timeutil.Format(validUntilDate, "%Y/%m/%d %H:%M:%S"))
	}

	// ---

	fmtc.Printf(" %-24s {s}|{!} %s %d bits\n", "Key", details.Key.Alg, details.Key.Size)
	fmtc.Printf(" %-24s {s}|{!} %s\n", "Weak Key (Debian)", getBool(details.Key.DebianFlaw))

	// ---

	fmtc.Printf(" %-24s {s}|{!} ", "Issuer")

	if details.Cert.Issues&64 == 64 {
		fmtc.Printf("%s {s-}(Self-signed){!}\n", details.Cert.IssuerLabel)
	} else {
		fmtc.Printf("%s\n", details.Cert.IssuerLabel)
	}

	// ---

	fmtc.Printf(" %-24s {s}|{!} ", "Signature algorithm")

	if weakAlgorithms[details.Cert.SigAlg] {
		fmtc.Printf("{y}%s (WEAK){!}\n", details.Cert.SigAlg)
	} else {
		fmtc.Printf("%s\n", details.Cert.SigAlg)
	}

	// ---

	fmtc.Printf(" %-24s {s}|{!} ", "Extended Validation")

	if details.Cert.ValidationType == "E" {
		fmtc.Println("{g}Yes{!}")
	} else {
		fmtc.Println("No")
	}

	// ---

	fmtc.Printf(" %-24s {s}|{!} ", "Certificate Transparency")

	if details.Cert.SCT {
		fmtc.Println("{g}Yes{!}")
	} else {
		fmtc.Println("No")
	}

	// ---

	if details.Cert.RevocationInfo != 0 {
		fmtc.Printf(" %-24s {s}|{!} %s\n", "Revocation information", getRevocationInfo(details.Cert.RevocationInfo))
	}

	// ---

	fmtc.Printf(" %-24s {s}|{!} ", "Revocation status")

	if details.Cert.RevocationStatus&1 == 1 {
		fmtc.Printf("{r}%s{!}\n", getRevocationStatus(details.Cert.RevocationStatus))
	} else {
		fmtc.Printf("%s\n", getRevocationStatus(details.Cert.RevocationStatus))
	}

	// ---

	fmtc.Printf(" %-24s {s}|{!} ", "Trusted")

	if details.Cert.Issues == 0 {
		fmtc.Println("{g}Yes{!}")
	} else {
		fmtc.Printf("{r}No (%s){!}\n", getCertIssuesDesc(details.Cert.Issues))
	}
}