Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
def https_check(endpoint):
"""
Uses sslyze to figure out the reason the endpoint wouldn't verify.
"""
utils.debug("sslyzing {}...".format(endpoint.url))
# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.warning("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
def https_check(endpoint):
"""
Uses sslyze to figure out the reason the endpoint wouldn't verify.
"""
utils.debug("sslyzing {}...".format(endpoint.url))
# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.exception("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.warning("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
return
except Exception as err:
endpoint.unknown_error = True
logging.warning("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
return
try:
cert_plugin_result = None
command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
scanner = sslyze.synchronous_scanner.SynchronousScanner()
cert_plugin_result = scanner.run_scan_command(server_info, command)
# remove the https:// from prefix for sslyze
try:
hostname = endpoint.url[8:]
server_tester = ServerConnectivityTester(hostname=hostname, port=443)
server_info = server_tester.perform()
endpoint.live = True
ip = server_info.ip_address
if endpoint.ip is None:
endpoint.ip = ip
else:
if endpoint.ip != ip:
utils.debug("{}: Endpoint IP is already {}, but requests IP is {}.".format(endpoint.url, endpoint.ip, ip))
if server_info.client_auth_requirement.name == 'REQUIRED':
endpoint.https_client_auth_required = True
logging.warning("{}: Client Authentication REQUIRED".format(endpoint.url))
except ServerConnectivityError as err:
endpoint.live = False
endpoint.https_valid = False
logging.exception("{}: Error in sslyze server connectivity check when connecting to {}".format(endpoint.url, err.server_info.hostname))
utils.debug("{}: {}".format(endpoint.url, err))
return
except Exception as err:
endpoint.unknown_error = True
logging.exception("{}: Unknown exception in sslyze server connectivity check.".format(endpoint.url))
utils.debug("{}: {}".format(endpoint.url, err))
return
try:
cert_plugin_result = None
command = sslyze.plugins.certificate_info_plugin.CertificateInfoScanCommand(ca_file=CA_FILE)
scanner = sslyze.synchronous_scanner.SynchronousScanner()
cert_plugin_result = scanner.run_scan_command(server_info, command)
def ssltlsscan(web):
target = web.split('//')[1]
print(R+'\n ===============================')
print(R+' S S L E N U M E R A T I O N')
print(R+' ===============================\n')
print(GR+' [*] Testing server SSL status...')
try:
req = requests.get('https://'+target)
print(G+' [+] SSL Working Properly...')
time.sleep(0.6)
print(O+" [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
def ssltlsscan(web):
target = web.split('//')[1]
#print(R+'\n ===============================')
#print(R+' S S L E N U M E R A T I O N')
#print(R+' ===============================\n')
from core.methods.print import pscan
pscan("ssl enumeration")
print(GR+' [*] Testing server SSL status...')
try:
req = requests.get('https://'+target)
print(G+' [+] SSL Working Properly...'+color.TR2+C)
time.sleep(0.6)
print(C+" [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
def ssltlsscan(web):
target = web.split('//')[1]
print(R+'\n ===============================')
print(R+' S S L E N U M E R A T I O N')
print(R+' ===============================\n')
print(GR+' [*] Testing server SSL status...')
try:
req = requests.get('https://'+target)
print(G+' [+] SSL Working Properly...')
time.sleep(0.6)
print(O+" [!] Running SSL Enumeration...\n")
try:
server_tester = ServerConnectivityTester(hostname=target)
server_info = server_tester.perform()
scanner = SynchronousScanner()
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.2 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = CertificateInfoScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] Certificate Information:'+color.TR2+C)
for entry in scan_result.as_text():
if entry != '':
if 'certificate information' in entry.lower():
pass
elif ':' in entry:
print(GR+' [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
else:
print(C+'\n [+] ' +entry.strip())
print('')
command = HttpHeadersScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] HTTP Results:'+C+color.TR2+C)
for entry in scan_result.as_text():
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.2 Ciphers:")
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = CertificateInfoScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] Certificate Information:')
for entry in scan_result.as_text():
if entry != '':
if 'certificate information' in entry.lower():
pass
elif ':' in entry:
print(GR+' [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
else:
print(O+'\n [+] ' +entry.strip())
print('')
command = HttpHeadersScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] HTTP Results:')
for entry in scan_result.as_text():
command = Tlsv10ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.0 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv11ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.1 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = Tlsv12ScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+" [+] Available TLS v1.2 Ciphers:"+color.TR2+C)
for cipher in scan_result.accepted_cipher_list:
print(C+' {}'.format(cipher.name))
print('')
command = CertificateInfoScanCommand()
scan_result = scanner.run_scan_command(server_info, command)
print(G+' [+] Certificate Information:'+color.TR2+C)
for entry in scan_result.as_text():
if entry != '':
if 'certificate information' in entry.lower():
pass
elif ':' in entry:
print(GR+' [+] '+entry.strip().split(':', 1)[0].strip()+' : '+C+entry.strip().split(':', 1)[1].strip())
else: