7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
# File 'lib/scanssl/scanHost.rb', line 7
def scan(server, port)
ssl2_array = []
ssl3_array = []
tls1_array = []
tls1_1_array = []
tls1_2_array = []
threads = []
c = []
PROTOCOLS.each do |protocol|
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.ciphers = CIPHERS
ssl_context.options = protocol
threads << Thread.new do
ssl_context.ciphers.each do |cipher|
begin
ssl_context = OpenSSL::SSL::SSLContext.new
ssl_context.options = protocol
ssl_context.ciphers = cipher[0].to_s
begin
tcp_socket = WEBrick::Utils.timeout(5){
TCPSocket.new(server, port)
}
rescue => e
puts e.message
exit 1
end
socket_destination = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
WEBrick::Utils.timeout(5) {
socket_destination.connect
}
if protocol == SSLV3
ssl_version, cipher, bits, vulnerability = result_parse(cipher[0], cipher[3], protocol)
result = "Server supports: %-22s %-42s %-10s %s\n"%[ssl_version, cipher, bits, vulnerability]
ssl3_array << result
elsif protocol == TLSV1
ssl_version, cipher, bits, vulnerability = result_parse(cipher[0], cipher[2], protocol)
result = "Server supports: %-22s %-42s %-10s %s\n"%[ssl_version, cipher, bits, vulnerability]
tls1_array << result
elsif protocol == TLSV1_1
ssl_version, cipher, bits, vulnerability = result_parse(cipher[0], cipher[2], protocol)
result = "Server supports: %-22s %-42s %-10s %s\n"%[ssl_version, cipher, bits, vulnerability]
tls1_1_array << result
elsif protocol == TLSV1_2
ssl_version, cipher, bits, vulnerability = result_parse(cipher[0], cipher[2], protocol)
result = "Server supports: %-22s %-42s %-10s %s\n"%[ssl_version, cipher, bits, vulnerability]
tls1_2_array << result
elsif protocol == SSLV2
ssl_version, cipher, bits, vulnerability = result_parse(cipher[0], cipher[2], protocol)
result = "Server supports: %-22s %-42s %-10s %s\n"%[ssl_version, cipher, bits, vulnerability]
ssl2_array << result
end
rescue Exception => e
if @debug
puts e.message
puts e.backtrace.join "\n"
if protocol == SSLV2
puts "Server Don't Supports: SSLv2 #{c[0]} #{c[2]} bits"
elsif protocol == SSLV3
puts "Server Don't Supports: SSLv3 #{c[0]} #{c[3]} bits"
elsif protocol == TLSV1
puts "Server Don't Supports: TLSv1 #{c[0]} #{c[2]} bits"
elsif protocol == TLSV1_1
puts "Server Don't Supports: TLSv1.1 #{c[0]} #{c[2]} bits"
elsif protocol == TLSV1_2
puts "Server Don't Supports: TLSv1.2 #{c[0]} #{c[2]} bits"
end
end
ensure
socket_destination.close if socket_destination rescue nil
tcp_socket.close if tcp_socket rescue nil
end
end
end
end
begin
threads.map(&:join)
rescue Interrupt
end
return ssl3_array, ssl2_array, tls1_array, tls1_1_array, tls1_2_array
end
|