Class: Ciphersurfer::Scanner

Inherits:
Object
  • Object
show all
Defined in:
lib/ciphersurfer/scanner.rb

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options = {}) ⇒ Scanner

Returns a new instance of Scanner.



30
31
32
33
34
35
36
37
 
# File 'lib/ciphersurfer/scanner.rb', line 30

def initialize(options={})
  @host=options[:host]
  @port=options[:port] ||= 443
  @proto=options[:proto]
  @ok_ciphers=[]
  @ok_bits=[]
  @alive=false
end

Instance Attribute Details

#ok_bitsObject (readonly)

Returns the value of attribute ok_bits.



25
26
27
 
# File 'lib/ciphersurfer/scanner.rb', line 25

def ok_bits
  @ok_bits
end

#ok_ciphersObject (readonly)

Returns the value of attribute ok_ciphers.



25
26
27
 
# File 'lib/ciphersurfer/scanner.rb', line 25

def ok_ciphers
  @ok_ciphers
end

#peer_certObject (readonly)

Returns the value of attribute peer_cert.



26
27
28
 
# File 'lib/ciphersurfer/scanner.rb', line 26

def peer_cert
  @peer_cert
end

Class Method Details

.alive?(host, port) ⇒ Boolean

Returns:

  • (Boolean) 


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# File 'lib/ciphersurfer/scanner.rb', line 51

def self.alive?(host, port)
  client=HTTPClient.new
  begin
    @alive=true
    response=client.get("https://#{host}:#{port}")
    @peer_cert = response.peer_cert
    return true
  rescue Errno::ECONNREFUSED => e
    puts "alive?(): connection refused".color(:red)
    return false
  rescue OpenSSL::SSL::SSLError => e
    puts "alive?(): [WARNING] - #{e.message}".color(:yellow)
    return true
  rescue => e
    puts "alive?(): #{e.message}".color(:red)
    return false
  end
  
end

.cert(host, port) ⇒ Object 



39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/ciphersurfer/scanner.rb', line 39

def self.cert(host, port)
  if (! @alive)
    self.alive?(host.port)
  end

  @peer_cert

  # client=HTTPClient.new
  # response=client.get("https://#{host}:#{port}")
  # peer_cert = response.peer_cert
end

.poodle?(host, port) ⇒ Boolean

def self.alive?(host, port)

request = Net::HTTP.new(host, port)
request.use_ssl = true
request.verify_mode = OpenSSL::SSL::VERIFY_NONE
begin
  response = request.get("/")
  return true
rescue Errno::ECONNREFUSED => e
  return false
rescue OpenSSL::SSL::SSLError => e
  return false
rescue 
  return false
end

end

Returns:

  • (Boolean) 


87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/ciphersurfer/scanner.rb', line 87

def self.poodle?(host, port)
  # context=OpenSSL::SSL::SSLContext.new(:SSLv3)
  request = Net::HTTP.new(host, port)
  request.use_ssl = true
  request.verify_mode = OpenSSL::SSL::VERIFY_NONE
  request.ssl_version = :SSLv3
  begin
    response = request.get("/")
    return true
  rescue OpenSSL::SSL::SSLError => e
    return false
  rescue
    return false
  end


end

Instance Method Details

#goObject 



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/ciphersurfer/scanner.rb', line 105

def go
  context=OpenSSL::SSL::SSLContext.new(@proto)
  cipher_set = context.ciphers
  cipher_set.each do |cipher_name, cipher_version, bits, algorithm_bits|

    request = Net::HTTP.new(@host, @port)
    request.use_ssl = true
    request.verify_mode = OpenSSL::SSL::VERIFY_NONE
    request.ciphers= cipher_name
    begin
      response = request.get("/")
      @ok_bits << bits
      @ok_ciphers << cipher_name
    rescue OpenSSL::SSL::SSLError => e
      # Quietly discard SSLErrors, really I don't care if the cipher has
      # not been accepted
    rescue 
      # Quietly discard all other errors... you must perform all error
      # chekcs in the calling program
    end
  end
end