Class: Rex::SSLScan::Scanner

Inherits:

Object

• Object
• Rex::SSLScan::Scanner

Defined in:

lib/rex/sslscan/scanner.rb

Defined Under Namespace

Classes: InvalidCipher

Instance Attribute Summary

• #context ⇒ Object

  Returns the value of attribute context.

• #host ⇒ Object

  Returns the value of attribute host.

• #port ⇒ Object

  Returns the value of attribute port.

• #sslv2 ⇒ Object readonly

  Returns the value of attribute sslv2.

• #supported_versions ⇒ Object readonly

  Returns the value of attribute supported_versions.

• #timeout ⇒ Object

  Returns the value of attribute timeout.

Instance Method Summary

• #get_cert(ssl_version, cipher) ⇒ OpenSSL::X509::Certificate, Nil

  Retrieve the X509 Cert from the target service,.

• #initialize(host, port = 443, context = {}, timeout = 5) ⇒ Scanner constructor

  Initializes the scanner object.

• #scan ⇒ Result

  Initiate the Scan against the target.

• #test_cipher(ssl_version, cipher) ⇒ Symbol

  Tests the specified SSL Version and Cipher against the configured target.

• #test_ssl ⇒ Object
• #test_tls ⇒ Object
• #valid? ⇒ Boolean

  Checks whether the scanner option has a valid configuration.

Constructor Details

#initialize(host, port = 443, context = {}, timeout = 5) ⇒ Scanner

Initializes the scanner object

Parameters:

• host (String) —

  IP address or hostname to scan

• port (Integer) (defaults to: 443) —

  Port number to scan, default: 443

• timeout (Integer) (defaults to: 5) —

  Timeout for connections, in seconds. default: 5

Raises:

• (StandardError) —

  Raised when the configuration is invalid

# File 'lib/rex/sslscan/scanner.rb', line 25

def initialize(host,port = 443,context = {},timeout=5)
  @host       = host
  @port       = port
  @timeout    = timeout
  @context    = context
  if check_opensslv2 == true
    @supported_versions = [:SSLv2, :SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
    @sslv2 = true
  else
    @supported_versions = [:SSLv3, :TLSv1, :TLSv1_1, :TLSv1_2]
    @sslv2 = false
  end
  raise StandardError, "The scanner configuration is invalid" unless valid?
end

Instance Attribute Details

#context ⇒ Object

Returns the value of attribute context.

# File 'lib/rex/sslscan/scanner.rb', line 12

def context
  @context
end

#host ⇒ Object

Returns the value of attribute host.

# File 'lib/rex/sslscan/scanner.rb', line 13

def host
  @host
end

#port ⇒ Object

Returns the value of attribute port.

# File 'lib/rex/sslscan/scanner.rb', line 14

def port
  @port
end

#sslv2 ⇒ Object (readonly)

Returns the value of attribute sslv2.

# File 'lib/rex/sslscan/scanner.rb', line 18

def sslv2
  @sslv2
end

#supported_versions ⇒ Object (readonly)

Returns the value of attribute supported_versions.

# File 'lib/rex/sslscan/scanner.rb', line 17

def supported_versions
  @supported_versions
end

#timeout ⇒ Object

Returns the value of attribute timeout.

# File 'lib/rex/sslscan/scanner.rb', line 15

def timeout
  @timeout
end

Instance Method Details

#get_cert(ssl_version, cipher) ⇒ OpenSSL::X509::Certificate, Nil

Retrieve the X509 Cert from the target service,

Parameters:

• ssl_version (Symbol) —

  The SSL version to use (:SSLv2, :SSLv3, :TLSv1)

• cipher (String) —

  The SSL Cipher to use

Returns:

• (OpenSSL::X509::Certificate) —

  if the certificate was retrieved

• (Nil) —

  if the cert couldn't be retrieved

# File 'lib/rex/sslscan/scanner.rb', line 161

def get_cert(ssl_version, cipher)
  validate_params(ssl_version,cipher)
  begin
    scan_client = Rex::Socket::Tcp.create(
      'PeerHost'   => @host,
      'PeerPort'   => @port,
      'SSL'        => true,
      'SSLVersion' => ssl_version,
      'SSLCipher'  => cipher,
      'Timeout'    => @timeout
    )
    cert = scan_client.peer_cert
    if cert.kind_of? OpenSSL::X509::Certificate
      return cert
    else
      return nil
    end
  rescue ::Exception => e
    return nil
  ensure
    if scan_client
      scan_client.close
    end
  end
end

#scan ⇒ Result

Initiate the Scan against the target. Will test each cipher one at a time.

Returns:

• (Result) —

  object containing the details of the scan

# File 'lib/rex/sslscan/scanner.rb', line 53

def scan
  scan_result = Rex::SSLScan::Result.new
  scan_result.openssl_sslv2 = sslv2
  # If we can't get any SSL connection, then don't bother testing
  # individual ciphers.
  if test_ssl == :rejected and test_tls == :rejected
    return scan_result
  end

  threads = []
  ciphers = Queue.new
  @supported_versions.each do |ssl_version|
    sslctx = OpenSSL::SSL::SSLContext.new(ssl_version)
    sslctx.ciphers.each do |cipher_name, ssl_ver, key_length, alg_length|
      threads << Thread.new do
        begin
          status = test_cipher(ssl_version, cipher_name)
          ciphers << [ssl_version, cipher_name, key_length, status]
          if status == :accepted and scan_result.cert.nil?
            scan_result.cert = get_cert(ssl_version, cipher_name)
          end
        rescue Rex::SSLScan::Scanner::InvalidCipher
          next
        end
      end
    end
  end
  threads.each { |thr| thr.join }

  until ciphers.empty? do
    cipher = ciphers.pop
    scan_result.add_cipher(*cipher)
  end
  scan_result
end

#test_cipher(ssl_version, cipher) ⇒ Symbol

Tests the specified SSL Version and Cipher against the configured target

Parameters:

• ssl_version (Symbol) —

  The SSL version to use (:SSLv2, :SSLv3, :TLSv1)

• cipher (String) —

  The SSL Cipher to use

Returns:

• (Symbol) —

  Either :accepted or :rejected

# File 'lib/rex/sslscan/scanner.rb', line 133

def test_cipher(ssl_version, cipher)
  validate_params(ssl_version,cipher)
  begin
    scan_client = Rex::Socket::Tcp.create(
      'Context'    => @context,
      'PeerHost'   => @host,
      'PeerPort'   => @port,
      'SSL'        => true,
      'SSLVersion' => ssl_version,
      'SSLCipher'  => cipher,
      'Timeout'    => @timeout
    )
  rescue ::Exception => e
    return :rejected
  ensure
    if scan_client
      scan_client.close
    end
  end

  return :accepted
end

#test_ssl ⇒ Object

# File 'lib/rex/sslscan/scanner.rb', line 89

def test_ssl
  begin
    scan_client = Rex::Socket::Tcp.create(
      'Context'    => @context,
      'PeerHost'   => @host,
      'PeerPort'   => @port,
      'SSL'        => true,
      'SSLVersion' => :SSLv23,
      'Timeout'    => @timeout
    )
  rescue ::Exception => e
    return :rejected
  ensure
    if scan_client
      scan_client.close
    end
  end
  return :accepted
end

#test_tls ⇒ Object

# File 'lib/rex/sslscan/scanner.rb', line 109

def test_tls
  begin
    scan_client = Rex::Socket::Tcp.create(
      'Context'    => @context,
      'PeerHost'   => @host,
      'PeerPort'   => @port,
      'SSL'        => true,
      'SSLVersion' => :TLSv1,
      'Timeout'    => @timeout
    )
  rescue ::Exception => e
    return :rejected
  ensure
    if scan_client
      scan_client.close
    end
  end
  return :accepted
end

#valid? ⇒ Boolean

Checks whether the scanner option has a valid configuration

Returns:

• (Boolean) —

  True or False, the configuration is valid.

# File 'lib/rex/sslscan/scanner.rb', line 42

def valid?
  begin
    @host = Rex::Socket.getaddress(@host, true)
  rescue
    return false
  end
  @port.kind_of?(Integer) && @port >= 0 && @port <= 65535 && @timeout.kind_of?(Integer)
end