Documentation
¶
Overview ¶
Package ssl implements a scan module for SSL/TLS endpoint analysis and cipher suite enumeration.
Index ¶
- Constants
- Variables
- func CheckSetup() error
- func IsValidAuthentication(auth Authentication) bool
- func IsValidEncryption(enc Encryption) bool
- func IsValidEncryptionMode(encMode EncryptionMode) bool
- func IsValidKeyExchange(k KeyExchange) bool
- func IsValidMac(m Mac) bool
- func IsValidPrf(p Prf) bool
- func IsValidProtocol(p Protocol) bool
- func LoadCiphers(logger utils.Logger)
- func Setup(logger utils.Logger) error
- type Authentication
- type Certificate
- type Chain
- type Cipher
- type CipherInfo
- type Curve
- type Curves
- type Data
- type EllipticCurve
- type Encryption
- type EncryptionMode
- type Issues
- type KeyExchange
- type Mac
- type Prf
- type Protocol
- type PublicKey
- type Result
- type Scanner
- type Settings
- type SignatureAlgorithm
- type SignatureHash
Constants ¶
const ( CipherPreferenceClient = "client" CipherPreferenceServer = "server" )
Cipher preferences
const Label = "Ssl"
Variables ¶
var StartTlsPorts = map[int]string{
433: "",
25: "smtp",
465: "",
587: "smtp",
143: "imap",
220: "imap",
993: "",
109: "pop3",
110: "pop3",
995: "",
5222: "xmpp",
5223: "",
5280: "xmpp",
5298: "xmpp",
5269: "xmpp_server",
21: "ftp",
990: "",
989: "",
389: "ldap",
3268: "ldap",
7389: "ldap",
636: "",
3269: "",
7636: "",
3389: "rdp",
5432: "postgres",
}
StartTlsPorts maps common port numbers to their respective protocols: smtp, xmpp, xmpp_server, pop3, ftp, imap, ldap, rdp, postgres, auto. More (unofficial) ports from this list: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
Functions ¶
func CheckSetup ¶
func CheckSetup() error
CheckSetup checks whether Setup() executed accordingly. Scan arguments should be checked by the scanner.
func IsValidAuthentication ¶
func IsValidAuthentication(auth Authentication) bool
func IsValidEncryption ¶
func IsValidEncryption(enc Encryption) bool
func IsValidEncryptionMode ¶
func IsValidEncryptionMode(encMode EncryptionMode) bool
func IsValidKeyExchange ¶
func IsValidKeyExchange(k KeyExchange) bool
func IsValidMac ¶
func IsValidPrf ¶
func IsValidProtocol ¶
func LoadCiphers ¶
Types ¶
type Authentication ¶
type Authentication uint8
Authentication represents algorithms used to authenticate the server and optionally client.
const ( AUTH_NONE Authentication = iota + 1 // No authentication AUTH_TLSv1_3 // RSA / ECDSA / RSA-PSS / EdDSA / PSK AUTH_DSS // DSS AUTH_ECDSA // ECDSA AUTH_ECNRA // ECNRA AUTH_FORTEZZA_KEA // FORTEZZA_KEA AUTH_GOSTR341001 // GOST R 34.10.2001 AUTH_GOSTR341094 // GOST R 34.10.1994 AUTH_KRB5 // KRB5 AUTH_PSK // PSK AUTH_RSA // RSA AUTH_SRP_SHA // SRP_SHA )
AUTH_GOSTR341001: elliptic curve version
func (Authentication) String ¶
func (i Authentication) String() string
type Certificate ¶
type Certificate struct {
Type string // 'leaf' / 'intermediate' / 'root'
Version int // Version of the X.509 standard.
Serial big.Int // Serial number chosen by the CA (not necessarily globally unique / random).
Subject []string // Object Identifiers (OIDs) of the subject.
SubjectCN string // Subject's common name.
Issuer []string // Object Identifiers (OIDs) of the issuer.
IssuerCN string // Issuer's common name.
AlternativeNames []string // Subject's alternative names.
ValidFrom time.Time // The initial date at which the certificate is valid.
ValidTo time.Time // The expiration date of the certificate.
PublicKeyAlgorithm PublicKey // The algorithm corresponding to the public key.
PublicKeyInfo string // Some additional info on the public key, depending on the public key's type.
PublicKeyBits uint64 // The public key's bit-size.
PublicKeyStrength int // The public key's strength corresponding to the key size.
SignatureAlgorithm SignatureAlgorithm // The signature algorithm.
SignatureHashAlgorithm SignatureHash // The signature hash algorithm.
CrlUrls []string // URL(s) for the certificate revocation list.
OcspUrls []string // URL(s) for the online certificate status protocol
KeyUsage []string // Key usage flags set in the certificate.
ExtendedKeyUsage []string // Extended key usage flags set in the certificate.
BasicConstraintsValid bool // Indicates whether Ca and MaxPathLen is valid. All three fields belong to the "basic constraint extension"
Ca bool // Indicates whether the certificate is of a CA.
MaxPathLength int // Maximum number of non-self-issued intermediate certificates that follow this certificate (leaf certificate not counting). See also: http://www.pkiglobe.org/
Sha1Fingerprint string // SHA1 fingerprint of the certificate.
}
type Chain ¶ added in v1.0.3
type Chain struct {
Certificates []*Certificate // Certificates of this specific deployment
ValidatedBy []string // Name(s) of the trust store(s) that successfully validated this deployment
HasValidOrder bool // Indicates whether the certificate chain was sent in valid order
}
type Cipher ¶
type Cipher struct {
Id string
IanaName string
OpensslName string
Protocol Protocol // SSL/TLS version used.
KeyExchange KeyExchange // The key exchange algorithm.
KeyExchangeBits int // The encryption's key bit-size - only set if ephemeral key exchange or export cipher.
KeyExchangeStrength int // The encryption's strength corresponding to the key size - only set if ephemeral key exchange or export cipher.
KeyExchangeInfo []string // Additional info on the key exchange - only set if ephemeral key exchange
ForwardSecrecy bool // Set if the key exchange algorithm supports forward secrecy.
Authentication Authentication // The authentication algorithm.
Encryption Encryption // The encryption algorithm.
EncryptionMode EncryptionMode // The encryption's mode.
EncryptionBits int // The encryption's key bit-size.
EncryptionStrength int // The encryption's strength corresponding to the key size.
BlockCipher bool // Indicates whether the encryption method is a block cipher.
BlockSize int // The encryption's block size if it is a block cipher.
StreamCipher bool // Indicates whether the encryption method is a stream cipher.
Mac Mac // The message authentication code algorithm.
MacBits int // The mac's digest size in bits.
MacStrength int // The mac's strength corresponding to the digest size.
Prf Prf // The pseudo-random function family algorithm (if any).
PrfBits int // The prf's digest size in bits.
PrfStrength int // The prf's strength corresponding to the digest size.
Export bool // Indicates whether the cipher suite is an old export cipher suite.
Draft bool // Indicates whether the cipher suite is a draft.
}
type CipherInfo ¶
type CipherInfo struct {
Id string `json:"cipher_suite"` // Cipher suite id
OpensslName string `json:"openssl_name"` // OpenSSL name of the cipher (SSLyze uses it)
IanaName string `json:"iana_name"` // IANA name
Kx KeyExchange `json:"kx"` // Key exchange protocol
Au Authentication `json:"au"` // Key exchange authentication
Enc Encryption `json:"enc"` // (Bulk) encryption algorithm
EncBits int `json:"enc_bits"` //
EncMode EncryptionMode `json:"enc_mode"` //
Mac Mac `json:"mac"` // Message authentication code algorithm
Prf Prf `json:"prf"` // Pseudorandom function family if existing
Export bool `json:"export"` // export indicator, if the string is not empty it's an exportable cipher
}
CipherInfo holds cipher suite details for our mapping.
type Curve ¶
type Curve string
Curve represents an elliptic curve used in TLS for key exchange and authentication (ECDHE, ECDSA). see http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8 This custom type is not transformed to an integer type as we only have one significant method declared for it and we only get a string from SSLyze. Therefore we'd have to create a mapping to our type in order to use a integer representation.
const ( SECT163K1 Curve = "sect163k1" SECT163R1 Curve = "sect163r1" SECT163R2 Curve = "sect163r2" SECT193R1 Curve = "sect193r1" SECT193R2 Curve = "sect193r2" SECT233K1 Curve = "sect233k1" SECT233R1 Curve = "sect233r1" SECT239K1 Curve = "sect239k1" SECT283K1 Curve = "sect283k1" SECT283R1 Curve = "sect283r1" SECT409K1 Curve = "sect409k1" SECT409R1 Curve = "sect409r1" SECT571K1 Curve = "sect571k1" SECT571R1 Curve = "sect571r1" SECP160K1 Curve = "secp160k1" SECP160R1 Curve = "secp160r1" SECP160R2 Curve = "secp160r2" SECP192K1 Curve = "secp192k1" SECP192R1 Curve = "secp192r1" SECP224K1 Curve = "secp224k1" SECP224R1 Curve = "secp224r1" SECP256K1 Curve = "secp256k1" SECP256R1 Curve = "secp256r1" SECP384R1 Curve = "secp384r1" SECP521R1 Curve = "secp521r1" BRAINPOOLP256R1 Curve = "brainpoolP256r1" BRAINPOOLP384R1 Curve = "brainpoolP384r1" BRAINPOOLP512R1 Curve = "brainpoolP512r1" ECDH_X25519 Curve = "ecdh_x25519" )
func (Curve) IsValidCurve ¶
type Curves ¶ added in v1.0.3
type Curves struct {
SupportedCurves []EllipticCurve // The curves that the target accepts
RejectedCurves []EllipticCurve // The curves that the target rejects
SupportEcdhKeyExchange bool // Indicates whether the target supports ECDH Key Exchange
}
type Data ¶
type Data struct {
Vhost string // The target's hostname
Ciphers map[string]*Cipher // The target's supported cipher suites. Key format: "protocol|cipher_id"
Chains []*Chain // The target's certificate chains
Settings *Settings // The target's SSL/TLS configuration details
Issues *Issues // The target's identified security concerns and vulnerabilities
Curves *Curves // The target's supported or rejected elliptic curves
}
type EllipticCurve ¶
type Encryption ¶
type Encryption uint8
Encryption algorithms
const ( ENC_NONE Encryption = iota + 1 // No encryption ENC_DES // DES ENC_RC2 // RC2 ENC_TRIPLE_DES // 3DES ENC_SKIPJACK // FORTEZZA ENC_SEED // SEED ENC_IDEA // IDEA ENC_CAMELLIA // Camellia ENC_ARIA // ARIA ENC_GOST28147 // GOST 28147 ENC_AES // AES // Stream ciphers ENC_RC4 // RC4 ENC_CHACHA20 // ChaCha20 )
func (Encryption) String ¶
func (i Encryption) String() string
type EncryptionMode ¶
type EncryptionMode uint8
EncryptionMode represents modes of operation for block ciphers.
const ( ENC_M_NONE EncryptionMode = iota + 1 // No encryption mode ENC_M_CBC // CBC ENC_M_CCM // CCM ENC_M_CCM_8 // CCM8 ENC_M_GCM // GCM ENC_M_POLY1305 // Poly1305 ENC_M_CNT // CNT )
CNT mode for GOST ciphers, see https://tools.ietf.org/html/rfc5830#page-6
func (EncryptionMode) String ¶
func (i EncryptionMode) String() string
type Issues ¶
type Issues struct {
// Any 'true' value indicates a vulnerability, they all should be false!
LowEncryptionStrength bool // Indicates whether the minimum of encryption strength is lower than 128 bit.
AnyChainInvalid bool // Indicates whether any certificate chain is invalid.
AnyChainInvalidOrder bool // Indicates whether any certificate chain has an invalid order.
ClientRenegotiationDos bool // Indicates whether the server is vulnerable to client renegotiation DOS.
CcsInjection bool // (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224)
EarlyDataSupported bool // Early data can have a negative impact if session management is not implemented carefully.
NoPerfectForwardSecrecy bool // If this is set, the server supports at least one cipher suite that does not provide prefect forward secrecy.
Sslv2Enabled bool // Indicates the presence of at least one SSLv2 cipher suite.
Sslv3Enabled bool // Indicates the presence of at least one SSLv3 cipher suite.
Tlsv1_0Enabled bool // Indicates the presence of at least one TLS 1.0 cipher suite.
Tlsv1_1Enabled bool // Indicates the presence of at least one TLS 1.1 cipher suite.
ExportSuite bool // Indicates whether the server supports an export cipher suite.
DraftSuite bool // Indicates whether the server supports a draft cipher suite.
Md2Enabled bool // Indicates the presence of at least one cipher suite with MD2 mac (/prf).
Md5Enabled bool // Indicates the presence of at least one cipher suite with MD5 mac (/prf).
Rc4Enabled bool // Indicates the presence of at least one cipher suite with RC4 encryption.
Sha1Enabled bool // Indicates the presence of at least one cipher suite with SHA1 mac (/prf).
Beast bool // (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389)
Crime bool // True if TLS compression is supported by the server, thereby enabling the CRIME attack. (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929)
Drown bool // https://drownattack.com/ (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800)
Freak bool // https://freakattack.com (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0204)
Heartbleed bool // http://heartbleed.com/ (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160)
Logjam bool // https://weakdh.org/logjam.html (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000) (Currently only export ciphers are tested)
Lucky13 bool // (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169)
Poodle bool // (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8730)
Robot bool // https://robotattack.org/
Sweet32 bool // https://sweet32.info/ (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183)
}
type KeyExchange ¶
type KeyExchange uint8
KeyExchange represents algorithms used for the key exchange.
const ( KEX_DH KeyExchange = iota + 1 // DH KEX_DHE // DHE KEX_ECDH // ECDH KEX_ECDHE // ECDHE KEX_ECMQV // ECMQV KEX_ECCPWD // ECCPWD KEX_FORTEZZA_KEA // FORTEZZA_KEA KEX_GOSTR341001 // GOST R 34.10-2001 KEX_GOSTR341094 // GOST R 34.10.1994 KEX_KRB5 // KRB5 KEX_PSK // PSK KEX_RSA // RSA KEX_SRP_SHA // SRP_SHA KEX_TLSv1_3 // (EC)DHE / PSK / PSK + (EC)DHE )
KEX_ECMQV: https://tools.ietf.org/html/draft-campagna-tls-ecmqv-ecqv-01 KEX_GOSTR341001: elliptic curve version
func (KeyExchange) String ¶
func (i KeyExchange) String() string
type Mac ¶
type Mac uint8
Mac represents hash algorithms used for message authentication codes.
const ( MAC_AEAD Mac = iota + 1 // AEAD MAC_MD2 // MD2 MAC_MD5 // MD5 MAC_SHA1 // SHA1 MAC_SHA224 // SHA224 MAC_SHA256 // SHA256 MAC_SHA384 // SHA384 MAC_SHA512 // SHA512 MAC_RIPEMD160 // RMD MAC_GOSTR341194 // GOSTR341194 MAC_GOST28147 // GOST28147 MAC_STREEBOG256 // Streeborg256 MAC_BLAKE2B // BLAKE2b MAC_BLAKE2S // BLAKE2s )
type Scanner ¶
type Scanner struct {
Label string
Started time.Time
Finished time.Time
// contains filtered or unexported fields
}
func NewScanner ¶
func NewScanner( logger utils.Logger, pythonPath string, sslyzeAdditionalTruststore string, target string, port int, vhosts []string, ) (*Scanner, error)
NewScanner initializes a new SSLyze scan. Linux specific implementation, Python and SSLyze package required
func (*Scanner) Run ¶
Run starts scan execution. This must either be executed as a goroutine, or another thread must be active listening on the scan's result channel, in order to avoid a deadlock situation.
func (*Scanner) SetContext ¶ added in v1.1.0
SetContext can be used to pass an existing context from outside. If timeout is supplied later when calling Run() the external context and the deadline context will be combined. Once set, the context cannot be changed anymore, because it might have been wrapped internally already.
type Settings ¶ added in v1.0.3
type Settings struct {
// Any 'false' value indicates place for improvement, ideally they would be true!
LowestProtocol Protocol // The lowest SSL / TLS version that is supported by the server.
MinStrength int // The minimum of EncryptionStrength, MacStrength(/PrfStrength) and PublicKeyStrength across all ciphers and certificates.
Ems bool // Extended Master Secret to prevent triple handshake and related TLS attacks
TlsFallbackScsv bool // TLS_FALLBACK_SCSV mechanism to prevent downgrade attacks
SecureRenegotiation bool // Indicates whether the server supports secure renegotiation.
SessionResumptionWithId bool // If set a session resumption using IDs is possible.
SessionResumptionWithTickets bool // If set a session resumption using session tickets is possible.
IsCompliantToMozillaConfig bool // https://ssl-config.mozilla.org/ Check if the server's SSL config complies with the recommended one from Mozilla
}
type SignatureAlgorithm ¶
type SignatureAlgorithm uint8
const ( SIG_A_Unknown SignatureAlgorithm = iota // SIG_A_RSA // RSA SIG_A_DSA // DSA SIG_A_ECDSA // ECDSA SIG_A_RSAPSS // RSAPSS )
func (SignatureAlgorithm) IsValidSignatureAlgo ¶
func (a SignatureAlgorithm) IsValidSignatureAlgo() bool
func (SignatureAlgorithm) String ¶
func (i SignatureAlgorithm) String() string
type SignatureHash ¶
type SignatureHash uint8
SignatureHash represents a signature hash algorithm.
const ( SIG_H_Unknown SignatureHash = iota // SIG_H_None // None SIG_H_MD2 // MD2 SIG_H_MD5 // MD5 SIG_H_SHA1 // SHA1 SIG_H_SHA224 // SHA224 SIG_H_SHA256 // SHA256 SIG_H_SHA384 // SHA384 SIG_H_SHA512 // SHA512 SIG_H_RIPEMD160 // RMD SIG_H_GOSTR3411 // GOSTR3411 SIG_H_BLAKE2B // BLAKE2b SIG_H_BLAKE2S // BLAKE2s )
BLAKE2*: has a variable digest size, 512 is the maximum. SIG_H_None happen if the signature does not use a separate hash (ED25519, ED448).
func (SignatureHash) IsValidSignatureHash ¶
func (h SignatureHash) IsValidSignatureHash() bool
func (SignatureHash) String ¶
func (i SignatureHash) String() string