search

4elta / recon

automate the boring stuff!
GNU General Public License v3.0
8 stars 3 forks source link

nas: tls analyzer for sslyze fails (on opportunistic scans) with TypeError Exception #44

Closed ikstream closed 1 year ago

ikstream commented 1 year ago

I collected opportunistic tls data for rdp with sslyze. When I run the analyzer, a TypeError Exception is thrown.

./analyze.py -i ../logs/recon -t sslyze tls

Vulnerabilities and/or deviations from the recommended settings (`/recon/config/recommendations/tls/default.toml`):
Traceback (most recent call last):
  File "/recon/./analyze.py", line 150, in <module>
    main()
  File "/recon/./analyze.py", line 147, in main
    process(parser.parse_args())
  File "/recon/./analyze.py", line 81, in process
    services = analyzer.analyze(files)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/recon/analyzers/tls/__init__.py", line 111, in analyze
    services = self.parser.parse_files(files[self.parser_name])
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/recon/analyzers/__init__.py", line 24, in parse_files
    self.parse_file(path)
  File "/recon/analyzers/tls/sslyze.py", line 197, in parse_file
    self._parse_scan_result(
  File "/recon/analyzers/tls/sslyze.py", line 205, in _parse_scan_result
    self._parse_certificate_info(
  File "/recon/analyzers/tls/sslyze.py", line 301, in _parse_certificate_info
    if not certificate_deployment['path_validation_results']['was_validation_successful']:
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: list indices must be integers or slices, not str

This is caused by a difference in the collected data at the path_validation_results value, as it contains an array and is not an individual value to be read from. An exempt from the file can be seen below.

Therefore the path_validation_results need an additional step before was_validation_successful can be checked.

To check for further issues i added a single fixed index to the handling and i encountered no further errors during the processing of the data. So this seems to be the only place (at least in my data) where additional steps are required. The block below is only an exempt as it would take some effort to clean identifying data from it.

    "server_scan_results": [
        {
            "connectivity_error_trace": null,
            "connectivity_result": {
                "cipher_suite_supported": "ECDHE-RSA-AES256-GCM-SHA384",
                "client_auth_requirement": "DISABLED",
                "highest_tls_version_supported": "TLS_1_2",
                "supports_ecdh_key_exchange": true
            },
           "connectivity_status": "COMPLETED",
            "network_configuration": {
                "network_max_retries": 3,
                "network_timeout": 5,
                "tls_client_auth_credentials": null,
                "tls_opportunistic_encryption": "RDP",
                "tls_server_name_indication": "10.10.10.2",
                "xmpp_to_hostname": null
            },
            "scan_result": {
                "certificate_info": {
                    "error_reason": null,
                    "error_trace": null,
                    "result": {
                        "certificate_deployments": [
                            {
                                "leaf_certificate_has_must_staple_extension": false,
                                "leaf_certificate_is_ev": false,
                                "leaf_certificate_signed_certificate_timestamps_count": 0,
                                "leaf_certificate_subject_matches_hostname": false,
                                "ocsp_response": null,
                                "ocsp_response_is_trusted": null,
                                "path_validation_results": [
                                    {
                                        "openssl_error_string": "self-signed certificate",
                                        "trust_store": {
                                            "ev_oids": null,
                                            "name": "Android",
                                            "path": "/sslyze/venv/lib/python3.11/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/google_aosp.pem",
                                            "version": "13.0.0_r9"
                                        },
                                        "verified_certificate_chain": null,
                                        "was_validation_successful": false
                                    },
                                    {
                                        "openssl_error_string": "self-signed certificate",
                                        "trust_store": {
                                            "ev_oids": null,
                                            "name": "Apple",
                                            "path": "/sslyze/venv/lib/python3.11/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/apple.pem",
                                            "version": "iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9"
                                        },
                                        "verified_certificate_chain": null,
                                        "was_validation_successful": false
                                    },
                                    {
                                        "openssl_error_string": "self-signed certificate",
                                        "trust_store": {
                                            "ev_oids": null,
                                            "name": "Java",
                                            "path": "/sslyze/venv/lib/python3.11/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/oracle_java.pem",
                                            "version": "jdk-13.0.2"
                                        },
                                        "verified_certificate_chain": null,
                                        "was_validation_successful": false
                                    },
                                    {
                                        "openssl_error_string": "self-signed certificate",
                                        "trust_store": {
                                            "ev_oids": [
                                                {
                                                    "dotted_string": "1.2.276.0.44.1.1.1.4",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.2.392.200091.100.721.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.2.40.0.17.1.22",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.2.616.1.113527.2.5.1.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.159.1.17.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.13177.10.1.3.10",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.14370.1.6",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.14777.6.1.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.14777.6.1.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.17326.10.14.2.1.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.17326.10.14.2.2.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.17326.10.8.12.1.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.17326.10.8.12.2.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.22234.2.5.2.3.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.23223.1.1.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.29836.1.10",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.34697.2.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.34697.2.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.34697.2.3",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.34697.2.4",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.36305.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.40869.1.1.22.3",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.4146.1.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.4788.2.202.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.6334.1.100.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.6449.1.2.1.5.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.782.1.2.1.8.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.7879.13.24.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "1.3.6.1.4.1.8024.0.2.100.1.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.156.112554.3",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.528.1.1003.1.2.7",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.578.1.26.1.3.3",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.756.1.83.21.0",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.756.1.89.1.2.1.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.792.3.0.3.1.1.5",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.792.3.0.4.1.1.4",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.113733.1.7.23.6",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.113733.1.7.48.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.114028.10.1.2",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.114171.500.9",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.114404.1.1.2.4.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.114412.2.1",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.114413.1.7.23.3",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.114414.1.7.23.3",
                                                    "name": "Unknown OID"
                                                },
                                                {
                                                    "dotted_string": "2.16.840.1.114414.1.7.24.3",
                                                    "name": "Unknown OID"
                                                }
                                            ],
                                            "name": "Mozilla",
                                            "path": "/sslyze/venv/lib/python3.11/site-packages/sslyze/plugins/certificate_info/trust_stores/pem_files/mozilla_nss.pem",
                                            "version": "2022-12-11"
                                        },
                                        "verified_certificate_chain": null,
                                        "was_validation_successful": false
                                    },
4elta commented 1 year ago

sorry, my bad. i missed the array in the JSON schema.