search

drwetter / testssl.sh

Testing TLS/SSL encryption anywhere on any port
https://testssl.sh
GNU General Public License v2.0
7.9k stars 1.02k forks source link

Argument separation in CSV/flat JSON #618

Open drwetter opened 7 years ago

drwetter commented 7 years ago

In CSV output generate by ./testssl.sh -x CBC --csv HOSTNAME I got lines like

"cipher_x35","HOSTNAME/AA.BB.CC.DD","443","INFO","x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA available","","",""

rather than

"cipher_x35","HOSTNAME/AA.BB.CC.DD","443","INFO","x35","AES256-SHA","RSA","AES","256" "TLS_RSA_WITH_AES_256_CBC_SHA"

Flat JSON is similar.

Which is from the user perspective unnecessary difficult to further process -- at least as far as my expectation as a user would be concerned.

Atm probably there's no easy solution, I am open for suggestions though.

AlGreed commented 7 years ago

For a normal mode (./testssl --csv hostname:port) it will not work because of different numbers of columns for different findings.

For --json it can be done if we use an array for "finding":

[
        {
              "id"           : "service",
              "ip"           : "host/ip",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : ["Service detected: HTTP"]
         }
,        {
              "id"           : "cipher_xc028",
              "ip"           : "host/ip",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : ["xc028", "ECDHE-RSA-AES256-SHA384", "ECDH 256", "AES", "256",    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "available"]
         }

So do we want to have it only for cipher mode??? If - Yes, then it can be done easily (almost) in the following way:

CSV:

"id","fqdn/ip","port","severity","finding","cve","cwe","hint"
"finding" ->>>> "hexcode","csn_openssl","key_exch","encryption","bits","csn_rfc","availability"

JSON:

   {
              "id"           : "cipher_xc028",
              "ip"           : "host/ip",
              "port"         : "443",
              "severity"     : "INFO",
              "finding"      : ["xc028", "ECDHE-RSA-AES256-SHA384", "ECDH 256", "AES", "256",    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "available"]
         }

or

   {
              "id"           : "cipher_xc028",
              "ip"           : "host/ip",
              "port"         : "443",
              "severity"     : "INFO",
              "hexcode"    :  "xc028",
              "csn_openssl" : "ECDHE-RSA-AES256-SHA384",
              "key_exch" : "ECDH 256",
              "encryption" : "AES",
              "bits" : "256",
              "csn_rfc" : "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
              "availability" :  "available"
         }
drwetter commented 7 years ago

@AlGreed : actually I don't know whether that would have help.

Maybe it's better to explain what I was trying to achieve. That was for a pentest and I wanted to have a table like hexcode , openssl name, kx, RFC name .

Probably I ended up scraping that from the screen, can't tell for sure. I was only puzzled that no JSON or CSV output helped me.

If you were me: what would you suggest?

AlGreed commented 7 years ago

I think for this case it would be enough to have a table in csv format. Working on it... i have a small problem with key exchange column. Some fields are like " ECDH 570", other like " RSA(512)" - not too easy to define an AWK rule... seems not consistent.

drwetter commented 7 years ago

Jolly good (Brit stuff is in my head this week ;))

⁣-- Sent via mobile. Excuse my brevity, my typos and the autocorrection​

Am 30. März 2017, 22:56, um 22:56, Oleksandr Nosenko notifications@github.com schrieb:

I think for this case it would be enough to have a table in csv format. Working on it...

-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/drwetter/testssl.sh/issues/618#issuecomment-290542335