Open drwetter opened 7 years ago
For a normal mode (./testssl --csv hostname:port) it will not work because of different numbers of columns for different findings.
For --json it can be done if we use an array for "finding":
[
{
"id" : "service",
"ip" : "host/ip",
"port" : "443",
"severity" : "INFO",
"finding" : ["Service detected: HTTP"]
}
, {
"id" : "cipher_xc028",
"ip" : "host/ip",
"port" : "443",
"severity" : "INFO",
"finding" : ["xc028", "ECDHE-RSA-AES256-SHA384", "ECDH 256", "AES", "256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "available"]
}
So do we want to have it only for cipher mode??? If - Yes, then it can be done easily (almost) in the following way:
CSV:
"id","fqdn/ip","port","severity","finding","cve","cwe","hint"
"finding" ->>>> "hexcode","csn_openssl","key_exch","encryption","bits","csn_rfc","availability"
JSON:
{
"id" : "cipher_xc028",
"ip" : "host/ip",
"port" : "443",
"severity" : "INFO",
"finding" : ["xc028", "ECDHE-RSA-AES256-SHA384", "ECDH 256", "AES", "256", "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384", "available"]
}
or
{
"id" : "cipher_xc028",
"ip" : "host/ip",
"port" : "443",
"severity" : "INFO",
"hexcode" : "xc028",
"csn_openssl" : "ECDHE-RSA-AES256-SHA384",
"key_exch" : "ECDH 256",
"encryption" : "AES",
"bits" : "256",
"csn_rfc" : "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
"availability" : "available"
}
@AlGreed : actually I don't know whether that would have help.
Maybe it's better to explain what I was trying to achieve. That was for a pentest and I wanted to have a table like hexcode , openssl name, kx, RFC name .
Probably I ended up scraping that from the screen, can't tell for sure. I was only puzzled that no JSON or CSV output helped me.
If you were me: what would you suggest?
I think for this case it would be enough to have a table in csv format. Working on it... i have a small problem with key exchange column. Some fields are like " ECDH 570", other like " RSA(512)" - not too easy to define an AWK rule... seems not consistent.
Jolly good (Brit stuff is in my head this week ;))
-- Sent via mobile. Excuse my brevity, my typos and the autocorrection
Am 30. März 2017, 22:56, um 22:56, Oleksandr Nosenko notifications@github.com schrieb:
I think for this case it would be enough to have a table in csv format. Working on it...
-- You are receiving this because you authored the thread. Reply to this email directly or view it on GitHub: https://github.com/drwetter/testssl.sh/issues/618#issuecomment-290542335
In CSV output generate by
./testssl.sh -x CBC --csv HOSTNAME
I got lines like"cipher_x35","HOSTNAME/AA.BB.CC.DD","443","INFO","x35 AES256-SHA RSA AES 256 TLS_RSA_WITH_AES_256_CBC_SHA available","","",""
rather than
"cipher_x35","HOSTNAME/AA.BB.CC.DD","443","INFO","x35","AES256-SHA","RSA","AES","256" "TLS_RSA_WITH_AES_256_CBC_SHA"
Flat JSON is similar.
Which is from the user perspective unnecessary difficult to further process -- at least as far as my expectation as a user would be concerned.
Atm probably there's no easy solution, I am open for suggestions though.