Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS scan the SUT multiple times with different cipiher suites and version #13

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

TLS scan the SUT multiple times with different cipiher suites and version #13

wants to merge 1 commit into from

Conversation

raja-ashok
Copy link

@raja-ashok raja-ashok commented Jul 4, 2023
edited
Loading

Created a json file config/nist-sp-800-52.json to keep NIST recommended and non recommended ciphersuites. And updated tlsscan to parse it using jq and invoke openssl s_client multiple times to scan each service.

And finally tlsscan generates report file tls_conn_report.json. From this a summar.csv is generated with list of tls versions supported and ciphersuites count and it is displayed in table form on console using tabled.

nyrahul
nyrahul requested changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@nyrahul nyrahul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for the PR @raja-ashok
It would be great to have separate plugins to handle NIST on top of TLS scan report. This would make it extensible. The plugins should enrich the base TLS scan report with their own findings.

config/nist-sp-800-52.json Outdated Show resolved Hide resolved
src/tlsscan Outdated Show resolved Hide resolved
@raja-ashok raja-ashok force-pushed the tlsscan_multiple_times branch 4 times, most recently from 15342c4 to 814fdaf Compare August 6, 2023 16:11
@raja-ashok raja-ashok changed the title [WIP] TLS scan the SUT multiple times with different cipiher suites and version TLS scan the SUT multiple times with different cipiher suites and version Aug 6, 2023
@nyrahul
Copy link
Contributor

nyrahul commented Aug 8, 2023

Hey @raja-ashok , this looks great! Can you attach a sample report that is generated as part of this? Thanks

@raja-ashok
Copy link
Author

Started two openssl s_server process and ran the tlsscan for testing.

openssl s_server -port 4455 
openssl s_server -port 4466 -tls1_2
./src/tlsscan --infile data/addr.list

image

@nandhued nandhued mentioned this pull request May 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nyrahul nyrahul nyrahul requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@raja-ashok @nyrahul