Add a script to test TLS compat with major sites

author: Jack Lloyd <[email protected]> 2016-11-16 16:14:56 -0500
committer: Jack Lloyd <[email protected]> 2016-11-16 16:14:56 -0500
commit: ca86adc7ceee60abc62645067a53c0f117f28783 (patch)
tree: 424f30b60a27a9f2c024f647571df1734d2b1e8c /src/extra_tests/tls_scanner
parent: 674b7c5a16f449f6024b99a1b208feaa933ca8a5 (diff)
3 files changed, 113 insertions, 0 deletions
diff --git a/src/extra_tests/tls_scanner/readme.txt b/src/extra_tests/tls_scanner/readme.txt
new file mode 100644
index 000000000..a4754b02d
--- /dev/null
+++ b/src/extra_tests/tls_scanner/readme.txt
@@ -0,0 +1,5 @@
+
+Simple script to scan hosts to check basic TLS client compatability.
+
+URL list chosen mostly from large tech/software vendors, feel free to
+send suggestions.
diff --git a/src/extra_tests/tls_scanner/tls_scanner.py b/src/extra_tests/tls_scanner/tls_scanner.py
new file mode 100755
index 000000000..f36ee6bfa
--- /dev/null
+++ b/src/extra_tests/tls_scanner/tls_scanner.py
@@ -0,0 +1,51 @@
+#!/usr/bin/python2
+
+import sys
+import subprocess
+import re
+
+def format_report(client_output):
+    version_re = re.compile('TLS (v1\.[0-2]) using ([A-Z0-9_]+)')
+
+    version_match = version_re.search(client_output)
+
+    #print client_output
+
+    if version_match:
+        return "Established %s %s" % (version_match.group(1), version_match.group(2))
+    else:
+        return client_output
+
+def scanner(args = None):
+    if args is None:
+        args = sys.argv
+
+    if len(args) != 2:
+        print "Error: Usage tls_scanner.py host_file"
+        return 2
+
+    scanners = {}
+
+    for url in [s.strip() for s in open(args[1]).readlines()]:
+        scanners[url] = subprocess.Popen(['../../../botan', 'tls_client', url], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
+
+    for url in scanners.keys():
+        scanners[url].stdin.close()
+
+    report = {}
+
+    for url in scanners.keys():
+        print "waiting for", url
+        scanners[url].wait()
+
+        if scanners[url].returncode != None:
+            output = scanners[url].stdout.read() + scanners[url].stderr.read()
+            report[url] = format_report(output)
+
+    for url in report.keys():
+        print url, ":", report[url]
+
+    return 0
+
+if __name__ == '__main__':
+    sys.exit(scanner())
diff --git a/src/extra_tests/tls_scanner/urls.txt b/src/extra_tests/tls_scanner/urls.txt
new file mode 100644
index 000000000..33c7e0870
--- /dev/null
+++ b/src/extra_tests/tls_scanner/urls.txt
@@ -0,0 +1,57 @@
+adobe.com
+adp.com
+airbnb.com
+akamai.com
+amazon.com
+apache.org
+apple.com
+bbc.co.uk
+bing.com
+ca.com
+cisco.com
+citrix.com
+cloudflare.com
+craigslist.org
+dell.com
+ebay.com
+facebook.com
+github.com
+gmail.com
+google.com
+hp.com
+huawei.com
+ibm.com
+ietf.org
+intel.com
+intuit.com
+linkedin.com
+medium.com
+microsoft.com
+mikestoolbox.org
+nec.com
+netflix.com
+openssl.org
+oracle.com
+paypal.com
+pwc.com
+randombit.net
+reddit.com
+redhat.com
+salesforce.com
+sas.com
+siemens.com
+sony.com
+stripe.com
+swift.com
+symantec.com
+tls.mbed.org
+twitter.com
+uber.com
+vmware.com
+whatsapp.com
+wikipedia.org
+www.iso.org
+www.lg.com
+yahoo.com
+yandex.ru
+youtube.com
author	Jack Lloyd <[email protected]>	2016-11-16 16:14:56 -0500
committer	Jack Lloyd <[email protected]>	2016-11-16 16:14:56 -0500
commit	ca86adc7ceee60abc62645067a53c0f117f28783 (patch)
tree	424f30b60a27a9f2c024f647571df1734d2b1e8c /src/extra_tests/tls_scanner
parent	674b7c5a16f449f6024b99a1b208feaa933ca8a5 (diff)