diff options
author | Jack Lloyd <[email protected]> | 2016-11-16 16:14:56 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-16 16:14:56 -0500 |
commit | ca86adc7ceee60abc62645067a53c0f117f28783 (patch) | |
tree | 424f30b60a27a9f2c024f647571df1734d2b1e8c /src | |
parent | 674b7c5a16f449f6024b99a1b208feaa933ca8a5 (diff) |
Add a script to test TLS compat with major sites
Diffstat (limited to 'src')
-rw-r--r-- | src/extra_tests/tls_scanner/readme.txt | 5 | ||||
-rwxr-xr-x | src/extra_tests/tls_scanner/tls_scanner.py | 51 | ||||
-rw-r--r-- | src/extra_tests/tls_scanner/urls.txt | 57 |
3 files changed, 113 insertions, 0 deletions
diff --git a/src/extra_tests/tls_scanner/readme.txt b/src/extra_tests/tls_scanner/readme.txt new file mode 100644 index 000000000..a4754b02d --- /dev/null +++ b/src/extra_tests/tls_scanner/readme.txt @@ -0,0 +1,5 @@ + +Simple script to scan hosts to check basic TLS client compatability. + +URL list chosen mostly from large tech/software vendors, feel free to +send suggestions. diff --git a/src/extra_tests/tls_scanner/tls_scanner.py b/src/extra_tests/tls_scanner/tls_scanner.py new file mode 100755 index 000000000..f36ee6bfa --- /dev/null +++ b/src/extra_tests/tls_scanner/tls_scanner.py @@ -0,0 +1,51 @@ +#!/usr/bin/python2 + +import sys +import subprocess +import re + +def format_report(client_output): + version_re = re.compile('TLS (v1\.[0-2]) using ([A-Z0-9_]+)') + + version_match = version_re.search(client_output) + + #print client_output + + if version_match: + return "Established %s %s" % (version_match.group(1), version_match.group(2)) + else: + return client_output + +def scanner(args = None): + if args is None: + args = sys.argv + + if len(args) != 2: + print "Error: Usage tls_scanner.py host_file" + return 2 + + scanners = {} + + for url in [s.strip() for s in open(args[1]).readlines()]: + scanners[url] = subprocess.Popen(['../../../botan', 'tls_client', url], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE) + + for url in scanners.keys(): + scanners[url].stdin.close() + + report = {} + + for url in scanners.keys(): + print "waiting for", url + scanners[url].wait() + + if scanners[url].returncode != None: + output = scanners[url].stdout.read() + scanners[url].stderr.read() + report[url] = format_report(output) + + for url in report.keys(): + print url, ":", report[url] + + return 0 + +if __name__ == '__main__': + sys.exit(scanner()) diff --git a/src/extra_tests/tls_scanner/urls.txt b/src/extra_tests/tls_scanner/urls.txt new file mode 100644 index 000000000..33c7e0870 --- /dev/null +++ b/src/extra_tests/tls_scanner/urls.txt @@ -0,0 +1,57 @@ +adobe.com +adp.com +airbnb.com +akamai.com +amazon.com +apache.org +apple.com +bbc.co.uk +bing.com +ca.com +cisco.com +citrix.com +cloudflare.com +craigslist.org +dell.com +ebay.com +facebook.com +github.com +gmail.com +google.com +hp.com +huawei.com +ibm.com +ietf.org +intel.com +intuit.com +linkedin.com +medium.com +microsoft.com +mikestoolbox.org +nec.com +netflix.com +openssl.org +oracle.com +paypal.com +pwc.com +randombit.net +reddit.com +redhat.com +salesforce.com +sas.com +siemens.com +sony.com +stripe.com +swift.com +symantec.com +tls.mbed.org +twitter.com +uber.com +vmware.com +whatsapp.com +wikipedia.org +www.iso.org +www.lg.com +yahoo.com +yandex.ru +youtube.com |