aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-16 16:14:56 -0500
committerJack Lloyd <[email protected]>2016-11-16 16:14:56 -0500
commitca86adc7ceee60abc62645067a53c0f117f28783 (patch)
tree424f30b60a27a9f2c024f647571df1734d2b1e8c /src
parent674b7c5a16f449f6024b99a1b208feaa933ca8a5 (diff)
Add a script to test TLS compat with major sites
Diffstat (limited to 'src')
-rw-r--r--src/extra_tests/tls_scanner/readme.txt5
-rwxr-xr-xsrc/extra_tests/tls_scanner/tls_scanner.py51
-rw-r--r--src/extra_tests/tls_scanner/urls.txt57
3 files changed, 113 insertions, 0 deletions
diff --git a/src/extra_tests/tls_scanner/readme.txt b/src/extra_tests/tls_scanner/readme.txt
new file mode 100644
index 000000000..a4754b02d
--- /dev/null
+++ b/src/extra_tests/tls_scanner/readme.txt
@@ -0,0 +1,5 @@
+
+Simple script to scan hosts to check basic TLS client compatability.
+
+URL list chosen mostly from large tech/software vendors, feel free to
+send suggestions.
diff --git a/src/extra_tests/tls_scanner/tls_scanner.py b/src/extra_tests/tls_scanner/tls_scanner.py
new file mode 100755
index 000000000..f36ee6bfa
--- /dev/null
+++ b/src/extra_tests/tls_scanner/tls_scanner.py
@@ -0,0 +1,51 @@
+#!/usr/bin/python2
+
+import sys
+import subprocess
+import re
+
+def format_report(client_output):
+ version_re = re.compile('TLS (v1\.[0-2]) using ([A-Z0-9_]+)')
+
+ version_match = version_re.search(client_output)
+
+ #print client_output
+
+ if version_match:
+ return "Established %s %s" % (version_match.group(1), version_match.group(2))
+ else:
+ return client_output
+
+def scanner(args = None):
+ if args is None:
+ args = sys.argv
+
+ if len(args) != 2:
+ print "Error: Usage tls_scanner.py host_file"
+ return 2
+
+ scanners = {}
+
+ for url in [s.strip() for s in open(args[1]).readlines()]:
+ scanners[url] = subprocess.Popen(['../../../botan', 'tls_client', url], stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)
+
+ for url in scanners.keys():
+ scanners[url].stdin.close()
+
+ report = {}
+
+ for url in scanners.keys():
+ print "waiting for", url
+ scanners[url].wait()
+
+ if scanners[url].returncode != None:
+ output = scanners[url].stdout.read() + scanners[url].stderr.read()
+ report[url] = format_report(output)
+
+ for url in report.keys():
+ print url, ":", report[url]
+
+ return 0
+
+if __name__ == '__main__':
+ sys.exit(scanner())
diff --git a/src/extra_tests/tls_scanner/urls.txt b/src/extra_tests/tls_scanner/urls.txt
new file mode 100644
index 000000000..33c7e0870
--- /dev/null
+++ b/src/extra_tests/tls_scanner/urls.txt
@@ -0,0 +1,57 @@
+adobe.com
+adp.com
+airbnb.com
+akamai.com
+amazon.com
+apache.org
+apple.com
+bbc.co.uk
+bing.com
+ca.com
+cisco.com
+citrix.com
+cloudflare.com
+craigslist.org
+dell.com
+ebay.com
+facebook.com
+github.com
+gmail.com
+google.com
+hp.com
+huawei.com
+ibm.com
+ietf.org
+intel.com
+intuit.com
+linkedin.com
+medium.com
+microsoft.com
+mikestoolbox.org
+nec.com
+netflix.com
+openssl.org
+oracle.com
+paypal.com
+pwc.com
+randombit.net
+reddit.com
+redhat.com
+salesforce.com
+sas.com
+siemens.com
+sony.com
+stripe.com
+swift.com
+symantec.com
+tls.mbed.org
+twitter.com
+uber.com
+vmware.com
+whatsapp.com
+wikipedia.org
+www.iso.org
+www.lg.com
+yahoo.com
+yandex.ru
+youtube.com