New version
parent
5a024333c8
commit
5955667df0
|
@ -0,0 +1 @@
|
|||
2.3.3-cryptcheck
|
|
@ -1,4 +1,4 @@
|
|||
guard 'livereload' do
|
||||
guard :livereload do
|
||||
watch(%r{app/views/.+\.(erb|haml|slim)$})
|
||||
watch(%r{app/helpers/.+\.rb})
|
||||
watch(%r{public/.+\.(css|js|html)})
|
||||
|
@ -6,3 +6,8 @@ guard 'livereload' do
|
|||
# Rails Assets Pipeline
|
||||
watch(%r{(app|vendor)(/assets/\w+/(.+\.(css|js|html|png|jpg|coffee|scss))).*}) { |m| "/assets/#{m[3]}" }
|
||||
end
|
||||
|
||||
#guard :rails do
|
||||
# watch('Gemfile.lock')
|
||||
# watch(%r{^(config|lib)/.*})
|
||||
#end
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
//= require_tree .
|
||||
//= require_self
|
||||
|
||||
@import 'bootstrap-sprockets';
|
||||
@import 'bootstrap';
|
||||
@import 'bootstrap/variables';
|
||||
|
@ -21,7 +20,6 @@
|
|||
@import 'bootstrap/alerts';
|
||||
@import 'bootstrap/utilities';
|
||||
@import 'bootstrap/responsive-utilities';
|
||||
|
||||
@import 'font-awesome-sprockets';
|
||||
@import 'font-awesome';
|
||||
|
||||
|
@ -67,36 +65,55 @@ td.primary {
|
|||
margin-top: 100px;
|
||||
}
|
||||
|
||||
$color-critical: #d9534f;
|
||||
$color-error: #e4804e;
|
||||
$color-warning: #f0ad4e;
|
||||
$color-good: #beb052;
|
||||
$color-best: #8db457;
|
||||
$color-great: #5cb85c;
|
||||
|
||||
.label-state-critical {
|
||||
//background-color: #800000;
|
||||
background-color: #ff0000;
|
||||
background-color: $color-critical;
|
||||
}
|
||||
|
||||
.label-state-error {
|
||||
//background-color: #803300;
|
||||
background-color: #ff6600;
|
||||
background-color: $color-error;
|
||||
}
|
||||
|
||||
.label-state-warning {
|
||||
//background-color: #806600;
|
||||
background-color: #ffcc00;
|
||||
color: $text-color;
|
||||
background-color: $color-warning;
|
||||
color: $text-color;
|
||||
}
|
||||
|
||||
.label-state-good {
|
||||
//background-color: #668000;
|
||||
background-color: #cbff00;
|
||||
color: $text-color;
|
||||
background-color: $color-good;
|
||||
color: $text-color;
|
||||
}
|
||||
|
||||
.label-state-great {
|
||||
//background-color: #338000;
|
||||
background-color: #65ff00;
|
||||
}
|
||||
|
||||
.label-state-best {
|
||||
//background-color: #008000;
|
||||
background-color: #00ff00;
|
||||
background-color: $color-best;
|
||||
}
|
||||
.label-state-great {
|
||||
background-color: $color-great;
|
||||
}
|
||||
|
||||
.label-state-default {
|
||||
//background-color: #008000;
|
||||
background-color: $label-default-bg;
|
||||
}
|
||||
.label-state-success {
|
||||
background-color: $label-success-bg;
|
||||
}
|
||||
|
||||
.alert-critical, .alert-error {
|
||||
background-color: $alert-danger-bg;
|
||||
color: $alert-danger-text;
|
||||
border-color: $alert-danger-border
|
||||
}
|
||||
.alert-warning {
|
||||
background-color: $alert-warning-bg;
|
||||
color: $alert-warning-text;
|
||||
border-color: $alert-warning-border
|
||||
}
|
||||
.alert-good, .alert-great, .alert-best {
|
||||
background-color: $alert-success-bg;
|
||||
color: $alert-success-text;
|
||||
border-color: $alert-success-border
|
||||
}
|
||||
|
||||
|
|
|
@ -41,18 +41,22 @@ class CheckController < ApplicationController
|
|||
@id = params[:id]
|
||||
|
||||
if @id.end_with? '.json'
|
||||
@id = @id.sub /\.json$/, ''
|
||||
@id = @id.sub /\.json$/, ''
|
||||
request.format = :json
|
||||
end
|
||||
|
||||
@host, @port = @id.split ':'
|
||||
@host = SimpleIDN.to_ascii @host.downcase
|
||||
@host = SimpleIDN.to_ascii @host.downcase
|
||||
if /[^a-zA-Z0-9.-]/ =~ @host
|
||||
flash[:danger] = "Hôte #{@host} invalide"
|
||||
redirect_to action: :index
|
||||
return false
|
||||
end
|
||||
@port = @port.to_i if @port
|
||||
if @port
|
||||
@port = @port.to_i
|
||||
else
|
||||
@port = self.default_port
|
||||
end
|
||||
|
||||
@result = Analysis[self.type, @host, @port]
|
||||
# file = File.join Rails.root, 'config/host.yml'
|
||||
|
|
|
@ -11,4 +11,8 @@ class HttpsController < CheckController
|
|||
def tls_type
|
||||
'HTTPS'
|
||||
end
|
||||
|
||||
def default_port
|
||||
443
|
||||
end
|
||||
end
|
||||
|
|
|
@ -11,4 +11,8 @@ class SmtpController < CheckController
|
|||
def tls_type
|
||||
'STARTTLS'
|
||||
end
|
||||
|
||||
def default_port
|
||||
25
|
||||
end
|
||||
end
|
||||
|
|
|
@ -11,4 +11,8 @@ class SshController < CheckController
|
|||
def tls_type
|
||||
'SSH'
|
||||
end
|
||||
|
||||
def default_port
|
||||
22
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,16 +1,19 @@
|
|||
module CheckHelper
|
||||
private def __label(value, color)
|
||||
"<span class=\"label label-#{color} %>\">#{value}</span>"
|
||||
end
|
||||
def label(value, color)
|
||||
__label(value, color).html_safe
|
||||
private def __label(value, color, state=true)
|
||||
color = :default unless color
|
||||
color = "state-#{color}" if state
|
||||
"<span class=\"label label-#{color}\">#{value}</span>"
|
||||
end
|
||||
|
||||
def cell(value, color)
|
||||
"<td class=\"#{color}\">#{value}</td>".html_safe
|
||||
def label(value, color, state=true)
|
||||
__label(value, color, state).html_safe
|
||||
end
|
||||
|
||||
def labels(level, states)
|
||||
def cell(value, color, state=true)
|
||||
"<td class=\"label-state-#{color}\">#{value}</td>".html_safe
|
||||
end
|
||||
|
||||
def labels(level, states, state=true)
|
||||
states.each_pair.collect do |name, value|
|
||||
color = if value.nil?
|
||||
:default
|
||||
|
@ -19,32 +22,32 @@ module CheckHelper
|
|||
else
|
||||
value ? :success : :danger
|
||||
end
|
||||
__label name, color
|
||||
__label name, color, state
|
||||
end.join(' ').html_safe
|
||||
end
|
||||
|
||||
def states(states)
|
||||
::CryptCheck::State.collect do |level|
|
||||
states[level].each_pair.select { |_, v| v == true }.collect do |name, _|
|
||||
__label name, "state-#{level}"
|
||||
end
|
||||
states[level].each_pair
|
||||
.select { |_, v| v == true }
|
||||
.collect { |name, _| __label name, level }
|
||||
end.flatten(1).join(' ').html_safe
|
||||
end
|
||||
|
||||
def rank_color(rank)
|
||||
case rank
|
||||
when 'A+' then
|
||||
:primary
|
||||
when 'A' then
|
||||
:success
|
||||
when 'B' then
|
||||
:default
|
||||
when 'C', 'D' then
|
||||
when :'A+' then
|
||||
:great
|
||||
when :A then
|
||||
:best
|
||||
when :B then
|
||||
:good
|
||||
when :C, :D then
|
||||
:warning
|
||||
when 'E', 'F' then
|
||||
:danger
|
||||
else
|
||||
when :E, :F then
|
||||
:error
|
||||
else
|
||||
:critical
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -79,15 +82,7 @@ module CheckHelper
|
|||
end
|
||||
|
||||
def protocol_label(protocol)
|
||||
color = case protocol.to_s
|
||||
when 'TLSv1_2' then
|
||||
:success
|
||||
when 'SSLv3', 'SSLv2' then
|
||||
:error
|
||||
else
|
||||
:default
|
||||
end
|
||||
label protocol, color
|
||||
label protocol.to_sym, protocol.status
|
||||
end
|
||||
|
||||
def protocol_labels(protocols)
|
||||
|
@ -140,21 +135,9 @@ module CheckHelper
|
|||
end
|
||||
|
||||
def cipher_name_label(cipher)
|
||||
state = cipher[:state]
|
||||
color = case
|
||||
when !state[:error].empty? then
|
||||
:error
|
||||
when !state[:danger].empty? then
|
||||
:danger
|
||||
when !state[:warning].empty? then
|
||||
:warning
|
||||
when !state[:success].empty? then
|
||||
:success
|
||||
else
|
||||
:default
|
||||
end
|
||||
color = :primary if color == :success and cipher.size >= 256
|
||||
label(" ", color) + " #{cipher.name}".html_safe
|
||||
status = cipher.status
|
||||
status = :success if status == :good
|
||||
label(" ", status) + " #{cipher.name}".html_safe
|
||||
end
|
||||
|
||||
def cipher_labels(cipher)
|
||||
|
@ -165,13 +148,13 @@ module CheckHelper
|
|||
def cipher_kex_type_cell(kex)
|
||||
color = case kex
|
||||
when :ecdh then
|
||||
:primary
|
||||
nil
|
||||
when :dh then
|
||||
:success
|
||||
when :rsa then
|
||||
:warning
|
||||
else
|
||||
when :rsa then
|
||||
:error
|
||||
else
|
||||
:critical
|
||||
end
|
||||
kex ||= 'None'
|
||||
cell kex.to_s.upcase, color
|
||||
|
@ -184,12 +167,10 @@ module CheckHelper
|
|||
|
||||
def cipher_auth_type_cell(auth)
|
||||
color = case auth
|
||||
when :ecdsa then
|
||||
:primary
|
||||
when :rsa then
|
||||
:default
|
||||
when :ecdsa, :rsa then
|
||||
nil
|
||||
else
|
||||
:error
|
||||
:critical
|
||||
end
|
||||
auth ||= 'None'
|
||||
cell auth.to_s.upcase, color
|
||||
|
@ -202,52 +183,55 @@ module CheckHelper
|
|||
|
||||
def cipher_enc_type_cell(enc)
|
||||
color = case enc
|
||||
when :chacha20 then
|
||||
:primary
|
||||
when :aes then
|
||||
when :chacha20
|
||||
:success
|
||||
when :camellia, :seed then
|
||||
:default
|
||||
else
|
||||
:error
|
||||
when nil, :rc4
|
||||
:critical
|
||||
end
|
||||
enc ||= 'NONE'
|
||||
cell enc.to_s.upcase, color
|
||||
end
|
||||
|
||||
def cipher_enc_key_size_cell(enc)
|
||||
enc ||= 0
|
||||
color = cipher_color enc
|
||||
def cipher_enc_block_size_cell(enc)
|
||||
color = case
|
||||
when enc.nil?
|
||||
nil
|
||||
when enc <= 64
|
||||
:critical
|
||||
when enc < 128
|
||||
:error
|
||||
end
|
||||
cell enc, color
|
||||
end
|
||||
|
||||
def cipher_enc_block_size_cell(enc)
|
||||
return cell '', :default unless enc
|
||||
color = cipher_color enc
|
||||
def cipher_enc_key_size_cell(enc)
|
||||
color = case
|
||||
when enc.nil?
|
||||
nil
|
||||
when enc < 128
|
||||
:critical
|
||||
end
|
||||
cell enc, color
|
||||
end
|
||||
|
||||
def cipher_enc_mode_cell(enc)
|
||||
color = case enc
|
||||
when :gcm, :ccm then
|
||||
:primary
|
||||
when :cbc then
|
||||
:danger
|
||||
when :gcm, :ccm, :aead
|
||||
:success
|
||||
end
|
||||
enc ||= ''
|
||||
cell enc.to_s.upcase, color
|
||||
end
|
||||
|
||||
def cipher_mac_type_cell(mac)
|
||||
color = case mac
|
||||
when :poly1305 then
|
||||
:primary
|
||||
when :sha384, :sha256 then
|
||||
:success
|
||||
when :sha384, :sha256 then
|
||||
nil
|
||||
when :sha1 then
|
||||
:warning
|
||||
when :md5 then
|
||||
:error
|
||||
else
|
||||
:critical
|
||||
end
|
||||
cell mac.to_s.upcase, color
|
||||
end
|
||||
|
@ -257,7 +241,7 @@ module CheckHelper
|
|||
end
|
||||
|
||||
def cipher_pfs_cell(pfs)
|
||||
return cell 'PFS', :success if pfs
|
||||
cell 'No PFS', :warning
|
||||
return cell 'PFS', nil if pfs
|
||||
cell 'No PFS', :error
|
||||
end
|
||||
end
|
||||
|
|
|
@ -12,77 +12,158 @@
|
|||
<% end %>
|
||||
</div>
|
||||
|
||||
<% @result.hosts.each do |host| %>
|
||||
<% @result.result.each do |host| %>
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<h2>
|
||||
<%= rank_label host.grade %>
|
||||
<%= host.ip %> : <%= host.port %>
|
||||
<span class="small">(<%= host.hostname %>)</span></h2>
|
||||
<%= rank_label host[:grade] %>
|
||||
<%= host[:ip] %> : <%= host[:port] %>
|
||||
<span class="small">(<%= host[:hostname] %>)</span></h2>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<% ::CryptCheck::State.each do |level|
|
||||
host[:states][level].each do |state, value|
|
||||
next unless value
|
||||
%>
|
||||
<div class="alert alert-<%= level %>"><%= t "alert.#{level}.#{state}" %></div>
|
||||
<% end
|
||||
end %>
|
||||
<!--
|
||||
<h3><%= t 'Checks' %></h3>
|
||||
<table class="table table-bordered table-condensed table-striped">
|
||||
<thead>
|
||||
<th><%= t 'Severity' %></th>
|
||||
<td></td>
|
||||
<td>
|
||||
<%= t 'Checks' %>
|
||||
(
|
||||
<%= label 'OK', :success, false %>
|
||||
<%= label 'KO', :danger, false %>
|
||||
<%= label 'N/A', :default, false %>
|
||||
)
|
||||
</td>
|
||||
</thead>
|
||||
<tbody>
|
||||
<% ::CryptCheck::State.each do |level| %>
|
||||
<tr>
|
||||
<th><%= label level, "state-#{level}" %></th>
|
||||
<td><%= labels level, host.states[level] %></td>
|
||||
<th><%= label level, "state-#{level}", false %></th>
|
||||
<td><%= labels level, host[:states][level], false %></td>
|
||||
</tr>
|
||||
<% end %>
|
||||
</tbody>
|
||||
</table>
|
||||
-->
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<!--div class="row">
|
||||
<div class="col-sm-12">
|
||||
<h3><%= t 'Certificates' %></h3>
|
||||
<table class="table table-bordered table-condensed table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>
|
||||
<%= t 'Subject' %>
|
||||
<span class="small">[<%= t 'Serial' %>]</span>
|
||||
<div class="small"><%= t 'Fingerprint' %></div>
|
||||
</th>
|
||||
<td><%= t 'Issuer' %></td>
|
||||
<td><%= t 'Not before' %></td>
|
||||
<td><%= t 'Not after' %></td>
|
||||
<th></th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th>
|
||||
<%= t 'Subject' %>
|
||||
<span class="small">[<%= t 'Serial' %>]</span>
|
||||
<div class="small"><%= t 'Fingerprint' %></div>
|
||||
</th>
|
||||
<td><%= t 'Issuer' %></td>
|
||||
<td><%= t 'Not before' %></td>
|
||||
<td><%= t 'Not after' %></td>
|
||||
<th></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<% host.handshakes.certs.each do |cert| %>
|
||||
<% host[:handshakes][:certs].each do |cert| %>
|
||||
<tr>
|
||||
<th>
|
||||
<%= cert.subject %> [<%= cert.serial %>]
|
||||
<div class="small"><%= cert.fingerprint %></div>
|
||||
<%= cert[:subject] %> [<%= cert[:serial] %>]
|
||||
<div class="small"><%= cert[:fingerprint] %></div>
|
||||
</th>
|
||||
<td><%= cert.issuer %></td>
|
||||
<td><%= l cert.lifetime.not_before %></td>
|
||||
<td><%= l cert.lifetime.not_after %></td>
|
||||
<td><%= states cert.states %></td>
|
||||
<td><%= cert[:issuer] %></td>
|
||||
<td><%= l cert[:lifetime][:not_before] %></td>
|
||||
<td><%= l cert[:lifetime][:not_after] %></td>
|
||||
<td><%= states cert[:states] %></td>
|
||||
</tr>
|
||||
<% cert.chain.each do |cert| %>
|
||||
<tr>
|
||||
<th>
|
||||
<%= cert.subject %> [<%= cert.serial %>]
|
||||
<div class="small"><%= cert.fingerprint %></div>
|
||||
</th>
|
||||
<td><%= cert.issuer %></td>
|
||||
<td><%= l cert.lifetime.not_before %></td>
|
||||
<td><%= l cert.lifetime.not_after %></td>
|
||||
</tr>
|
||||
<% end %>
|
||||
<% cert[:chain].each do |cert| %>
|
||||
<tr>
|
||||
<th>
|
||||
<%= cert[:subject] %> [<%= cert[:serial] %>]
|
||||
<div class="small"><%= cert[:fingerprint] %></div>
|
||||
</th>
|
||||
<td><%= cert[:issuer] %></td>
|
||||
<td><%= l cert[:lifetime][:not_before] %></td>
|
||||
<td><%= l cert[:lifetime][:not_after] %></td>
|
||||
</tr>
|
||||
<% end %>
|
||||
<% end %>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div-->
|
||||
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<table class="table table-bordered table-condensed table-striped center">
|
||||
<thead>
|
||||
<tr>
|
||||
<th rowspan="2"><%= t 'Name' %></th>
|
||||
<th colspan="2"><%= t 'Key exchange' %></th>
|
||||
<th colspan="2"><%= t 'Authentication' %></th>
|
||||
<th colspan="4"><%= t 'Encryption' %></th>
|
||||
<th colspan="2"><%= t 'MAC' %></th>
|
||||
<th rowspan="2"><%= t 'PFS' %></th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Block size' %></th>
|
||||
<th><%= t 'Mode' %></th>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Size' %></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<%
|
||||
handshakes = host[:handshakes]
|
||||
all_ciphers = handshakes[:ciphers].group_by { |c| c[:protocol] }
|
||||
CryptCheck::Tls::Method.each do |protocol|
|
||||
ciphers = all_ciphers.fetch(protocol, [])
|
||||
.collect { |c| CryptCheck::Tls::Cipher.new protocol, c[:name] }.sort
|
||||
unless ciphers.empty? %>
|
||||
<tr>
|
||||
<th colspan="12"><%= protocol_label protocol %></th>
|
||||
</tr>
|
||||
<% ciphers.each do |cipher|
|
||||
kex = cipher.kex
|
||||
auth = cipher.auth
|
||||
enc = cipher.encryption
|
||||
mac = cipher.hmac
|
||||
pfs = cipher.pfs?
|
||||
%>
|
||||
<tr>
|
||||
<th><%= cipher_name_label cipher %></th>
|
||||
<%= cipher_kex_type_cell kex %>
|
||||
<th/>
|
||||
<%#= cipher_kex_size_cell kex&.last %>
|
||||
<%= cipher_auth_type_cell auth %>
|
||||
<th/>
|
||||
<%#= cipher_auth_size_cell auth&.last %>
|
||||
<%= cipher_enc_type_cell enc[0] %>
|
||||
<%= cipher_enc_key_size_cell enc[1] %>
|
||||
<%= cipher_enc_block_size_cell enc[2] %>
|
||||
<%= cipher_enc_mode_cell enc[3] %>
|
||||
<%= cipher_mac_type_cell mac[0] %>
|
||||
<%= cipher_mac_size_cell mac[1] %>
|
||||
<%= cipher_pfs_cell pfs %>
|
||||
</tr>
|
||||
<% end end end %>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
|
|
@ -0,0 +1,156 @@
|
|||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-sm-11">
|
||||
<h1>
|
||||
[<%= self.type.to_s.upcase %>] <%= @host %> <span class="small">(<%= l @result.date %>)</span>
|
||||
</h1>
|
||||
</div>
|
||||
<% if Time.now - @result.date >= Rails.configuration.refresh_delay %>
|
||||
<div class="col-sm-1">
|
||||
<%= link_to t('Refresh'), {action: :refresh}, class: %i(btn btn-default) %>
|
||||
</div>
|
||||
<% end %>
|
||||
</div>
|
||||
<%
|
||||
@result.hosts.each do |host|
|
||||
if host.error
|
||||
error, host = host.error, host.host
|
||||
%>
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<h2><%= host.name %> - <%= host.ip %> : <%= host.port %></h2>
|
||||
<%= t 'Error during analysis:' %>
|
||||
<span class="label label-error"><%= error %></span>
|
||||
</div>
|
||||
</div>
|
||||
<%
|
||||
else
|
||||
host, grade, handshake = host.host, host.grade, host.handshake
|
||||
%>
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<h2><%= host.name %> - <%= host.ip %> : <%= host.port %></h2>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-sm-6">
|
||||
<table class="table table-bordered table-condensed table-striped">
|
||||
<thead>
|
||||
<tr>
|
||||
<th colspan="2">
|
||||
Scores
|
||||
<%= rank_label grade.rank %>
|
||||
</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<%
|
||||
{ 'Protocol' => 'protocol',
|
||||
'Key exchange' => 'key_exchange',
|
||||
'Cipher' => 'cipher_strengths',
|
||||
'Overall' => 'score'}.each do |name, v| %>
|
||||
<tr>
|
||||
<th class="col-sm-4"><%= t name %></th>
|
||||
<td class="col-sm-8"><%= score_progress grade.details[v] %></td>
|
||||
</tr>
|
||||
<% end %>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
<div class="col-sm-6">
|
||||
<table class="table table-bordered table-condensed table-striped">
|
||||
<tbody>
|
||||
<tr>
|
||||
<th class="col-sm-4"><%= t 'Protocols' %></th>
|
||||
<td class="col-sm-8"><%= protocol_labels handshake.protocols %></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= t 'Keys' %></th>
|
||||
<td>
|
||||
<p><%= t 'Certificates:' %> <%= key_label handshake[:key] %></p>
|
||||
<p>Diffie Hellman : <%= key_labels handshake.dh %></p>
|
||||
</td>
|
||||
</tr>
|
||||
<% { 'Good practices' => :success,
|
||||
'Warning' => :warning,
|
||||
'Critical' => :danger,
|
||||
'Fatal' => :error }.each do |name, color|
|
||||
names = grade[color]
|
||||
next if names.nil? or names.empty?
|
||||
%>
|
||||
<tr>
|
||||
<th><%= t name %></th>
|
||||
<td>
|
||||
<% names.each do |name| %>
|
||||
<span class="label label-<%= color %>"><%= name.upcase %></span>
|
||||
<% end %>
|
||||
</td>
|
||||
</tr>
|
||||
<% end %>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-sm-12">
|
||||
<table class="table table-bordered table-condensed table-striped center">
|
||||
<thead>
|
||||
<tr>
|
||||
<th rowspan="2"><%= t 'Name' %></th>
|
||||
<th colspan="2"><%= t 'Key exchange' %></th>
|
||||
<th colspan="2"><%= t 'Authentication' %></th>
|
||||
<th colspan="4"><%= t 'Encryption' %></th>
|
||||
<th colspan="2"><%= t 'MAC' %></th>
|
||||
<th rowspan="2"><%= t 'PFS' %></th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Block size' %></th>
|
||||
<th><%= t 'Mode' %></th>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Size' %></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<% CryptCheck::Tls::Server::EXISTING_METHODS.each do |protocol|
|
||||
ciphers = CryptCheck::Tls::Cipher.sort(handshake.ciphers.select { |c| c.protocol == protocol.to_s }
|
||||
.collect { |c| CryptCheck::Tls::Cipher.new protocol, [c.name, nil, c[:size]], c.dh, handshake[:key] })
|
||||
unless ciphers.empty? %>
|
||||
<tr>
|
||||
<th colspan="12"><%= protocol_label protocol %></th>
|
||||
</tr>
|
||||
<% ciphers.each do |cipher|
|
||||
params = cipher.params
|
||||
kex = params[:kex]
|
||||
auth = params[:auth]
|
||||
enc = params[:enc]
|
||||
mac = params[:mac]
|
||||
pfs = params[:pfs]
|
||||
%>
|
||||
<tr>
|
||||
<th><%= cipher_name_label cipher %></th>
|
||||
<%= cipher_kex_type_cell kex&.first %>
|
||||
<%= cipher_kex_size_cell kex&.last %>
|
||||
<%= cipher_auth_type_cell auth&.first %>
|
||||
<%= cipher_auth_size_cell auth&.last %>
|
||||
<%= cipher_enc_type_cell enc&.first %>
|
||||
<%= cipher_enc_key_size_cell enc&.[] 1 %>
|
||||
<%= cipher_enc_block_size_cell enc&.[] 2 %>
|
||||
<%= cipher_enc_mode_cell enc&.last %>
|
||||
<%= cipher_mac_type_cell mac&.first %>
|
||||
<%= cipher_mac_size_cell mac&.last %>
|
||||
<%= cipher_pfs_cell pfs %>
|
||||
</tr>
|
||||
<% end end end %>
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
<% end
|
||||
end %>
|
||||
</div>
|
|
@ -4,37 +4,36 @@
|
|||
<thead>
|
||||
<tr>
|
||||
<th rowspan="2"><%= t 'Name' %></th>
|
||||
<th rowspan="2"><%= t 'Key exchange' %></th>
|
||||
<th rowspan="2"><%= t 'Authentication' %></th>
|
||||
<th rowspan="2"><%= t 'Key exchange' %></th>
|
||||
<th colspan="4"><%= t 'Encryption' %></th>
|
||||
<th colspan="2"><%= t 'MAC' %></th>
|
||||
<th rowspan="2"><%= t 'PFS' %></th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Block size' %></th>
|
||||
<th><%= t 'Key size' %></th>
|
||||
<th><%= t 'Mode' %></th>
|
||||
<th><%= t 'Type' %></th>
|
||||
<th><%= t 'Size' %></th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<% CryptCheck::Tls::Cipher.list.each do |cipher|
|
||||
params = cipher.params
|
||||
kex = params[:kex]
|
||||
auth = params[:auth]
|
||||
enc = params[:enc]
|
||||
mac = params[:mac]
|
||||
pfs = params[:pfs]
|
||||
<% CryptCheck::Tls::Cipher[:TLSv1_2].each do |cipher|
|
||||
kex = cipher.kex
|
||||
auth = cipher.auth
|
||||
enc = cipher.encryption
|
||||
mac = cipher.hmac
|
||||
pfs = cipher.pfs?
|
||||
%>
|
||||
<tr>
|
||||
<th><%= cipher_name_label cipher %></th>
|
||||
<%= cipher_kex_type_cell kex&.first %>
|
||||
<%= cipher_auth_type_cell auth&.first %>
|
||||
<%= cipher_auth_type_cell auth %>
|
||||
<%= cipher_kex_type_cell kex %>
|
||||
<%= cipher_enc_type_cell enc&.first %>
|
||||
<%= cipher_enc_key_size_cell enc&.[] 1 %>
|
||||
<%= cipher_enc_block_size_cell enc&.[] 2 %>
|
||||
<%= cipher_enc_block_size_cell enc&.[] 1 %>
|
||||
<%= cipher_enc_key_size_cell enc&.[] 2 %>
|
||||
<%= cipher_enc_mode_cell enc&.last %>
|
||||
<%= cipher_mac_type_cell mac&.first %>
|
||||
<%= cipher_mac_size_cell mac&.last %>
|
||||
|
|
|
@ -3,7 +3,7 @@ class HTTPSWorker < CheckWorker
|
|||
|
||||
protected
|
||||
def analyze(host, port=443)
|
||||
CryptCheck::Tls::Https::Host.new host, port
|
||||
CryptCheck::Tls::Https.analyze host, port
|
||||
end
|
||||
|
||||
def type
|
||||
|
|
|
@ -11,12 +11,10 @@ if ENV['RAILS_ENV'] == 'development'
|
|||
end
|
||||
|
||||
require 'sidekiq'
|
||||
options = {
|
||||
url: ENV['REDIS_URL'],
|
||||
namespace: :cryptcheck
|
||||
}
|
||||
client = Sidekiq::Client.new Sidekiq::RedisConnection.create options
|
||||
redis = ENV['REDIS_URL']
|
||||
Sidekiq.configure_server { |c| c.redis = { url: redis } }
|
||||
Sidekiq.configure_client { |c| c.redis = { url: redis } }
|
||||
|
||||
clazz, *args = ARGV
|
||||
clazz += 'Worker'
|
||||
client.push({ 'class' => clazz, 'args' => args })
|
||||
Sidekiq::Client.push({ 'class' => clazz, 'args' => args, 'retry' => false })
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
#!/bin/bash
|
||||
DIR="$(readlink -m "$(dirname "$0")")"
|
||||
LD_LIBRARY_PATH="${DIR}/../../cryptcheck/lib" "${0}.rb" $*
|
||||
DIR="$(readlink -e "$(dirname "${0}")")"
|
||||
export LD_LIBRARY_PATH="$(readlink -e "${DIR}/../../cryptcheck/lib")"
|
||||
"${0}.rb" $*
|
||||
|
|
|
@ -35,8 +35,9 @@ module CryptcheckRails
|
|||
|
||||
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
|
||||
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
|
||||
config.i18n.default_locale = :fr
|
||||
config.i18n.available_locales = %w(en fr de)
|
||||
config.i18n.default_locale = :en
|
||||
config.i18n.available_locales = %i[en fr de]
|
||||
config.i18n.fallbacks = true
|
||||
config.action_controller.include_all_helpers = false
|
||||
|
||||
config.refresh_delay = 1.hour
|
||||
|
|
|
@ -4,9 +4,9 @@ en:
|
|||
Cipher suite: Cipher suite
|
||||
"Cipher suite:": "Cipher suite:"
|
||||
|
||||
Check your domain: Check your domain
|
||||
Check your SSH server: Check your SSH server
|
||||
Check your SMTP server: Check your SMTP server
|
||||
Check This domain: Check This domain
|
||||
Check This SSH server: Check This SSH server
|
||||
Check This SMTP server: Check This SMTP server
|
||||
Test me!: Test me!
|
||||
|
||||
Currently analysing %{host}: Currently analysing %{host}
|
||||
|
@ -43,6 +43,36 @@ en:
|
|||
Block size: Block size
|
||||
Size: Size
|
||||
|
||||
Status: Status
|
||||
Not supported: Not supported
|
||||
|
||||
"Serial: %{serial}": "Serial: %{serial}"
|
||||
|
||||
alert:
|
||||
critical:
|
||||
sslv2: This server supports SSLv2
|
||||
sslv3: This server supports SSLv3
|
||||
dh: This server supports very weak DH parameters
|
||||
anonymous: This server supports anonymous ciphers
|
||||
"null": This server supports NULL ciphers
|
||||
export: This server supports EXPORT ciphers
|
||||
des: This server supports DES ciphers
|
||||
md5: This server supports MD5 ciphers
|
||||
rc4: This server supports RC4 ciphers
|
||||
sweet32: This server is vulnerable to Sweet32 attack
|
||||
error:
|
||||
dh: This server supports weak DH parameters
|
||||
tlsv1_0: This server supports TLSv1.0
|
||||
pfs: This server supports no-PFS ciphers
|
||||
warning:
|
||||
tlsv1_1: This server supports TLSv1.1
|
||||
dhe: This server supports DHE ciphers
|
||||
hsts: This server doesn't support HSTS
|
||||
good:
|
||||
hsts: This server supports HSTS
|
||||
fallback_scsv: This server supports SCSV fallback
|
||||
aead: This server supports AEAD ciphers
|
||||
best:
|
||||
great:
|
||||
hsts: This server supports HSTS with long duration
|
||||
|
||||
|
|
|
@ -48,6 +48,7 @@ fr:
|
|||
Checks: Vérifications
|
||||
Severity: Sévèrité
|
||||
|
||||
|
||||
Certificates: Certificats
|
||||
Subject: Sujet
|
||||
Serial: Numéro de série
|
||||
|
|
Loading…
Reference in New Issue