Some fixes

v1
Nicolas Vinot 2015-07-11 21:36:54 +02:00
parent 0559ed0597
commit 340c4a445d
22 changed files with 838 additions and 113 deletions

View File

@ -1,38 +1,57 @@
PWD = $(shell pwd)
export CPATH = $(PWD)/openssl/include
export LIBRARY_PATH = $(PWD)/openssl
OPENSSL_VERSION = OpenSSL_1_0_1j
RUBY_VERSION = 2.1.5
RUBY_OPENSSL_EXT_DIR = ruby-$(RUBY_VERSION)/ext/openssl
OPENSSL_VERSION = 1.0.1m
OPENSSL_DIR = openssl-$(OPENSSL_VERSION)
RUBY_MAJOR_VERSION = 2.2
RUBY_VERSION = $(RUBY_MAJOR_VERSION).2
RUBY_DIR = ruby-$(RUBY_VERSION)
RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl
export LIBRARY_PATH = $(PWD)/lib
export C_INCLUDE_PATH = $(PWD)/$(OPENSSL_DIR)/include
all: lib/libssl.so.1.0.0 lib/libcrypto.so.1.0.0 lib/openssl.so
.SECONDARY:
all: libs ext
clean:
rm -rf ruby-$(RUBY_VERSION) openssl
rm -rf $(RUBY_DIR) $(OPENSSL_DIR)
openssl:
git clone https://github.com/openssl/openssl -b $(OPENSSL_VERSION)
mr-proper: clean
rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so
openssl/Makefile: openssl
cd openssl; ./config shared
$(OPENSSL_DIR)/:
wget https://www.openssl.org/source/$(OPENSSL_DIR).tar.gz
tar xf $(OPENSSL_DIR).tar.gz
rm -rf $(OPENSSL_DIR).tar.gz
openssl/libssl.so: openssl/Makefile
cd openssl; $(MAKE) depend all
$(OPENSSL_DIR)/Makefile: $(OPENSSL_DIR)/
cd $(OPENSSL_DIR); ./config shared
lib/%.so.1.0.0: openssl/%.so
cp $^ $@
$(OPENSSL_DIR)/libssl.so.1.0.0 $(OPENSSL_DIR)/libcrypto.so.1.0.0: $(OPENSSL_DIR)/Makefile
$(MAKE) -C $(OPENSSL_DIR) depend build_libs
ruby-$(RUBY_VERSION):
wget http://cache.ruby-lang.org/pub/ruby/2.1/ruby-$(RUBY_VERSION).tar.gz
tar xf ruby-$(RUBY_VERSION).tar.gz
rm -f ruby-$(RUBY_VERSION).tar.gz
lib/%.so.1.0.0: $(OPENSSL_DIR)/%.so.1.0.0
cp $< $@
$(RUBY_OPENSSL_EXT_DIR)/Makefile: ruby-$(RUBY_VERSION)
lib/%.so: lib/%.so.1.0.0
ln -s $(notdir $<) $@
libs: lib/libssl.so lib/libcrypto.so
$(RUBY_DIR):
wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_DIR).tar.gz
tar xf $(RUBY_DIR).tar.gz
rm -f $(RUBY_DIR).tar.gz
$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs $(RUBY_DIR)
cd $(RUBY_OPENSSL_EXT_DIR); ruby extconf.rb
patch $@ patch
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/Makefile
cd $(RUBY_OPENSSL_EXT_DIR); $(MAKE); $(MAKE) install
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: libs $(RUBY_OPENSSL_EXT_DIR)/Makefile
$(MAKE) -C $(RUBY_OPENSSL_EXT_DIR)
lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
cp $< $@
ext: lib/openssl.so

View File

@ -3,6 +3,8 @@ $:.unshift 'lib'
require 'logging'
require 'cryptcheck'
GROUP_NAME = 'Top 100 Alexa'
::Logging.logger.root.appenders = ::Logging.appenders.stdout
::Logging.logger.root.level = :error
@ -10,7 +12,7 @@ hosts = []
::File.open('top-1m.csv', 'r') do |file|
i = 0
while line = file.gets
hosts << ['Top 100 Alexa', line.strip.split(',')[1]]
hosts << [GROUP_NAME, line.strip.split(',')[1]]
i += 1
break if i == 100
end

17
bin/check_smtp 100755
View File

@ -0,0 +1,17 @@
#!/usr/bin/env ruby
$:.unshift 'lib'
require 'logging'
require 'cryptcheck'
name = ARGV[0]
unless name
::CryptCheck::Tls::Smtp.analyze_from_file 'output/smtp.yml', 'output/smtp.html'
else
::Logging.logger.root.appenders = ::Logging.appenders.stdout
::Logging.logger.root.level = :warn
server = ::CryptCheck::Tls::Smtp::Server.new(ARGV[0], ARGV[1] || 25)
p grade = ::CryptCheck::Tls::Smtp::Grade.new(server)
end

View File

@ -1,4 +1,5 @@
module CryptCheck
autoload :Tls, 'cryptcheck/tls'
module Tls
autoload :Server, 'cryptcheck/tls/server'
autoload :TcpServer, 'cryptcheck/tls/server'
@ -18,5 +19,11 @@ module CryptCheck
autoload :Server, 'cryptcheck/tls/xmpp/server'
autoload :Grade, 'cryptcheck/tls/xmpp/grade'
end
autoload :Smtp, 'cryptcheck/tls/smtp'
module Smtp
autoload :Server, 'cryptcheck/tls/smtp/server'
autoload :Grade, 'cryptcheck/tls/smtp/grade'
end
end
end

View File

@ -0,0 +1,71 @@
require 'erb'
require 'logging'
require 'parallel'
module CryptCheck
module Tls
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@@log = ::Logging.logger[Tls]
def self.grade(hostname, port, server_class:, grade_class:)
timeout MAX_ANALYSIS_DURATION do
grade_class.new server_class.new hostname, port
end
rescue ::Exception => e
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
end
def self.analyze(hosts, template, output, groups = nil, port:, server_class:, grade_class:)
results = {}
semaphore = ::Mutex.new
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host|
result = grade host.strip, port, server_class: server_class, grade_class: grade_class
semaphore.synchronize do
if results.include? description
results[description] << result
else
results[description] = [result]
end
end
end
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups
results.each do |d, _|
results[d].sort! do |a, b|
cmp = score(a) <=> score(b)
if cmp == 0
cmp = b.score <=> a.score
if cmp == 0
cmp = a.server.hostname <=> b.server.hostname
end
end
cmp
end
end
::File.write output, ::ERB.new(::File.read(template)).result(binding)
end
def self.analyze_from_file(file, template, output, port:, server_class:, grade_class:)
config = ::YAML.load_file file
hosts = []
groups = []
config.each do |c|
d, hs = c['description'], c['hostnames']
groups << d
hs.each { |host| hosts << [d, host] }
end
self.analyze hosts, template, output, groups, port: port, server_class: server_class, grade_class: grade_class
end
private
SCORES = %w(A+ A A- B C D E F T M X)
def self.score(a)
SCORES.index a.grade
end
end
end

View File

@ -1,72 +1,12 @@
require 'erb'
require 'logging'
require 'parallel'
module CryptCheck
module Tls
module Https
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@@log = ::Logging.logger[Https]
def self.grade(hostname, port=443)
timeout MAX_ANALYSIS_DURATION do
Grade.new Server.new hostname, port
end
rescue ::Exception => e
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
end
def self.analyze(hosts, output, groups = nil)
results = {}
semaphore = ::Mutex.new
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host|
result = grade host.strip
semaphore.synchronize do
if results.include? description
results[description] << result
else
results[description] = [result]
end
end
end
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups
results.each do |d, _|
results[d].sort! do |a, b|
cmp = score(a) <=> score(b)
if cmp == 0
cmp = b.score <=> a.score
if cmp == 0
cmp = a.server.hostname <=> b.server.hostname
end
end
cmp
end
end
::File.write output, ::ERB.new(::File.read('output/https.erb')).result(binding)
def self.analyze(hosts, output)
Tls.analyze hosts, 'output/https.erb', output, nil, port: 443, server_class: Server, grade_class: Grade
end
def self.analyze_from_file(file, output)
config = ::YAML.load_file file
hosts = []
groups = []
config.each do |c|
d, hs = c['description'], c['hostnames']
groups << d
hs.each { |host| hosts << [d, host] }
end
self.analyze hosts, output, groups
end
private
SCORES = %w(A+ A A- B C D E F T M X)
def self.score(a)
SCORES.index a.grade
Tls.analyze_from_file file, 'output/https.erb', output, port: 443, server_class: Server, grade_class: Grade
end
end
end

View File

@ -1,5 +1,3 @@
require 'socket'
require 'openssl'
require 'httparty'
module CryptCheck
@ -17,7 +15,7 @@ module CryptCheck
port = @port == 443 ? '' : ":#{@port}"
response = nil
@methods.each do |method|
EXISTING_METHODS.each do |method|
begin
next unless SUPPORTED_METHODS.include? method
@log.debug { "Check HSTS with #{method}" }

View File

@ -38,6 +38,7 @@ module CryptCheck
@port = port
@log.error { "Begin analysis" }
extract_cert
#@prefered_ciphers = @supported_ciphers = Hash[SUPPORTED_METHODS.collect { |m| [m, []]}]
fetch_prefered_ciphers
check_supported_cipher
@log.error { "End analysis" }
@ -191,8 +192,8 @@ module CryptCheck
@log.debug { "Waiting for SSL write to #{@hostname}:#{@port}" }
raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT
retry
rescue ::OpenSSL::SSL::SSLError => e
raise TLSException, e
rescue => e
raise TLSException, e
ensure
ssl_socket.close
end
@ -283,14 +284,14 @@ module CryptCheck
def verify_trust(chain, cert)
store = ::OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
%w(mozilla cacert).each do |directory|
store.set_default_paths
%w(cacert).each do |directory|
::Dir.glob(::File.join '/usr/share/ca-certificates', directory, '*').each do |file|
::File.open file, 'r' do |file|
cert = ::OpenSSL::X509::Certificate.new file.read
begin
store.add_cert cert
rescue ::OpenSSL::X509::StoreError
end
cert = ::OpenSSL::X509::Certificate.new ::File.read file
begin
store.add_cert cert
rescue ::OpenSSL::X509::StoreError
end
end
end
@ -300,7 +301,9 @@ module CryptCheck
rescue ::OpenSSL::X509::StoreError
end
end
store.verify cert
trusted = store.verify cert
p store.error_string unless trusted
trusted
end
end

View File

@ -0,0 +1,9 @@
module CryptCheck
module Tls
module Smtp
def self.analyze_from_file(file, output)
Tls.analyze_from_file file, 'output/smtp.erb', output, port: 25, server_class: Server, grade_class: Grade
end
end
end
end

View File

@ -0,0 +1,8 @@
module CryptCheck
module Tls
module Smtp
class Grade < Tls::Grade
end
end
end
end

View File

@ -0,0 +1,35 @@
require 'resolv'
module CryptCheck
module Tls
module Smtp
class Server < Tls::TcpServer
RESOLVER = Resolv::DNS.new
attr_reader :domain
def initialize(domain, port=25)
@domain = domain
srv = RESOLVER.getresources(domain, Resolv::DNS::Resource::IN::MX).sort_by(&:preference).first
if srv
hostname = srv.exchange.to_s
else # DNS is not correctly set, guess config…
hostname = domain
end
super hostname, port
end
def ssl_connect(socket, context, method, &block)
socket.recv 1024
socket.write "EHLO #{Socket.gethostbyname(Socket.gethostname).first}\r\n"
features = socket.recv(1024).split "\r\n"
starttls = features.find { |f| /250[- ]STARTTLS/ =~ f }
raise TLSNotAvailableException unless starttls
socket.write "STARTTLS\r\n"
socket.recv 1024
super
end
end
end
end
end

View File

@ -7,7 +7,7 @@ module CryptCheck
module Xmpp
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@@log = ::Logging.logger[Https]
@@log = ::Logging.logger[Xmpp]
def self.grade(hostname, type=:s2s)
timeout MAX_ANALYSIS_DURATION do

View File

@ -1,5 +1,3 @@
require 'socket'
require 'openssl'
require 'nokogiri'
require 'resolv'

69
output/ca.yml 100644
View File

@ -0,0 +1,69 @@
- description: Autorités de certification
hostnames:
- www.cacert.org
- acedicom.edicomgroup.com
- grca.nat.gov.tw
- pki.atos.net
- www.bundesdruckerei.de
- www.cybertrust.ne.jp
- www.logius.nl
- www.procert.net.ve
- www.s-trust.de
- webappsecurity.trendmicro.com
- www1.cnnic.cn
- www.actalis.it
- www.aoc.cat
- www.a-trust.at
- www.buypass.no
- www.camerfirma.com
- www.certicamara.com
- www.certigna.fr
- www.certinomis.com
- www.certsign.ro
- www.certum.pl
- www.cfca.com.cn
- www.cht.com.tw
- www.comodo.com
- www.comsign.co.il
- www.digicert.com
- www.disig.eu
- www.emc.com
- www.entrust.net
- www.e-szigno.hu
- www.etugra.com.tr
- www.firmaprofesional.com
- www.geotrust.com
- www.globalsign.com
- www.godaddy.com
- www.gpki.go.jp
- www.harica.gr
- www.hongkongpost.gov.hk
- www.identrust.com
- www.izenpe.com
- www.kamusm.gov.tr
- www.netlock.hu
- www.networksolutions.com
- www.opentrust.com
- www.pki.gva.es
- www.quovadisglobal.com
- www.secomtrust.net
- www.sgtrustservices.com
- www.sk.ee
- www.ssi.gouv.fr
- www.startssl.com
- www.swissdigicert.ch
- www.swisssign.com
- www.symantec.com
- www.teliasonera.com
- www.thawte.com
- www.trustcenter.de
- www.trustis.com
- www.trustwave.com
- www.t-systems.com
- www.turktrust.com.tr
- www.twca.com.tw
- www.verizon.com
- www.visa.com
- www.wellsfargo.com
- www.wisekey.com
- www.wosign.com

View File

@ -4,7 +4,7 @@
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Status SSL/TLS banque &amp; commerce en ligne</title>
<title>SSL/TLS &mdash; HTTP</title>
<link rel="stylesheet" href="bootstrap.min.css">
<style>
body {
@ -77,9 +77,7 @@
%>
<tr>
<th id="<%= s.hostname %>">
<a href="https://www.ssllabs.com/ssltest/analyze.html?d=<%= s.hostname %>" target="_blank">
<%= s.hostname %>
</a>
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
</th>
<% if s.is_a? Tls::TlsNotSupportedServer %>
<td class="critical" colspan="16">
@ -189,6 +187,9 @@
<% end %>
</tbody>
</table>
<div class="pull-right">
Generated on <%= Time.now.strftime '%FT%T%:z' %>
</div>
</div>
</div>
</div>

View File

@ -7,7 +7,7 @@
- rss.decornulier.eu
- fralef.me
- jeekajoo.eu
- status.jbfavre.org
- jbfavre.org
- rosset.net
- owc.h.arysthaar.pw
- crifo.org
@ -16,6 +16,12 @@
- komic.eu
- apericraft.ovh
- nicolas.legland.fr
- clauzel.eu
- vinilox.eu
- keuse.fr
- regar42.fr
- tcit.fr
- aplu.fr
- description: Associations
hostnames:
- april.org
@ -30,11 +36,49 @@
- lea-linux.org
- framasoft.org
- gnu.org
- www.fdn.fr
- description: Framasoft
hostnames:
- framabag.org
- framabin.org
- framabag.org
- framadate.org
- framanews.org
- framasphere.org
- framacalc.org
- framakey.org
- framapic.org
- framindmap.org
- framacolibri.org
- framabee.org
- tontonroger.org
- trouvons.org
- frama.link
- huit.re
- lite.framapad.org
- lite2.framapad.org
- lite3.framapad.org
- lite4.framapad.org
- lite5.framapad.org
- lite6.framapad.org
- quotidien.framapad.org
- hebdo.framapad.org
- mensuel.framapad.org
- bimensuel.framapad.org
- semestriel.framapad.org
- annuel.framapad.org
- git.framasoft.org
- participer.framasoft.org
- contact.framasoft.org
- stats.framasoft.org
- status.framasoft.org
- soutenir.framasoft.org
- description: Banques en ligne
hostnames:
- www.labanquepostale.fr
- voscomptesenligne.labanquepostale.fr
- www.labanquepostale-cartesprepayees.fr
- www.secure.bnpparibas.net
- mabanque.bnpparibas
- www.axabanque.fr
- www.fortuneo.fr
- www.ca-paris.fr
@ -51,7 +95,6 @@
- www.creditmutuel.fr
- www.caisse-epargne.fr
- paiement.systempay.fr
- cnce.wlp-acs.com
- www.cmb.fr
- www.ca-paris.fr
- www.ca-cotesdarmor.fr
@ -70,6 +113,14 @@
- www.gmf.fr
- www.hsbc.fr
- www.monabanq.com
- www.ca-atlantique-vendee.fr
- description: 3D « Secure »
hostnames:
- ssl.paiement.cic-banques.fr
- cnce.wlp-acs.com
- ingdf.wlp-acs.com
- ca-sp.wlp-acs.com
- www.e-i.com
- description: Assurances
hostnames:
- www.actassur.com
@ -135,6 +186,7 @@
- www.csf.fr
- client.gemoneybank.fr
- www.oney.fr
- www.cofidis.fr
- description: Webmails
hostnames:
- webmail.mailden.fr
@ -167,6 +219,7 @@
- mon.rsi.fr
- jedeclare.com
- net-entreprises.fr
- www.i-cad.fr
- description: Sites de commerce en ligne
hostnames:
- signin.ebay.fr
@ -182,10 +235,11 @@
- secure.fnac.com
- www.laredoute.fr
- online.carrefour.fr
- www.paymill.com
# - www.paymill.com
- paymium.com
- www.materiel.net
- www.topachat.com
- auth.topachat.com
- customer.rueducommerce.fr
- description: « Cloud » / Gestionnaires de mot de passe
hostnames:
- lastpass.com
@ -198,10 +252,39 @@
- spideroak.com
- hubic.com
- box.com
- description: FAI
hostnames:
- www.bouyguestelecom.fr
- www.sfr.fr
- www.orange.com
- www.nordnet.com
- www.free.fr
- www.fdn.fr
- www.connexion-verte.fr
- www.budget-telecom.com
- www.quantic-telecom.net
- www.nerim.fr
- offres.numericable.fr
- portail.dartybox.com
- www.ovh.com
- www.coriolis.com
- www.prixtel.com
- www.virginmobile.fr
- www.wibox.fr
- www.wimifi.net
- www.viveole.fr
- www.societehautdebit.fr
- www.skydsl.eu
- www.ozone.net
- www.nomotech.com
- www.bollore.com
- www.ifw.fr
- www.wizeo.com
- www.infosat-telecom.fr
- description: Divers
hostnames:
- www.mailden.net
- www.sharypic.com
- google.fr
- duckduckgo.com
- octopuce.fr
- sharypic.com

35
output/press.yml 100644
View File

@ -0,0 +1,35 @@
- description: Journaux & Presse en ligne
hostnames:
- charliehebdo.fr
- tempsreel.nouvelobs.com
- www.20minutes.fr
- www.challenges.fr
- www.courrierinternational.com
- www.directmatin.fr
- www.francesoir.fr
- www.humanite.presse.fr
- www.la-croix.com
- www.latribune.fr
- www.lecanardenchaine.fr
- www.lefigaro.fr
- www.lejdd.fr
- www.lemonde.fr
- www.leparisien.fr
- www.lepoint.fr
- www.lequipe.fr
- www.lesechos.fr
- www.lexpress.fr
- www.liberation.fr
- www.lopinion.fr
- www.marianne.net
- www.mediapart.fr
- www.metronews.fr
- www.minute-hebdo.fr
- www.monde-diplomatique.fr
- www.monde-libertaire.fr
- www.parismatch.com
- www.telerama.fr
- www.vsd.fr
- www.slate.fr
- reader.fr
- www.arretsurimages.net

View File

@ -0,0 +1,25 @@
- description: SecureDrop instances
hostnames:
- securedrop.propublica.org
- ssl.washingtonpost.com
- nrkbeta.no
- exposefacts.org
- firstlook.org
- www.safesource.org.nz
- safesource.forbes.com
- pressfreedomfoundation.org
- projects.newyorker.com
- securedrop.theguardian.com
- securedrop.pogo.org
- bayleaks.com
- securedrop.radio24syv.dk
- tcfmailvault.info
- www.balkanleaks.eu
- description: GlobalLeaks instances
hostnames:
- secure.publeaks.nl
- secure.wildleaks.org
- www.extremeleaks.org
- description: Misc
hostnames:
- secure.frenchleaks.fr

192
output/smtp.erb 100644
View File

@ -0,0 +1,192 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>SSL/TLS &mdash; SMTP</title>
<link rel="stylesheet" href="bootstrap.min.css">
<style>
body {
margin-top: 10px;
}
td {
text-align: center;
}
.critical {
background-color: #000;
color: #fff;
}
tr:hover > td.critical, td:hover.critical {
background-color: #333 !important;
}
</style>
</head>
<body>
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<table class="table table-bordered table-hover table-condensed">
<tbody>
<%
first = true
results.each do |r|
unless first
%>
<tr>
<th colspan="15">&nbsp;</th>
</tr>
<%
end
first = false
%>
<tr>
<th colspan="14" id="<%= r[0] %>"><%= r[0] %></th>
</tr>
<tr>
<th rowspan="2">Site</th>
<td rowspan="2">Grade</td>
<td colspan="2">Certificate</td>
<td colspan="4">Protocols</td>
<td colspan="5">Ciphers</td>
<td>Best practices</td>
</tr>
<tr>
<td>Key size (bits)</td>
<td class="warning">SHA1 sig</td>
<td class="critical">SSL v2</td>
<td class="critical">SSL v3</td>
<td class="success">TLS 1.2</td>
<td class="info">TLS</td>
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="info">PFS</td>
</tr>
<% r[1].each do |n|
s = n.server
%>
<tr>
<% if s.is_a? Tls::TlsNotSupportedServer %>
<th id="<%= s.hostname %>">
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
</th>
<td class="critical" colspan="16">
No SSL/TLS
</td>
<%
else
rank_color = case n.grade
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
else :danger
end
%>
<th id="<%= s.domain %>"><%= s.domain %></th>
<td class="<%= rank_color %>">
<%= n.grade %>
</td>
<td class="<%= s.key_size < 2048 ? :danger : s.key_size < 4096 ? :warning : :success %>">
<% type, size = s.key %>
<%= "#{size} (#{type.to_s.upcase})" %>
<span class="sr-only">(<%= s.key_size < 2048 ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sha1_sig? ? :warning : :success %>">
<%= s.sha1_sig? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1_sig? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sslv2? ? :critical : :success %>">
<%= s.sslv2? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sslv2? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sslv3? ? :critical : :success %>">
<%= s.sslv3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sslv3? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.tlsv1_2? ? :success : :danger %>">
<%= s.tlsv1_2? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.tlsv1_2? ? '☺' : '☹' %>)</span>
</td>
<td class="<%= s.tls? ? (s.tls_only? ? :info : :success) : :danger %>">
<%= s.tls? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.tls? ? '☺' : '☹' %>)</span>
</td>
<% cipher_size = s.cipher_size[:worst] %>
<td class="<%= cipher_size < 112 ? :danger : cipher_size < 128 ? :warning : :success %>">
<%= cipher_size %>
<span class="sr-only">(<%= cipher_size < 128 ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.md5? ? :critical : :success %>">
<%= s.md5? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.md5? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sha1? ? :warning : :success %>">
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
<%= s.pfs? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.pfs? ? '☺' : '☹' %>)</span>
</td>
<% end %>
</tr>
<% end %>
<tr>
<th rowspan="2">Site</th>
<td rowspan="2">Grade</td>
<td>Key size (bits)</td>
<td class="warning">SHA1 sig</td>
<td class="critical">SSL v2</td>
<td class="critical">SSL v3</td>
<td class="success">TLS 1.2</td>
<td class="info">TLS</td>
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="info">PFS</td>
</tr>
<tr>
<td colspan="2">Certificate</td>
<td colspan="4">Protocols</td>
<td colspan="5">Ciphers</td>
<td>Best practices</td>
</tr>
<% end %>
</tbody>
</table>
<div class="pull-right">
Generated on <%= Time.now.strftime '%FT%T%:z' %>
</div>
</div>
</div>
</div>
</body>
</html>

205
output/smtp.yml 100644
View File

@ -0,0 +1,205 @@
- description: Serveurs personnels
hostnames:
- imirhil.fr
- libwalk.so
- keltia.net
- demouliere.eu
- decornulier.eu
- fralef.me
- jeekajoo.eu
- jbfavre.org
- rosset.net
- arysthaar.pw
- crifo.org
- matlink.fr
- pfag.me
- komic.eu
- apericraft.ovh
- legland.fr
- description: Associations
hostnames:
- april.org
- laquadrature.net
- fsf.org
- ubuntu-paris.org
- parinux.org
- aful.org
- rmll.info
- ubuntu-fr.org
- linuxfr.org
- lea-linux.org
- framasoft.org
- gnu.org
- description: Banques en ligne
hostnames:
- labanquepostale.fr
- labanquepostale-cartesprepayees.fr
- bnpparibas.net
- axabanque.fr
- fortuneo.fr
- ca-paris.fr
- credit-cooperatif.coop
- coopanet.com
- cic.fr
- societegenerale.fr
- groupama.fr
- banquepopulaire.fr
- ca-des-savoie.fr
- lcl.fr
- boursorama.com
- bpe.fr
- creditmutuel.fr
- caisse-epargne.fr
- systempay.fr
- wlp-acs.com
- cmb.fr
- ca-paris.fr
- ca-cotesdarmor.fr
- ingdirect.fr
- banque-accord.fr
- banque-casino.fr
- bforbank.com
- hellobank.fr
- carrefour-banque.fr
- agf.fr
- banque-casino.fr
- palatine.fr
- bpi-online.net
- barclays.fr
- credit-du-nord.fr
- gmf.fr
- hsbc.fr
- monabanq.com
- description: Assurances
hostnames:
- actassur.com
- gie-afer.fr
- ag2rlamondiale.fr
- consultations.agipi.com
- agpm.fr
- alptis.org
- altaprofits.com
- amv.fr
- apicil.com
- april.fr
- fapes-diffusion.fr
- assu2000.fr
- assurone.com
- avip.fr
- avivadirect.fr
- canisante.com
- carac.fr
- cegema.com
- chienchatsante.com
- direct-assurance.fr
- euro-assurance.com
- eca-assurances.com
- fma.fr
- gaipare.com
- gapassurance.com
- generali.fr
- hedios.com
- ingdirect.fr
- conservateur.fr
- linxea.com
- maaf.fr
- macif.fr
- macsf.fr
- maif.fr
- matmut.fr
- mgel.fr
- mma.fr
- nationalesuisse.ch
- nexx.fr
- sainteauprevoyance.com
- santevet.com
- selfepargne.fr
- sicavonline.fr
- smabtp.fr
- cybermutuelle.com
- sollyazar.com
- swisslife.fr
- description: Organismes de crédit
hostnames:
- cetelem.fr
- cofinoga.fr
- sofinco.fr
- pret-dunion.fr
- franfinance.fr
- 123credit.com
- disponis.fr
- complicio.fr
- creditfoncier.fr
- credit.fr
- credit-immobilier-de-france.fr
- csf.fr
- gemoneybank.fr
- oney.fr
- description: Webmails
hostnames:
- mailden.fr
- free.fr
- numericable.fr
- orange-business.com
- orange.fr
- gandi.net
- sfr.fr
- online.net
- amen.fr
- ovh.com
- aliceadsl.fr
- laposte.net
- openmailbox.org
- description: Administration
hostnames:
- ameli.fr
- moncompte.mobi
- service-public.fr
- impots.gouv.fr
- pole-emploi.fr
- caf.fr
- justice.gouv.fr
- interieur.gouv.fr
- cnil.fr
- quechoisir.org
- rsi.fr
- jedeclare.com
- net-entreprises.fr
- description: Sites de commerce en ligne
hostnames:
- ebay.fr
- ldlc.com
- grosbill.com
- darty.com
- boulanger.fr
- capitainetrain.com
- voyages-sncf.com
- pixmania.fr
- cdiscount.com
- ikea.com
- fnac.com
- laredoute.fr
- carrefour.fr
- paymill.com
- paymium.com
- materiel.net
- topachat.com
- description: « Cloud » / Gestionnaires de mot de passe
hostnames:
- lastpass.com
- dashlane.com
- passpack.com
- clipperz.is
- mitro.co
- icloud.com
- dropbox.com
- spideroak.com
- hubic.com
- box.com
- description: Divers
hostnames:
- mailden.net
- sharypic.com
- google.fr
- duckduckgo.com
- octopuce.fr

View File

@ -4,7 +4,7 @@
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>XMPP</title>
<title>SSL/TLS &mdash; XMPP</title>
<link rel="stylesheet" href="bootstrap.min.css">
<style>
body {
@ -91,8 +91,10 @@
s = n.server
%>
<tr>
<th id="<%= s.hostname %>">
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
</th>
<% if s.is_a? Tls::TlsNotSupportedServer %>
<th id="<%= s.hostname %>"><%= s.hostname %></th>
<td class="critical" colspan="16">
No SSL/TLS
</td>
@ -104,7 +106,6 @@
when 'T', 'M' then :critical
else :danger
end %>
<th id="<%= s.domain %>"><%= s.domain %></th>
<td class="<%= rank_color %>">
<%= n.grade %>
</td>
@ -171,6 +172,9 @@
<% end %>
</tbody>
</table>
<div class="pull-right">
Generated on <%= Time.now.strftime '%FT%T%:z' %>
</div>
</div>
</div>
</div>

View File

@ -15,3 +15,7 @@
- citronna.de
- matlink.fr
- verry.org
- keuse.fr
- cappuccino.uk.to
- corzntin.fr
- fralef.me