Some fixes
parent
0559ed0597
commit
340c4a445d
59
Makefile
59
Makefile
|
@ -1,38 +1,57 @@
|
|||
PWD = $(shell pwd)
|
||||
export CPATH = $(PWD)/openssl/include
|
||||
export LIBRARY_PATH = $(PWD)/openssl
|
||||
OPENSSL_VERSION = OpenSSL_1_0_1j
|
||||
RUBY_VERSION = 2.1.5
|
||||
RUBY_OPENSSL_EXT_DIR = ruby-$(RUBY_VERSION)/ext/openssl
|
||||
OPENSSL_VERSION = 1.0.1m
|
||||
OPENSSL_DIR = openssl-$(OPENSSL_VERSION)
|
||||
RUBY_MAJOR_VERSION = 2.2
|
||||
RUBY_VERSION = $(RUBY_MAJOR_VERSION).2
|
||||
RUBY_DIR = ruby-$(RUBY_VERSION)
|
||||
RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl
|
||||
export LIBRARY_PATH = $(PWD)/lib
|
||||
export C_INCLUDE_PATH = $(PWD)/$(OPENSSL_DIR)/include
|
||||
|
||||
all: lib/libssl.so.1.0.0 lib/libcrypto.so.1.0.0 lib/openssl.so
|
||||
.SECONDARY:
|
||||
|
||||
all: libs ext
|
||||
|
||||
clean:
|
||||
rm -rf ruby-$(RUBY_VERSION) openssl
|
||||
rm -rf $(RUBY_DIR) $(OPENSSL_DIR)
|
||||
|
||||
openssl:
|
||||
git clone https://github.com/openssl/openssl -b $(OPENSSL_VERSION)
|
||||
mr-proper: clean
|
||||
rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so
|
||||
|
||||
openssl/Makefile: openssl
|
||||
cd openssl; ./config shared
|
||||
$(OPENSSL_DIR)/:
|
||||
wget https://www.openssl.org/source/$(OPENSSL_DIR).tar.gz
|
||||
tar xf $(OPENSSL_DIR).tar.gz
|
||||
rm -rf $(OPENSSL_DIR).tar.gz
|
||||
|
||||
openssl/libssl.so: openssl/Makefile
|
||||
cd openssl; $(MAKE) depend all
|
||||
$(OPENSSL_DIR)/Makefile: $(OPENSSL_DIR)/
|
||||
cd $(OPENSSL_DIR); ./config shared
|
||||
|
||||
lib/%.so.1.0.0: openssl/%.so
|
||||
cp $^ $@
|
||||
$(OPENSSL_DIR)/libssl.so.1.0.0 $(OPENSSL_DIR)/libcrypto.so.1.0.0: $(OPENSSL_DIR)/Makefile
|
||||
$(MAKE) -C $(OPENSSL_DIR) depend build_libs
|
||||
|
||||
ruby-$(RUBY_VERSION):
|
||||
wget http://cache.ruby-lang.org/pub/ruby/2.1/ruby-$(RUBY_VERSION).tar.gz
|
||||
tar xf ruby-$(RUBY_VERSION).tar.gz
|
||||
rm -f ruby-$(RUBY_VERSION).tar.gz
|
||||
lib/%.so.1.0.0: $(OPENSSL_DIR)/%.so.1.0.0
|
||||
cp $< $@
|
||||
|
||||
$(RUBY_OPENSSL_EXT_DIR)/Makefile: ruby-$(RUBY_VERSION)
|
||||
lib/%.so: lib/%.so.1.0.0
|
||||
ln -s $(notdir $<) $@
|
||||
|
||||
libs: lib/libssl.so lib/libcrypto.so
|
||||
|
||||
$(RUBY_DIR):
|
||||
wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_DIR).tar.gz
|
||||
tar xf $(RUBY_DIR).tar.gz
|
||||
rm -f $(RUBY_DIR).tar.gz
|
||||
|
||||
$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs $(RUBY_DIR)
|
||||
cd $(RUBY_OPENSSL_EXT_DIR); ruby extconf.rb
|
||||
patch $@ patch
|
||||
|
||||
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/Makefile
|
||||
cd $(RUBY_OPENSSL_EXT_DIR); $(MAKE); $(MAKE) install
|
||||
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: libs $(RUBY_OPENSSL_EXT_DIR)/Makefile
|
||||
$(MAKE) -C $(RUBY_OPENSSL_EXT_DIR)
|
||||
|
||||
lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
|
||||
cp $< $@
|
||||
|
||||
ext: lib/openssl.so
|
|
@ -3,6 +3,8 @@ $:.unshift 'lib'
|
|||
require 'logging'
|
||||
require 'cryptcheck'
|
||||
|
||||
GROUP_NAME = 'Top 100 Alexa'
|
||||
|
||||
::Logging.logger.root.appenders = ::Logging.appenders.stdout
|
||||
::Logging.logger.root.level = :error
|
||||
|
||||
|
@ -10,7 +12,7 @@ hosts = []
|
|||
::File.open('top-1m.csv', 'r') do |file|
|
||||
i = 0
|
||||
while line = file.gets
|
||||
hosts << ['Top 100 Alexa', line.strip.split(',')[1]]
|
||||
hosts << [GROUP_NAME, line.strip.split(',')[1]]
|
||||
i += 1
|
||||
break if i == 100
|
||||
end
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
#!/usr/bin/env ruby
|
||||
$:.unshift 'lib'
|
||||
require 'logging'
|
||||
require 'cryptcheck'
|
||||
|
||||
name = ARGV[0]
|
||||
unless name
|
||||
::CryptCheck::Tls::Smtp.analyze_from_file 'output/smtp.yml', 'output/smtp.html'
|
||||
else
|
||||
::Logging.logger.root.appenders = ::Logging.appenders.stdout
|
||||
::Logging.logger.root.level = :warn
|
||||
|
||||
server = ::CryptCheck::Tls::Smtp::Server.new(ARGV[0], ARGV[1] || 25)
|
||||
p grade = ::CryptCheck::Tls::Smtp::Grade.new(server)
|
||||
end
|
||||
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
module CryptCheck
|
||||
autoload :Tls, 'cryptcheck/tls'
|
||||
module Tls
|
||||
autoload :Server, 'cryptcheck/tls/server'
|
||||
autoload :TcpServer, 'cryptcheck/tls/server'
|
||||
|
@ -18,5 +19,11 @@ module CryptCheck
|
|||
autoload :Server, 'cryptcheck/tls/xmpp/server'
|
||||
autoload :Grade, 'cryptcheck/tls/xmpp/grade'
|
||||
end
|
||||
|
||||
autoload :Smtp, 'cryptcheck/tls/smtp'
|
||||
module Smtp
|
||||
autoload :Server, 'cryptcheck/tls/smtp/server'
|
||||
autoload :Grade, 'cryptcheck/tls/smtp/grade'
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,71 @@
|
|||
require 'erb'
|
||||
require 'logging'
|
||||
require 'parallel'
|
||||
|
||||
module CryptCheck
|
||||
module Tls
|
||||
MAX_ANALYSIS_DURATION = 600
|
||||
PARALLEL_ANALYSIS = 10
|
||||
@@log = ::Logging.logger[Tls]
|
||||
|
||||
def self.grade(hostname, port, server_class:, grade_class:)
|
||||
timeout MAX_ANALYSIS_DURATION do
|
||||
grade_class.new server_class.new hostname, port
|
||||
end
|
||||
rescue ::Exception => e
|
||||
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" }
|
||||
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
|
||||
end
|
||||
|
||||
def self.analyze(hosts, template, output, groups = nil, port:, server_class:, grade_class:)
|
||||
results = {}
|
||||
semaphore = ::Mutex.new
|
||||
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host|
|
||||
result = grade host.strip, port, server_class: server_class, grade_class: grade_class
|
||||
semaphore.synchronize do
|
||||
if results.include? description
|
||||
results[description] << result
|
||||
else
|
||||
results[description] = [result]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups
|
||||
|
||||
results.each do |d, _|
|
||||
results[d].sort! do |a, b|
|
||||
cmp = score(a) <=> score(b)
|
||||
if cmp == 0
|
||||
cmp = b.score <=> a.score
|
||||
if cmp == 0
|
||||
cmp = a.server.hostname <=> b.server.hostname
|
||||
end
|
||||
end
|
||||
cmp
|
||||
end
|
||||
end
|
||||
|
||||
::File.write output, ::ERB.new(::File.read(template)).result(binding)
|
||||
end
|
||||
|
||||
def self.analyze_from_file(file, template, output, port:, server_class:, grade_class:)
|
||||
config = ::YAML.load_file file
|
||||
hosts = []
|
||||
groups = []
|
||||
config.each do |c|
|
||||
d, hs = c['description'], c['hostnames']
|
||||
groups << d
|
||||
hs.each { |host| hosts << [d, host] }
|
||||
end
|
||||
self.analyze hosts, template, output, groups, port: port, server_class: server_class, grade_class: grade_class
|
||||
end
|
||||
|
||||
private
|
||||
SCORES = %w(A+ A A- B C D E F T M X)
|
||||
|
||||
def self.score(a)
|
||||
SCORES.index a.grade
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,72 +1,12 @@
|
|||
require 'erb'
|
||||
require 'logging'
|
||||
require 'parallel'
|
||||
|
||||
module CryptCheck
|
||||
module Tls
|
||||
module Https
|
||||
MAX_ANALYSIS_DURATION = 600
|
||||
PARALLEL_ANALYSIS = 10
|
||||
@@log = ::Logging.logger[Https]
|
||||
|
||||
def self.grade(hostname, port=443)
|
||||
timeout MAX_ANALYSIS_DURATION do
|
||||
Grade.new Server.new hostname, port
|
||||
end
|
||||
rescue ::Exception => e
|
||||
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" }
|
||||
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
|
||||
end
|
||||
|
||||
def self.analyze(hosts, output, groups = nil)
|
||||
results = {}
|
||||
semaphore = ::Mutex.new
|
||||
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host|
|
||||
result = grade host.strip
|
||||
semaphore.synchronize do
|
||||
if results.include? description
|
||||
results[description] << result
|
||||
else
|
||||
results[description] = [result]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups
|
||||
|
||||
results.each do |d, _|
|
||||
results[d].sort! do |a, b|
|
||||
cmp = score(a) <=> score(b)
|
||||
if cmp == 0
|
||||
cmp = b.score <=> a.score
|
||||
if cmp == 0
|
||||
cmp = a.server.hostname <=> b.server.hostname
|
||||
end
|
||||
end
|
||||
cmp
|
||||
end
|
||||
end
|
||||
|
||||
::File.write output, ::ERB.new(::File.read('output/https.erb')).result(binding)
|
||||
def self.analyze(hosts, output)
|
||||
Tls.analyze hosts, 'output/https.erb', output, nil, port: 443, server_class: Server, grade_class: Grade
|
||||
end
|
||||
|
||||
def self.analyze_from_file(file, output)
|
||||
config = ::YAML.load_file file
|
||||
hosts = []
|
||||
groups = []
|
||||
config.each do |c|
|
||||
d, hs = c['description'], c['hostnames']
|
||||
groups << d
|
||||
hs.each { |host| hosts << [d, host] }
|
||||
end
|
||||
self.analyze hosts, output, groups
|
||||
end
|
||||
|
||||
private
|
||||
SCORES = %w(A+ A A- B C D E F T M X)
|
||||
|
||||
def self.score(a)
|
||||
SCORES.index a.grade
|
||||
Tls.analyze_from_file file, 'output/https.erb', output, port: 443, server_class: Server, grade_class: Grade
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
require 'socket'
|
||||
require 'openssl'
|
||||
require 'httparty'
|
||||
|
||||
module CryptCheck
|
||||
|
@ -17,7 +15,7 @@ module CryptCheck
|
|||
port = @port == 443 ? '' : ":#{@port}"
|
||||
|
||||
response = nil
|
||||
@methods.each do |method|
|
||||
EXISTING_METHODS.each do |method|
|
||||
begin
|
||||
next unless SUPPORTED_METHODS.include? method
|
||||
@log.debug { "Check HSTS with #{method}" }
|
||||
|
|
|
@ -38,6 +38,7 @@ module CryptCheck
|
|||
@port = port
|
||||
@log.error { "Begin analysis" }
|
||||
extract_cert
|
||||
#@prefered_ciphers = @supported_ciphers = Hash[SUPPORTED_METHODS.collect { |m| [m, []]}]
|
||||
fetch_prefered_ciphers
|
||||
check_supported_cipher
|
||||
@log.error { "End analysis" }
|
||||
|
@ -191,8 +192,8 @@ module CryptCheck
|
|||
@log.debug { "Waiting for SSL write to #{@hostname}:#{@port}" }
|
||||
raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT
|
||||
retry
|
||||
rescue ::OpenSSL::SSL::SSLError => e
|
||||
raise TLSException, e
|
||||
rescue => e
|
||||
raise TLSException, e
|
||||
ensure
|
||||
ssl_socket.close
|
||||
end
|
||||
|
@ -283,14 +284,14 @@ module CryptCheck
|
|||
def verify_trust(chain, cert)
|
||||
store = ::OpenSSL::X509::Store.new
|
||||
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
|
||||
%w(mozilla cacert).each do |directory|
|
||||
store.set_default_paths
|
||||
|
||||
%w(cacert).each do |directory|
|
||||
::Dir.glob(::File.join '/usr/share/ca-certificates', directory, '*').each do |file|
|
||||
::File.open file, 'r' do |file|
|
||||
cert = ::OpenSSL::X509::Certificate.new file.read
|
||||
begin
|
||||
store.add_cert cert
|
||||
rescue ::OpenSSL::X509::StoreError
|
||||
end
|
||||
cert = ::OpenSSL::X509::Certificate.new ::File.read file
|
||||
begin
|
||||
store.add_cert cert
|
||||
rescue ::OpenSSL::X509::StoreError
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -300,7 +301,9 @@ module CryptCheck
|
|||
rescue ::OpenSSL::X509::StoreError
|
||||
end
|
||||
end
|
||||
store.verify cert
|
||||
trusted = store.verify cert
|
||||
p store.error_string unless trusted
|
||||
trusted
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
module CryptCheck
|
||||
module Tls
|
||||
module Smtp
|
||||
def self.analyze_from_file(file, output)
|
||||
Tls.analyze_from_file file, 'output/smtp.erb', output, port: 25, server_class: Server, grade_class: Grade
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,8 @@
|
|||
module CryptCheck
|
||||
module Tls
|
||||
module Smtp
|
||||
class Grade < Tls::Grade
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,35 @@
|
|||
require 'resolv'
|
||||
|
||||
module CryptCheck
|
||||
module Tls
|
||||
module Smtp
|
||||
class Server < Tls::TcpServer
|
||||
RESOLVER = Resolv::DNS.new
|
||||
|
||||
attr_reader :domain
|
||||
|
||||
def initialize(domain, port=25)
|
||||
@domain = domain
|
||||
srv = RESOLVER.getresources(domain, Resolv::DNS::Resource::IN::MX).sort_by(&:preference).first
|
||||
if srv
|
||||
hostname = srv.exchange.to_s
|
||||
else # DNS is not correctly set, guess config…
|
||||
hostname = domain
|
||||
end
|
||||
super hostname, port
|
||||
end
|
||||
|
||||
def ssl_connect(socket, context, method, &block)
|
||||
socket.recv 1024
|
||||
socket.write "EHLO #{Socket.gethostbyname(Socket.gethostname).first}\r\n"
|
||||
features = socket.recv(1024).split "\r\n"
|
||||
starttls = features.find { |f| /250[- ]STARTTLS/ =~ f }
|
||||
raise TLSNotAvailableException unless starttls
|
||||
socket.write "STARTTLS\r\n"
|
||||
socket.recv 1024
|
||||
super
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -7,7 +7,7 @@ module CryptCheck
|
|||
module Xmpp
|
||||
MAX_ANALYSIS_DURATION = 600
|
||||
PARALLEL_ANALYSIS = 10
|
||||
@@log = ::Logging.logger[Https]
|
||||
@@log = ::Logging.logger[Xmpp]
|
||||
|
||||
def self.grade(hostname, type=:s2s)
|
||||
timeout MAX_ANALYSIS_DURATION do
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
require 'socket'
|
||||
require 'openssl'
|
||||
require 'nokogiri'
|
||||
require 'resolv'
|
||||
|
||||
|
|
|
@ -0,0 +1,69 @@
|
|||
- description: Autorités de certification
|
||||
hostnames:
|
||||
- www.cacert.org
|
||||
- acedicom.edicomgroup.com
|
||||
- grca.nat.gov.tw
|
||||
- pki.atos.net
|
||||
- www.bundesdruckerei.de
|
||||
- www.cybertrust.ne.jp
|
||||
- www.logius.nl
|
||||
- www.procert.net.ve
|
||||
- www.s-trust.de
|
||||
- webappsecurity.trendmicro.com
|
||||
- www1.cnnic.cn
|
||||
- www.actalis.it
|
||||
- www.aoc.cat
|
||||
- www.a-trust.at
|
||||
- www.buypass.no
|
||||
- www.camerfirma.com
|
||||
- www.certicamara.com
|
||||
- www.certigna.fr
|
||||
- www.certinomis.com
|
||||
- www.certsign.ro
|
||||
- www.certum.pl
|
||||
- www.cfca.com.cn
|
||||
- www.cht.com.tw
|
||||
- www.comodo.com
|
||||
- www.comsign.co.il
|
||||
- www.digicert.com
|
||||
- www.disig.eu
|
||||
- www.emc.com
|
||||
- www.entrust.net
|
||||
- www.e-szigno.hu
|
||||
- www.etugra.com.tr
|
||||
- www.firmaprofesional.com
|
||||
- www.geotrust.com
|
||||
- www.globalsign.com
|
||||
- www.godaddy.com
|
||||
- www.gpki.go.jp
|
||||
- www.harica.gr
|
||||
- www.hongkongpost.gov.hk
|
||||
- www.identrust.com
|
||||
- www.izenpe.com
|
||||
- www.kamusm.gov.tr
|
||||
- www.netlock.hu
|
||||
- www.networksolutions.com
|
||||
- www.opentrust.com
|
||||
- www.pki.gva.es
|
||||
- www.quovadisglobal.com
|
||||
- www.secomtrust.net
|
||||
- www.sgtrustservices.com
|
||||
- www.sk.ee
|
||||
- www.ssi.gouv.fr
|
||||
- www.startssl.com
|
||||
- www.swissdigicert.ch
|
||||
- www.swisssign.com
|
||||
- www.symantec.com
|
||||
- www.teliasonera.com
|
||||
- www.thawte.com
|
||||
- www.trustcenter.de
|
||||
- www.trustis.com
|
||||
- www.trustwave.com
|
||||
- www.t-systems.com
|
||||
- www.turktrust.com.tr
|
||||
- www.twca.com.tw
|
||||
- www.verizon.com
|
||||
- www.visa.com
|
||||
- www.wellsfargo.com
|
||||
- www.wisekey.com
|
||||
- www.wosign.com
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>Status SSL/TLS banque & commerce en ligne</title>
|
||||
<title>SSL/TLS — HTTP</title>
|
||||
<link rel="stylesheet" href="bootstrap.min.css">
|
||||
<style>
|
||||
body {
|
||||
|
@ -77,9 +77,7 @@
|
|||
%>
|
||||
<tr>
|
||||
<th id="<%= s.hostname %>">
|
||||
<a href="https://www.ssllabs.com/ssltest/analyze.html?d=<%= s.hostname %>" target="_blank">
|
||||
<%= s.hostname %>
|
||||
</a>
|
||||
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
|
||||
</th>
|
||||
<% if s.is_a? Tls::TlsNotSupportedServer %>
|
||||
<td class="critical" colspan="16">
|
||||
|
@ -189,6 +187,9 @@
|
|||
<% end %>
|
||||
</tbody>
|
||||
</table>
|
||||
<div class="pull-right">
|
||||
Generated on <%= Time.now.strftime '%FT%T%:z' %>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
- rss.decornulier.eu
|
||||
- fralef.me
|
||||
- jeekajoo.eu
|
||||
- status.jbfavre.org
|
||||
- jbfavre.org
|
||||
- rosset.net
|
||||
- owc.h.arysthaar.pw
|
||||
- crifo.org
|
||||
|
@ -16,6 +16,12 @@
|
|||
- komic.eu
|
||||
- apericraft.ovh
|
||||
- nicolas.legland.fr
|
||||
- clauzel.eu
|
||||
- vinilox.eu
|
||||
- keuse.fr
|
||||
- regar42.fr
|
||||
- tcit.fr
|
||||
- aplu.fr
|
||||
- description: Associations
|
||||
hostnames:
|
||||
- april.org
|
||||
|
@ -30,11 +36,49 @@
|
|||
- lea-linux.org
|
||||
- framasoft.org
|
||||
- gnu.org
|
||||
- www.fdn.fr
|
||||
- description: Framasoft
|
||||
hostnames:
|
||||
- framabag.org
|
||||
- framabin.org
|
||||
- framabag.org
|
||||
- framadate.org
|
||||
- framanews.org
|
||||
- framasphere.org
|
||||
- framacalc.org
|
||||
- framakey.org
|
||||
- framapic.org
|
||||
- framindmap.org
|
||||
- framacolibri.org
|
||||
- framabee.org
|
||||
- tontonroger.org
|
||||
- trouvons.org
|
||||
- frama.link
|
||||
- huit.re
|
||||
- lite.framapad.org
|
||||
- lite2.framapad.org
|
||||
- lite3.framapad.org
|
||||
- lite4.framapad.org
|
||||
- lite5.framapad.org
|
||||
- lite6.framapad.org
|
||||
- quotidien.framapad.org
|
||||
- hebdo.framapad.org
|
||||
- mensuel.framapad.org
|
||||
- bimensuel.framapad.org
|
||||
- semestriel.framapad.org
|
||||
- annuel.framapad.org
|
||||
- git.framasoft.org
|
||||
- participer.framasoft.org
|
||||
- contact.framasoft.org
|
||||
- stats.framasoft.org
|
||||
- status.framasoft.org
|
||||
- soutenir.framasoft.org
|
||||
- description: Banques en ligne
|
||||
hostnames:
|
||||
- www.labanquepostale.fr
|
||||
- voscomptesenligne.labanquepostale.fr
|
||||
- www.labanquepostale-cartesprepayees.fr
|
||||
- www.secure.bnpparibas.net
|
||||
- mabanque.bnpparibas
|
||||
- www.axabanque.fr
|
||||
- www.fortuneo.fr
|
||||
- www.ca-paris.fr
|
||||
|
@ -51,7 +95,6 @@
|
|||
- www.creditmutuel.fr
|
||||
- www.caisse-epargne.fr
|
||||
- paiement.systempay.fr
|
||||
- cnce.wlp-acs.com
|
||||
- www.cmb.fr
|
||||
- www.ca-paris.fr
|
||||
- www.ca-cotesdarmor.fr
|
||||
|
@ -70,6 +113,14 @@
|
|||
- www.gmf.fr
|
||||
- www.hsbc.fr
|
||||
- www.monabanq.com
|
||||
- www.ca-atlantique-vendee.fr
|
||||
- description: 3D « Secure »
|
||||
hostnames:
|
||||
- ssl.paiement.cic-banques.fr
|
||||
- cnce.wlp-acs.com
|
||||
- ingdf.wlp-acs.com
|
||||
- ca-sp.wlp-acs.com
|
||||
- www.e-i.com
|
||||
- description: Assurances
|
||||
hostnames:
|
||||
- www.actassur.com
|
||||
|
@ -135,6 +186,7 @@
|
|||
- www.csf.fr
|
||||
- client.gemoneybank.fr
|
||||
- www.oney.fr
|
||||
- www.cofidis.fr
|
||||
- description: Webmails
|
||||
hostnames:
|
||||
- webmail.mailden.fr
|
||||
|
@ -167,6 +219,7 @@
|
|||
- mon.rsi.fr
|
||||
- jedeclare.com
|
||||
- net-entreprises.fr
|
||||
- www.i-cad.fr
|
||||
- description: Sites de commerce en ligne
|
||||
hostnames:
|
||||
- signin.ebay.fr
|
||||
|
@ -182,10 +235,11 @@
|
|||
- secure.fnac.com
|
||||
- www.laredoute.fr
|
||||
- online.carrefour.fr
|
||||
- www.paymill.com
|
||||
# - www.paymill.com
|
||||
- paymium.com
|
||||
- www.materiel.net
|
||||
- www.topachat.com
|
||||
- auth.topachat.com
|
||||
- customer.rueducommerce.fr
|
||||
- description: « Cloud » / Gestionnaires de mot de passe
|
||||
hostnames:
|
||||
- lastpass.com
|
||||
|
@ -198,10 +252,39 @@
|
|||
- spideroak.com
|
||||
- hubic.com
|
||||
- box.com
|
||||
- description: FAI
|
||||
hostnames:
|
||||
- www.bouyguestelecom.fr
|
||||
- www.sfr.fr
|
||||
- www.orange.com
|
||||
- www.nordnet.com
|
||||
- www.free.fr
|
||||
- www.fdn.fr
|
||||
- www.connexion-verte.fr
|
||||
- www.budget-telecom.com
|
||||
- www.quantic-telecom.net
|
||||
- www.nerim.fr
|
||||
- offres.numericable.fr
|
||||
- portail.dartybox.com
|
||||
- www.ovh.com
|
||||
- www.coriolis.com
|
||||
- www.prixtel.com
|
||||
- www.virginmobile.fr
|
||||
- www.wibox.fr
|
||||
- www.wimifi.net
|
||||
- www.viveole.fr
|
||||
- www.societehautdebit.fr
|
||||
- www.skydsl.eu
|
||||
- www.ozone.net
|
||||
- www.nomotech.com
|
||||
- www.bollore.com
|
||||
- www.ifw.fr
|
||||
- www.wizeo.com
|
||||
- www.infosat-telecom.fr
|
||||
- description: Divers
|
||||
hostnames:
|
||||
- www.mailden.net
|
||||
- www.sharypic.com
|
||||
- google.fr
|
||||
- duckduckgo.com
|
||||
- octopuce.fr
|
||||
- sharypic.com
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
- description: Journaux & Presse en ligne
|
||||
hostnames:
|
||||
- charliehebdo.fr
|
||||
- tempsreel.nouvelobs.com
|
||||
- www.20minutes.fr
|
||||
- www.challenges.fr
|
||||
- www.courrierinternational.com
|
||||
- www.directmatin.fr
|
||||
- www.francesoir.fr
|
||||
- www.humanite.presse.fr
|
||||
- www.la-croix.com
|
||||
- www.latribune.fr
|
||||
- www.lecanardenchaine.fr
|
||||
- www.lefigaro.fr
|
||||
- www.lejdd.fr
|
||||
- www.lemonde.fr
|
||||
- www.leparisien.fr
|
||||
- www.lepoint.fr
|
||||
- www.lequipe.fr
|
||||
- www.lesechos.fr
|
||||
- www.lexpress.fr
|
||||
- www.liberation.fr
|
||||
- www.lopinion.fr
|
||||
- www.marianne.net
|
||||
- www.mediapart.fr
|
||||
- www.metronews.fr
|
||||
- www.minute-hebdo.fr
|
||||
- www.monde-diplomatique.fr
|
||||
- www.monde-libertaire.fr
|
||||
- www.parismatch.com
|
||||
- www.telerama.fr
|
||||
- www.vsd.fr
|
||||
- www.slate.fr
|
||||
- reader.fr
|
||||
- www.arretsurimages.net
|
|
@ -0,0 +1,25 @@
|
|||
- description: SecureDrop instances
|
||||
hostnames:
|
||||
- securedrop.propublica.org
|
||||
- ssl.washingtonpost.com
|
||||
- nrkbeta.no
|
||||
- exposefacts.org
|
||||
- firstlook.org
|
||||
- www.safesource.org.nz
|
||||
- safesource.forbes.com
|
||||
- pressfreedomfoundation.org
|
||||
- projects.newyorker.com
|
||||
- securedrop.theguardian.com
|
||||
- securedrop.pogo.org
|
||||
- bayleaks.com
|
||||
- securedrop.radio24syv.dk
|
||||
- tcfmailvault.info
|
||||
- www.balkanleaks.eu
|
||||
- description: GlobalLeaks instances
|
||||
hostnames:
|
||||
- secure.publeaks.nl
|
||||
- secure.wildleaks.org
|
||||
- www.extremeleaks.org
|
||||
- description: Misc
|
||||
hostnames:
|
||||
- secure.frenchleaks.fr
|
|
@ -0,0 +1,192 @@
|
|||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>SSL/TLS — SMTP</title>
|
||||
<link rel="stylesheet" href="bootstrap.min.css">
|
||||
<style>
|
||||
body {
|
||||
margin-top: 10px;
|
||||
}
|
||||
|
||||
td {
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.critical {
|
||||
background-color: #000;
|
||||
color: #fff;
|
||||
}
|
||||
|
||||
tr:hover > td.critical, td:hover.critical {
|
||||
background-color: #333 !important;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container-fluid">
|
||||
<div class="row">
|
||||
<div class="col-md-12">
|
||||
<table class="table table-bordered table-hover table-condensed">
|
||||
<tbody>
|
||||
<%
|
||||
first = true
|
||||
results.each do |r|
|
||||
unless first
|
||||
%>
|
||||
<tr>
|
||||
<th colspan="15"> </th>
|
||||
</tr>
|
||||
<%
|
||||
end
|
||||
first = false
|
||||
%>
|
||||
<tr>
|
||||
<th colspan="14" id="<%= r[0] %>"><%= r[0] %></th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th rowspan="2">Site</th>
|
||||
<td rowspan="2">Grade</td>
|
||||
<td colspan="2">Certificate</td>
|
||||
<td colspan="4">Protocols</td>
|
||||
<td colspan="5">Ciphers</td>
|
||||
<td>Best practices</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Key size (bits)</td>
|
||||
<td class="warning">SHA1 sig</td>
|
||||
|
||||
<td class="critical">SSL v2</td>
|
||||
<td class="critical">SSL v3</td>
|
||||
<td class="success">TLS 1.2</td>
|
||||
<td class="info">TLS</td>
|
||||
|
||||
<td>Strength (bits)</td>
|
||||
<td class="critical">MD5</td>
|
||||
<td class="warning">SHA1</td>
|
||||
<td class="critical">DES/RC4</td>
|
||||
<td class="danger">3DES</td>
|
||||
|
||||
<td class="info">PFS</td>
|
||||
</tr>
|
||||
<% r[1].each do |n|
|
||||
s = n.server
|
||||
%>
|
||||
<tr>
|
||||
<% if s.is_a? Tls::TlsNotSupportedServer %>
|
||||
<th id="<%= s.hostname %>">
|
||||
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
|
||||
</th>
|
||||
<td class="critical" colspan="16">
|
||||
No SSL/TLS
|
||||
</td>
|
||||
<%
|
||||
else
|
||||
rank_color = case n.grade
|
||||
when 'A+' then :info
|
||||
when 'A', 'A-' then :success
|
||||
when 'B', 'C' then :warning
|
||||
when 'T', 'M' then :critical
|
||||
else :danger
|
||||
end
|
||||
%>
|
||||
<th id="<%= s.domain %>"><%= s.domain %></th>
|
||||
<td class="<%= rank_color %>">
|
||||
<%= n.grade %>
|
||||
</td>
|
||||
|
||||
<td class="<%= s.key_size < 2048 ? :danger : s.key_size < 4096 ? :warning : :success %>">
|
||||
<% type, size = s.key %>
|
||||
<%= "#{size} (#{type.to_s.upcase})" %>
|
||||
<span class="sr-only">(<%= s.key_size < 2048 ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
<td class="<%= s.sha1_sig? ? :warning : :success %>">
|
||||
<%= s.sha1_sig? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.sha1_sig? ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
|
||||
<td class="<%= s.sslv2? ? :critical : :success %>">
|
||||
<%= s.sslv2? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.sslv2? ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
<td class="<%= s.sslv3? ? :critical : :success %>">
|
||||
<%= s.sslv3? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.sslv3? ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
<td class="<%= s.tlsv1_2? ? :success : :danger %>">
|
||||
<%= s.tlsv1_2? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.tlsv1_2? ? '☺' : '☹' %>)</span>
|
||||
</td>
|
||||
<td class="<%= s.tls? ? (s.tls_only? ? :info : :success) : :danger %>">
|
||||
<%= s.tls? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.tls? ? '☺' : '☹' %>)</span>
|
||||
</td>
|
||||
|
||||
<% cipher_size = s.cipher_size[:worst] %>
|
||||
<td class="<%= cipher_size < 112 ? :danger : cipher_size < 128 ? :warning : :success %>">
|
||||
<%= cipher_size %>
|
||||
<span class="sr-only">(<%= cipher_size < 128 ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
<td class="<%= s.md5? ? :critical : :success %>">
|
||||
<%= s.md5? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.md5? ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
<td class="<%= s.sha1? ? :warning : :success %>">
|
||||
<%= s.sha1? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
|
||||
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
<td class="<%= s.des3? ? :danger : :success %>">
|
||||
<%= s.des3? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
|
||||
</td>
|
||||
|
||||
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
|
||||
<%= s.pfs? ? '✓' : '✗' %>
|
||||
<span class="sr-only">(<%= s.pfs? ? '☺' : '☹' %>)</span>
|
||||
</td>
|
||||
<% end %>
|
||||
</tr>
|
||||
<% end %>
|
||||
<tr>
|
||||
<th rowspan="2">Site</th>
|
||||
<td rowspan="2">Grade</td>
|
||||
|
||||
<td>Key size (bits)</td>
|
||||
<td class="warning">SHA1 sig</td>
|
||||
|
||||
<td class="critical">SSL v2</td>
|
||||
<td class="critical">SSL v3</td>
|
||||
<td class="success">TLS 1.2</td>
|
||||
<td class="info">TLS</td>
|
||||
|
||||
<td>Strength (bits)</td>
|
||||
<td class="critical">MD5</td>
|
||||
<td class="warning">SHA1</td>
|
||||
<td class="critical">DES/RC4</td>
|
||||
<td class="danger">3DES</td>
|
||||
|
||||
<td class="info">PFS</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td colspan="2">Certificate</td>
|
||||
<td colspan="4">Protocols</td>
|
||||
<td colspan="5">Ciphers</td>
|
||||
<td>Best practices</td>
|
||||
</tr>
|
||||
<% end %>
|
||||
</tbody>
|
||||
</table>
|
||||
<div class="pull-right">
|
||||
Generated on <%= Time.now.strftime '%FT%T%:z' %>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,205 @@
|
|||
- description: Serveurs personnels
|
||||
hostnames:
|
||||
- imirhil.fr
|
||||
- libwalk.so
|
||||
- keltia.net
|
||||
- demouliere.eu
|
||||
- decornulier.eu
|
||||
- fralef.me
|
||||
- jeekajoo.eu
|
||||
- jbfavre.org
|
||||
- rosset.net
|
||||
- arysthaar.pw
|
||||
- crifo.org
|
||||
- matlink.fr
|
||||
- pfag.me
|
||||
- komic.eu
|
||||
- apericraft.ovh
|
||||
- legland.fr
|
||||
- description: Associations
|
||||
hostnames:
|
||||
- april.org
|
||||
- laquadrature.net
|
||||
- fsf.org
|
||||
- ubuntu-paris.org
|
||||
- parinux.org
|
||||
- aful.org
|
||||
- rmll.info
|
||||
- ubuntu-fr.org
|
||||
- linuxfr.org
|
||||
- lea-linux.org
|
||||
- framasoft.org
|
||||
- gnu.org
|
||||
- description: Banques en ligne
|
||||
hostnames:
|
||||
- labanquepostale.fr
|
||||
- labanquepostale-cartesprepayees.fr
|
||||
- bnpparibas.net
|
||||
- axabanque.fr
|
||||
- fortuneo.fr
|
||||
- ca-paris.fr
|
||||
- credit-cooperatif.coop
|
||||
- coopanet.com
|
||||
- cic.fr
|
||||
- societegenerale.fr
|
||||
- groupama.fr
|
||||
- banquepopulaire.fr
|
||||
- ca-des-savoie.fr
|
||||
- lcl.fr
|
||||
- boursorama.com
|
||||
- bpe.fr
|
||||
- creditmutuel.fr
|
||||
- caisse-epargne.fr
|
||||
- systempay.fr
|
||||
- wlp-acs.com
|
||||
- cmb.fr
|
||||
- ca-paris.fr
|
||||
- ca-cotesdarmor.fr
|
||||
- ingdirect.fr
|
||||
- banque-accord.fr
|
||||
- banque-casino.fr
|
||||
- bforbank.com
|
||||
- hellobank.fr
|
||||
- carrefour-banque.fr
|
||||
- agf.fr
|
||||
- banque-casino.fr
|
||||
- palatine.fr
|
||||
- bpi-online.net
|
||||
- barclays.fr
|
||||
- credit-du-nord.fr
|
||||
- gmf.fr
|
||||
- hsbc.fr
|
||||
- monabanq.com
|
||||
- description: Assurances
|
||||
hostnames:
|
||||
- actassur.com
|
||||
- gie-afer.fr
|
||||
- ag2rlamondiale.fr
|
||||
- consultations.agipi.com
|
||||
- agpm.fr
|
||||
- alptis.org
|
||||
- altaprofits.com
|
||||
- amv.fr
|
||||
- apicil.com
|
||||
- april.fr
|
||||
- fapes-diffusion.fr
|
||||
- assu2000.fr
|
||||
- assurone.com
|
||||
- avip.fr
|
||||
- avivadirect.fr
|
||||
- canisante.com
|
||||
- carac.fr
|
||||
- cegema.com
|
||||
- chienchatsante.com
|
||||
- direct-assurance.fr
|
||||
- euro-assurance.com
|
||||
- eca-assurances.com
|
||||
- fma.fr
|
||||
- gaipare.com
|
||||
- gapassurance.com
|
||||
- generali.fr
|
||||
- hedios.com
|
||||
- ingdirect.fr
|
||||
- conservateur.fr
|
||||
- linxea.com
|
||||
- maaf.fr
|
||||
- macif.fr
|
||||
- macsf.fr
|
||||
- maif.fr
|
||||
- matmut.fr
|
||||
- mgel.fr
|
||||
- mma.fr
|
||||
- nationalesuisse.ch
|
||||
- nexx.fr
|
||||
- sainteauprevoyance.com
|
||||
- santevet.com
|
||||
- selfepargne.fr
|
||||
- sicavonline.fr
|
||||
- smabtp.fr
|
||||
- cybermutuelle.com
|
||||
- sollyazar.com
|
||||
- swisslife.fr
|
||||
- description: Organismes de crédit
|
||||
hostnames:
|
||||
- cetelem.fr
|
||||
- cofinoga.fr
|
||||
- sofinco.fr
|
||||
- pret-dunion.fr
|
||||
- franfinance.fr
|
||||
- 123credit.com
|
||||
- disponis.fr
|
||||
- complicio.fr
|
||||
- creditfoncier.fr
|
||||
- credit.fr
|
||||
- credit-immobilier-de-france.fr
|
||||
- csf.fr
|
||||
- gemoneybank.fr
|
||||
- oney.fr
|
||||
- description: Webmails
|
||||
hostnames:
|
||||
- mailden.fr
|
||||
- free.fr
|
||||
- numericable.fr
|
||||
- orange-business.com
|
||||
- orange.fr
|
||||
- gandi.net
|
||||
- sfr.fr
|
||||
- online.net
|
||||
- amen.fr
|
||||
- ovh.com
|
||||
- aliceadsl.fr
|
||||
- laposte.net
|
||||
- openmailbox.org
|
||||
- description: Administration
|
||||
hostnames:
|
||||
- ameli.fr
|
||||
- moncompte.mobi
|
||||
- service-public.fr
|
||||
- impots.gouv.fr
|
||||
- pole-emploi.fr
|
||||
- caf.fr
|
||||
- justice.gouv.fr
|
||||
- interieur.gouv.fr
|
||||
- cnil.fr
|
||||
- quechoisir.org
|
||||
- rsi.fr
|
||||
- jedeclare.com
|
||||
- net-entreprises.fr
|
||||
- description: Sites de commerce en ligne
|
||||
hostnames:
|
||||
- ebay.fr
|
||||
- ldlc.com
|
||||
- grosbill.com
|
||||
- darty.com
|
||||
- boulanger.fr
|
||||
- capitainetrain.com
|
||||
- voyages-sncf.com
|
||||
- pixmania.fr
|
||||
- cdiscount.com
|
||||
- ikea.com
|
||||
- fnac.com
|
||||
- laredoute.fr
|
||||
- carrefour.fr
|
||||
- paymill.com
|
||||
- paymium.com
|
||||
- materiel.net
|
||||
- topachat.com
|
||||
- description: « Cloud » / Gestionnaires de mot de passe
|
||||
hostnames:
|
||||
- lastpass.com
|
||||
- dashlane.com
|
||||
- passpack.com
|
||||
- clipperz.is
|
||||
- mitro.co
|
||||
- icloud.com
|
||||
- dropbox.com
|
||||
- spideroak.com
|
||||
- hubic.com
|
||||
- box.com
|
||||
- description: Divers
|
||||
hostnames:
|
||||
- mailden.net
|
||||
- sharypic.com
|
||||
- google.fr
|
||||
- duckduckgo.com
|
||||
- octopuce.fr
|
|
@ -4,7 +4,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
||||
<title>XMPP</title>
|
||||
<title>SSL/TLS — XMPP</title>
|
||||
<link rel="stylesheet" href="bootstrap.min.css">
|
||||
<style>
|
||||
body {
|
||||
|
@ -91,8 +91,10 @@
|
|||
s = n.server
|
||||
%>
|
||||
<tr>
|
||||
<th id="<%= s.hostname %>">
|
||||
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
|
||||
</th>
|
||||
<% if s.is_a? Tls::TlsNotSupportedServer %>
|
||||
<th id="<%= s.hostname %>"><%= s.hostname %></th>
|
||||
<td class="critical" colspan="16">
|
||||
No SSL/TLS
|
||||
</td>
|
||||
|
@ -104,7 +106,6 @@
|
|||
when 'T', 'M' then :critical
|
||||
else :danger
|
||||
end %>
|
||||
<th id="<%= s.domain %>"><%= s.domain %></th>
|
||||
<td class="<%= rank_color %>">
|
||||
<%= n.grade %>
|
||||
</td>
|
||||
|
@ -171,6 +172,9 @@
|
|||
<% end %>
|
||||
</tbody>
|
||||
</table>
|
||||
<div class="pull-right">
|
||||
Generated on <%= Time.now.strftime '%FT%T%:z' %>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
@ -15,3 +15,7 @@
|
|||
- citronna.de
|
||||
- matlink.fr
|
||||
- verry.org
|
||||
- keuse.fr
|
||||
- cappuccino.uk.to
|
||||
- corzntin.fr
|
||||
- fralef.me
|
||||
|
|
Loading…
Reference in New Issue