aeris
/
cryptcheck
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Some fixes

v1
Nicolas Vinot 7 years ago
parent
0559ed0597
commit
340c4a445d
22 changed files with 838 additions and 113 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 59
      Makefile
  2. 4
      bin/check_https_alexa
  3. 17
      bin/check_smtp
  4. 7
      lib/cryptcheck.rb
  5. 71
      lib/cryptcheck/tls.rb
  6. 66
      lib/cryptcheck/tls/https.rb
  7. 4
      lib/cryptcheck/tls/https/server.rb
  8. 23
      lib/cryptcheck/tls/server.rb
  9. 9
      lib/cryptcheck/tls/smtp.rb
  10. 8
      lib/cryptcheck/tls/smtp/grade.rb
  11. 35
      lib/cryptcheck/tls/smtp/server.rb
  12. 2
      lib/cryptcheck/tls/xmpp.rb
  13. 2
      lib/cryptcheck/tls/xmpp/server.rb
  14. 69
      output/ca.yml
  15. 9
      output/https.erb
  16. 95
      output/index.yml
  17. 35
      output/press.yml
  18. 25
      output/securedrop.yml
  19. 192
      output/smtp.erb
  20. 205
      output/smtp.yml
  21. 10
      output/xmpp.erb
  22. 4
      output/xmpp.yml

59
Makefile
View File

@ -1,38 +1,57 @@
PWD = $(shell pwd)
export CPATH = $(PWD)/openssl/include
export LIBRARY_PATH = $(PWD)/openssl
OPENSSL_VERSION = OpenSSL_1_0_1j
RUBY_VERSION = 2.1.5
RUBY_OPENSSL_EXT_DIR = ruby-$(RUBY_VERSION)/ext/openssl
OPENSSL_VERSION = 1.0.1m
OPENSSL_DIR = openssl-$(OPENSSL_VERSION)
RUBY_MAJOR_VERSION = 2.2
RUBY_VERSION = $(RUBY_MAJOR_VERSION).2
RUBY_DIR = ruby-$(RUBY_VERSION)
RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl
export LIBRARY_PATH = $(PWD)/lib
export C_INCLUDE_PATH = $(PWD)/$(OPENSSL_DIR)/include
all: lib/libssl.so.1.0.0 lib/libcrypto.so.1.0.0 lib/openssl.so
.SECONDARY:
all: libs ext
clean:
rm -rf ruby-$(RUBY_VERSION) openssl
rm -rf $(RUBY_DIR) $(OPENSSL_DIR)
mr-proper: clean
rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so
$(OPENSSL_DIR)/:
wget https://www.openssl.org/source/$(OPENSSL_DIR).tar.gz
tar xf $(OPENSSL_DIR).tar.gz
rm -rf $(OPENSSL_DIR).tar.gz
openssl:
git clone https://github.com/openssl/openssl -b $(OPENSSL_VERSION)
$(OPENSSL_DIR)/Makefile: $(OPENSSL_DIR)/
cd $(OPENSSL_DIR); ./config shared
openssl/Makefile: openssl
cd openssl; ./config shared
$(OPENSSL_DIR)/libssl.so.1.0.0 $(OPENSSL_DIR)/libcrypto.so.1.0.0: $(OPENSSL_DIR)/Makefile
$(MAKE) -C $(OPENSSL_DIR) depend build_libs
openssl/libssl.so: openssl/Makefile
cd openssl; $(MAKE) depend all
lib/%.so.1.0.0: $(OPENSSL_DIR)/%.so.1.0.0
cp $< $@
lib/%.so: lib/%.so.1.0.0
ln -s $(notdir $<) $@
lib/%.so.1.0.0: openssl/%.so
cp $^ $@
libs: lib/libssl.so lib/libcrypto.so
ruby-$(RUBY_VERSION):
wget http://cache.ruby-lang.org/pub/ruby/2.1/ruby-$(RUBY_VERSION).tar.gz
tar xf ruby-$(RUBY_VERSION).tar.gz
rm -f ruby-$(RUBY_VERSION).tar.gz
$(RUBY_DIR):
wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_DIR).tar.gz
tar xf $(RUBY_DIR).tar.gz
rm -f $(RUBY_DIR).tar.gz
$(RUBY_OPENSSL_EXT_DIR)/Makefile: ruby-$(RUBY_VERSION)
$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs $(RUBY_DIR)
cd $(RUBY_OPENSSL_EXT_DIR); ruby extconf.rb
patch $@ patch
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/Makefile
cd $(RUBY_OPENSSL_EXT_DIR); $(MAKE); $(MAKE) install
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: libs $(RUBY_OPENSSL_EXT_DIR)/Makefile
$(MAKE) -C $(RUBY_OPENSSL_EXT_DIR)
lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so
cp $< $@
ext: lib/openssl.so

4
bin/check_https_alexa
View File

@ -3,6 +3,8 @@ $:.unshift 'lib'
require 'logging'
require 'cryptcheck'
GROUP_NAME = 'Top 100 Alexa'
::Logging.logger.root.appenders = ::Logging.appenders.stdout
::Logging.logger.root.level = :error
@ -10,7 +12,7 @@ hosts = []
::File.open('top-1m.csv', 'r') do |file|
i = 0
while line = file.gets
hosts << ['Top 100 Alexa', line.strip.split(',')[1]]
hosts << [GROUP_NAME, line.strip.split(',')[1]]
i += 1
break if i == 100
end

17
bin/check_smtp
View File

@ -0,0 +1,17 @@
#!/usr/bin/env ruby
$:.unshift 'lib'
require 'logging'
require 'cryptcheck'
name = ARGV[0]
unless name
::CryptCheck::Tls::Smtp.analyze_from_file 'output/smtp.yml', 'output/smtp.html'
else
::Logging.logger.root.appenders = ::Logging.appenders.stdout
::Logging.logger.root.level = :warn
server = ::CryptCheck::Tls::Smtp::Server.new(ARGV[0], ARGV[1] || 25)
p grade = ::CryptCheck::Tls::Smtp::Grade.new(server)
end

7
lib/cryptcheck.rb
View File

@ -1,4 +1,5 @@
module CryptCheck
autoload :Tls, 'cryptcheck/tls'
module Tls
autoload :Server, 'cryptcheck/tls/server'
autoload :TcpServer, 'cryptcheck/tls/server'
@ -18,5 +19,11 @@ module CryptCheck
autoload :Server, 'cryptcheck/tls/xmpp/server'
autoload :Grade, 'cryptcheck/tls/xmpp/grade'
end
autoload :Smtp, 'cryptcheck/tls/smtp'
module Smtp
autoload :Server, 'cryptcheck/tls/smtp/server'
autoload :Grade, 'cryptcheck/tls/smtp/grade'
end
end
end

71
lib/cryptcheck/tls.rb
View File

@ -0,0 +1,71 @@
require 'erb'
require 'logging'
require 'parallel'
module CryptCheck
module Tls
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@@log = ::Logging.logger[Tls]
def self.grade(hostname, port, server_class:, grade_class:)
timeout MAX_ANALYSIS_DURATION do
grade_class.new server_class.new hostname, port
end
rescue ::Exception => e
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
end
def self.analyze(hosts, template, output, groups = nil, port:, server_class:, grade_class:)
results = {}
semaphore = ::Mutex.new
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host|
result = grade host.strip, port, server_class: server_class, grade_class: grade_class
semaphore.synchronize do
if results.include? description
results[description] << result
else
results[description] = [result]
end
end
end
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups
results.each do |d, _|
results[d].sort! do |a, b|
cmp = score(a) <=> score(b)
if cmp == 0
cmp = b.score <=> a.score
if cmp == 0
cmp = a.server.hostname <=> b.server.hostname
end
end
cmp
end
end
::File.write output, ::ERB.new(::File.read(template)).result(binding)
end
def self.analyze_from_file(file, template, output, port:, server_class:, grade_class:)
config = ::YAML.load_file file
hosts = []
groups = []
config.each do |c|
d, hs = c['description'], c['hostnames']
groups << d
hs.each { |host| hosts << [d, host] }
end
self.analyze hosts, template, output, groups, port: port, server_class: server_class, grade_class: grade_class
end
private
SCORES = %w(A+ A A- B C D E F T M X)
def self.score(a)
SCORES.index a.grade
end
end
end

66
lib/cryptcheck/tls/https.rb
View File

@ -1,72 +1,12 @@
require 'erb'
require 'logging'
require 'parallel'
module CryptCheck
module Tls
module Https
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@@log = ::Logging.logger[Https]
def self.grade(hostname, port=443)
timeout MAX_ANALYSIS_DURATION do
Grade.new Server.new hostname, port
end
rescue ::Exception => e
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" }
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port
end
def self.analyze(hosts, output, groups = nil)
results = {}
semaphore = ::Mutex.new
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host|
result = grade host.strip
semaphore.synchronize do
if results.include? description
results[description] << result
else
results[description] = [result]
end
end
end
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups
results.each do |d, _|
results[d].sort! do |a, b|
cmp = score(a) <=> score(b)
if cmp == 0
cmp = b.score <=> a.score
if cmp == 0
cmp = a.server.hostname <=> b.server.hostname
end
end
cmp
end
end
::File.write output, ::ERB.new(::File.read('output/https.erb')).result(binding)
def self.analyze(hosts, output)
Tls.analyze hosts, 'output/https.erb', output, nil, port: 443, server_class: Server, grade_class: Grade
end
def self.analyze_from_file(file, output)
config = ::YAML.load_file file
hosts = []
groups = []
config.each do |c|
d, hs = c['description'], c['hostnames']
groups << d
hs.each { |host| hosts << [d, host] }
end
self.analyze hosts, output, groups
end
private
SCORES = %w(A+ A A- B C D E F T M X)
def self.score(a)
SCORES.index a.grade
Tls.analyze_from_file file, 'output/https.erb', output, port: 443, server_class: Server, grade_class: Grade
end
end
end

4
lib/cryptcheck/tls/https/server.rb
View File

@ -1,5 +1,3 @@
require 'socket'
require 'openssl'
require 'httparty'
module CryptCheck
@ -17,7 +15,7 @@ module CryptCheck
port = @port == 443 ? '' : ":#{@port}"
response = nil
@methods.each do |method|
EXISTING_METHODS.each do |method|
begin
next unless SUPPORTED_METHODS.include? method
@log.debug { "Check HSTS with #{method}" }

23
lib/cryptcheck/tls/server.rb
View File

@ -38,6 +38,7 @@ module CryptCheck
@port = port
@log.error { "Begin analysis" }
extract_cert
#@prefered_ciphers = @supported_ciphers = Hash[SUPPORTED_METHODS.collect { |m| [m, []]}]
fetch_prefered_ciphers
check_supported_cipher
@log.error { "End analysis" }
@ -191,8 +192,8 @@ module CryptCheck
@log.debug { "Waiting for SSL write to #{@hostname}:#{@port}" }
raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT
retry
rescue ::OpenSSL::SSL::SSLError => e
raise TLSException, e
rescue => e
raise TLSException, e
ensure
ssl_socket.close
end
@ -283,14 +284,14 @@ module CryptCheck
def verify_trust(chain, cert)
store = ::OpenSSL::X509::Store.new
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
%w(mozilla cacert).each do |directory|
store.set_default_paths
%w(cacert).each do |directory|
::Dir.glob(::File.join '/usr/share/ca-certificates', directory, '*').each do |file|
::File.open file, 'r' do |file|
cert = ::OpenSSL::X509::Certificate.new file.read
begin
store.add_cert cert
rescue ::OpenSSL::X509::StoreError
end
cert = ::OpenSSL::X509::Certificate.new ::File.read file
begin
store.add_cert cert
rescue ::OpenSSL::X509::StoreError
end
end
end
@ -300,7 +301,9 @@ module CryptCheck
rescue ::OpenSSL::X509::StoreError
end
end
store.verify cert
trusted = store.verify cert
p store.error_string unless trusted
trusted
end
end

9
lib/cryptcheck/tls/smtp.rb
View File

@ -0,0 +1,9 @@
module CryptCheck
module Tls
module Smtp
def self.analyze_from_file(file, output)
Tls.analyze_from_file file, 'output/smtp.erb', output, port: 25, server_class: Server, grade_class: Grade
end
end
end
end

8
lib/cryptcheck/tls/smtp/grade.rb
View File

@ -0,0 +1,8 @@
module CryptCheck
module Tls
module Smtp
class Grade < Tls::Grade
end
end
end
end

35
lib/cryptcheck/tls/smtp/server.rb
View File

@ -0,0 +1,35 @@
require 'resolv'
module CryptCheck
module Tls
module Smtp
class Server < Tls::TcpServer
RESOLVER = Resolv::DNS.new
attr_reader :domain
def initialize(domain, port=25)
@domain = domain
srv = RESOLVER.getresources(domain, Resolv::DNS::Resource::IN::MX).sort_by(&:preference).first
if srv
hostname = srv.exchange.to_s
else # DNS is not correctly set, guess config…
hostname = domain
end
super hostname, port
end
def ssl_connect(socket, context, method, &block)
socket.recv 1024
socket.write "EHLO #{Socket.gethostbyname(Socket.gethostname).first}\r\n"
features = socket.recv(1024).split "\r\n"
starttls = features.find { |f| /250[- ]STARTTLS/ =~ f }
raise TLSNotAvailableException unless starttls
socket.write "STARTTLS\r\n"
socket.recv 1024
super
end
end
end
end
end

2
lib/cryptcheck/tls/xmpp.rb
View File

@ -7,7 +7,7 @@ module CryptCheck
module Xmpp
MAX_ANALYSIS_DURATION = 600
PARALLEL_ANALYSIS = 10
@@log = ::Logging.logger[Https]
@@log = ::Logging.logger[Xmpp]
def self.grade(hostname, type=:s2s)
timeout MAX_ANALYSIS_DURATION do

2
lib/cryptcheck/tls/xmpp/server.rb
View File

@ -1,5 +1,3 @@
require 'socket'
require 'openssl'
require 'nokogiri'
require 'resolv'

69
output/ca.yml
View File

@ -0,0 +1,69 @@
- description: Autorités de certification
hostnames:
- www.cacert.org
- acedicom.edicomgroup.com
- grca.nat.gov.tw
- pki.atos.net
- www.bundesdruckerei.de
- www.cybertrust.ne.jp
- www.logius.nl
- www.procert.net.ve
- www.s-trust.de
- webappsecurity.trendmicro.com
- www1.cnnic.cn
- www.actalis.it
- www.aoc.cat
- www.a-trust.at
- www.buypass.no
- www.camerfirma.com
- www.certicamara.com
- www.certigna.fr
- www.certinomis.com
- www.certsign.ro
- www.certum.pl
- www.cfca.com.cn
- www.cht.com.tw
- www.comodo.com
- www.comsign.co.il
- www.digicert.com
- www.disig.eu
- www.emc.com
- www.entrust.net
- www.e-szigno.hu
- www.etugra.com.tr
- www.firmaprofesional.com
- www.geotrust.com
- www.globalsign.com
- www.godaddy.com
- www.gpki.go.jp
- www.harica.gr
- www.hongkongpost.gov.hk
- www.identrust.com
- www.izenpe.com
- www.kamusm.gov.tr
- www.netlock.hu
- www.networksolutions.com
- www.opentrust.com
- www.pki.gva.es
- www.quovadisglobal.com
- www.secomtrust.net
- www.sgtrustservices.com
- www.sk.ee
- www.ssi.gouv.fr
- www.startssl.com
- www.swissdigicert.ch
- www.swisssign.com
- www.symantec.com
- www.teliasonera.com
- www.thawte.com
- www.trustcenter.de
- www.trustis.com
- www.trustwave.com
- www.t-systems.com
- www.turktrust.com.tr
- www.twca.com.tw
- www.verizon.com
- www.visa.com
- www.wellsfargo.com
- www.wisekey.com
- www.wosign.com

9
output/https.erb
View File

@ -4,7 +4,7 @@
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Status SSL/TLS banque &amp; commerce en ligne</title>
<title>SSL/TLS &mdash; HTTP</title>
<link rel="stylesheet" href="bootstrap.min.css">
<style>
body {
@ -77,9 +77,7 @@
%>
<tr>
<th id="<%= s.hostname %>">
<a href="https://www.ssllabs.com/ssltest/analyze.html?d=<%= s.hostname %>" target="_blank">
<%= s.hostname %>
</a>
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
</th>
<% if s.is_a? Tls::TlsNotSupportedServer %>
<td class="critical" colspan="16">
@ -189,6 +187,9 @@
<% end %>
</tbody>
</table>
<div class="pull-right">
Generated on <%= Time.now.strftime '%FT%T%:z' %>
</div>
</div>
</div>
</div>

95
output/index.yml
View File

@ -7,7 +7,7 @@
- rss.decornulier.eu
- fralef.me
- jeekajoo.eu
- status.jbfavre.org
- jbfavre.org
- rosset.net
- owc.h.arysthaar.pw
- crifo.org
@ -16,6 +16,12 @@
- komic.eu
- apericraft.ovh
- nicolas.legland.fr
- clauzel.eu
- vinilox.eu
- keuse.fr
- regar42.fr
- tcit.fr
- aplu.fr
- description: Associations
hostnames:
- april.org
@ -30,11 +36,49 @@
- lea-linux.org
- framasoft.org
- gnu.org
- www.fdn.fr
- description: Framasoft
hostnames:
- framabag.org
- framabin.org
- framabag.org
- framadate.org
- framanews.org
- framasphere.org
- framacalc.org
- framakey.org
- framapic.org
- framindmap.org
- framacolibri.org
- framabee.org
- tontonroger.org
- trouvons.org
- frama.link
- huit.re
- lite.framapad.org
- lite2.framapad.org
- lite3.framapad.org
- lite4.framapad.org
- lite5.framapad.org
- lite6.framapad.org
- quotidien.framapad.org
- hebdo.framapad.org
- mensuel.framapad.org
- bimensuel.framapad.org
- semestriel.framapad.org
- annuel.framapad.org
- git.framasoft.org
- participer.framasoft.org
- contact.framasoft.org
- stats.framasoft.org
- status.framasoft.org
- soutenir.framasoft.org
- description: Banques en ligne
hostnames:
- www.labanquepostale.fr
- voscomptesenligne.labanquepostale.fr
- www.labanquepostale-cartesprepayees.fr
- www.secure.bnpparibas.net
- mabanque.bnpparibas
- www.axabanque.fr
- www.fortuneo.fr
- www.ca-paris.fr
@ -51,7 +95,6 @@
- www.creditmutuel.fr
- www.caisse-epargne.fr
- paiement.systempay.fr
- cnce.wlp-acs.com
- www.cmb.fr
- www.ca-paris.fr
- www.ca-cotesdarmor.fr
@ -70,6 +113,14 @@
- www.gmf.fr
- www.hsbc.fr
- www.monabanq.com
- www.ca-atlantique-vendee.fr
- description: 3D « Secure »
hostnames:
- ssl.paiement.cic-banques.fr
- cnce.wlp-acs.com
- ingdf.wlp-acs.com
- ca-sp.wlp-acs.com
- www.e-i.com
- description: Assurances
hostnames:
- www.actassur.com
@ -135,6 +186,7 @@
- www.csf.fr
- client.gemoneybank.fr
- www.oney.fr
- www.cofidis.fr
- description: Webmails
hostnames:
- webmail.mailden.fr
@ -167,6 +219,7 @@
- mon.rsi.fr
- jedeclare.com
- net-entreprises.fr
- www.i-cad.fr
- description: Sites de commerce en ligne
hostnames:
- signin.ebay.fr
@ -182,10 +235,11 @@
- secure.fnac.com
- www.laredoute.fr
- online.carrefour.fr
- www.paymill.com
# - www.paymill.com
- paymium.com
- www.materiel.net
- www.topachat.com
- auth.topachat.com
- customer.rueducommerce.fr
- description: « Cloud » / Gestionnaires de mot de passe
hostnames:
- lastpass.com
@ -198,10 +252,39 @@
- spideroak.com
- hubic.com
- box.com
- description: FAI
hostnames:
- www.bouyguestelecom.fr
- www.sfr.fr
- www.orange.com
- www.nordnet.com
- www.free.fr
- www.fdn.fr
- www.connexion-verte.fr
- www.budget-telecom.com
- www.quantic-telecom.net
- www.nerim.fr
- offres.numericable.fr
- portail.dartybox.com
- www.ovh.com
- www.coriolis.com
- www.prixtel.com
- www.virginmobile.fr
- www.wibox.fr
- www.wimifi.net
- www.viveole.fr
- www.societehautdebit.fr
- www.skydsl.eu
- www.ozone.net
- www.nomotech.com
- www.bollore.com
- www.ifw.fr
- www.wizeo.com
- www.infosat-telecom.fr
- description: Divers
hostnames:
- www.mailden.net
- www.sharypic.com
- google.fr
- duckduckgo.com
- octopuce.fr
- sharypic.com

35
output/press.yml
View File

@ -0,0 +1,35 @@
- description: Journaux & Presse en ligne
hostnames:
- charliehebdo.fr
- tempsreel.nouvelobs.com
- www.20minutes.fr
- www.challenges.fr
- www.courrierinternational.com
- www.directmatin.fr
- www.francesoir.fr
- www.humanite.presse.fr
- www.la-croix.com
- www.latribune.fr
- www.lecanardenchaine.fr
- www.lefigaro.fr
- www.lejdd.fr
- www.lemonde.fr
- www.leparisien.fr
- www.lepoint.fr
- www.lequipe.fr
- www.lesechos.fr
- www.lexpress.fr
- www.liberation.fr
- www.lopinion.fr
- www.marianne.net
- www.mediapart.fr
- www.metronews.fr
- www.minute-hebdo.fr
- www.monde-diplomatique.fr
- www.monde-libertaire.fr
- www.parismatch.com
- www.telerama.fr
- www.vsd.fr
- www.slate.fr
- reader.fr
- www.arretsurimages.net

25
output/securedrop.yml
View File

@ -0,0 +1,25 @@
- description: SecureDrop instances
hostnames:
- securedrop.propublica.org
- ssl.washingtonpost.com
- nrkbeta.no
- exposefacts.org
- firstlook.org
- www.safesource.org.nz
- safesource.forbes.com
- pressfreedomfoundation.org
- projects.newyorker.com
- securedrop.theguardian.com
- securedrop.pogo.org
- bayleaks.com
- securedrop.radio24syv.dk
- tcfmailvault.info
- www.balkanleaks.eu
- description: GlobalLeaks instances
hostnames:
- secure.publeaks.nl
- secure.wildleaks.org
- www.extremeleaks.org
- description: Misc
hostnames:
- secure.frenchleaks.fr

192
output/smtp.erb
View File

@ -0,0 +1,192 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>SSL/TLS &mdash; SMTP</title>
<link rel="stylesheet" href="bootstrap.min.css">
<style>
body {
margin-top: 10px;
}
td {
text-align: center;
}
.critical {
background-color: #000;
color: #fff;
}
tr:hover > td.critical, td:hover.critical {
background-color: #333 !important;
}
</style>
</head>
<body>
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<table class="table table-bordered table-hover table-condensed">
<tbody>
<%
first = true
results.each do |r|
unless first
%>
<tr>
<th colspan="15">&nbsp;</th>
</tr>
<%
end
first = false
%>
<tr>
<th colspan="14" id="<%= r[0] %>"><%= r[0] %></th>
</tr>
<tr>
<th rowspan="2">Site</th>
<td rowspan="2">Grade</td>
<td colspan="2">Certificate</td>
<td colspan="4">Protocols</td>
<td colspan="5">Ciphers</td>
<td>Best practices</td>
</tr>
<tr>
<td>Key size (bits)</td>
<td class="warning">SHA1 sig</td>
<td class="critical">SSL v2</td>
<td class="critical">SSL v3</td>
<td class="success">TLS 1.2</td>
<td class="info">TLS</td>
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="info">PFS</td>
</tr>
<% r[1].each do |n|
s = n.server
%>
<tr>
<% if s.is_a? Tls::TlsNotSupportedServer %>
<th id="<%= s.hostname %>">
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
</th>
<td class="critical" colspan="16">
No SSL/TLS
</td>
<%
else
rank_color = case n.grade
when 'A+' then :info
when 'A', 'A-' then :success
when 'B', 'C' then :warning
when 'T', 'M' then :critical
else :danger
end
%>
<th id="<%= s.domain %>"><%= s.domain %></th>
<td class="<%= rank_color %>">
<%= n.grade %>
</td>
<td class="<%= s.key_size < 2048 ? :danger : s.key_size < 4096 ? :warning : :success %>">
<% type, size = s.key %>
<%= "#{size} (#{type.to_s.upcase})" %>
<span class="sr-only">(<%= s.key_size < 2048 ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sha1_sig? ? :warning : :success %>">
<%= s.sha1_sig? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1_sig? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sslv2? ? :critical : :success %>">
<%= s.sslv2? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sslv2? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sslv3? ? :critical : :success %>">
<%= s.sslv3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sslv3? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.tlsv1_2? ? :success : :danger %>">
<%= s.tlsv1_2? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.tlsv1_2? ? '☺' : '☹' %>)</span>
</td>
<td class="<%= s.tls? ? (s.tls_only? ? :info : :success) : :danger %>">
<%= s.tls? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.tls? ? '☺' : '☹' %>)</span>
</td>
<% cipher_size = s.cipher_size[:worst] %>
<td class="<%= cipher_size < 112 ? :danger : cipher_size < 128 ? :warning : :success %>">
<%= cipher_size %>
<span class="sr-only">(<%= cipher_size < 128 ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.md5? ? :critical : :success %>">
<%= s.md5? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.md5? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.sha1? ? :warning : :success %>">
<%= s.sha1? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>">
<%= (s.rc4? or s.des?) ? '✓' : '✗' %>
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.des3? ? :danger : :success %>">
<%= s.des3? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span>
</td>
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>">
<%= s.pfs? ? '✓' : '✗' %>
<span class="sr-only">(<%= s.pfs? ? '☺' : '☹' %>)</span>
</td>
<% end %>
</tr>
<% end %>
<tr>
<th rowspan="2">Site</th>
<td rowspan="2">Grade</td>
<td>Key size (bits)</td>
<td class="warning">SHA1 sig</td>
<td class="critical">SSL v2</td>
<td class="critical">SSL v3</td>
<td class="success">TLS 1.2</td>
<td class="info">TLS</td>
<td>Strength (bits)</td>
<td class="critical">MD5</td>
<td class="warning">SHA1</td>
<td class="critical">DES/RC4</td>
<td class="danger">3DES</td>
<td class="info">PFS</td>
</tr>
<tr>
<td colspan="2">Certificate</td>
<td colspan="4">Protocols</td>
<td colspan="5">Ciphers</td>
<td>Best practices</td>
</tr>
<% end %>
</tbody>
</table>
<div class="pull-right">
Generated on <%= Time.now.strftime '%FT%T%:z' %>
</div>
</div>
</div>
</div>
</body>
</html>

205
output/smtp.yml
View File

@ -0,0 +1,205 @@
- description: Serveurs personnels
hostnames:
- imirhil.fr
- libwalk.so
- keltia.net
- demouliere.eu
- decornulier.eu
- fralef.me
- jeekajoo.eu
- jbfavre.org
- rosset.net
- arysthaar.pw
- crifo.org
- matlink.fr
- pfag.me
- komic.eu
- apericraft.ovh
- legland.fr
- description: Associations
hostnames:
- april.org
- laquadrature.net
- fsf.org
- ubuntu-paris.org
- parinux.org
- aful.org
- rmll.info
- ubuntu-fr.org
- linuxfr.org
- lea-linux.org
- framasoft.org
- gnu.org
- description: Banques en ligne
hostnames:
- labanquepostale.fr
- labanquepostale-cartesprepayees.fr
- bnpparibas.net
- axabanque.fr
- fortuneo.fr
- ca-paris.fr
- credit-cooperatif.coop
- coopanet.com
- cic.fr
- societegenerale.fr
- groupama.fr
- banquepopulaire.fr
- ca-des-savoie.fr
- lcl.fr
- boursorama.com
- bpe.fr
- creditmutuel.fr
- caisse-epargne.fr
- systempay.fr
- wlp-acs.com
- cmb.fr
- ca-paris.fr
- ca-cotesdarmor.fr
- ingdirect.fr
- banque-accord.fr
- banque-casino.fr
- bforbank.com
- hellobank.fr
- carrefour-banque.fr
- agf.fr
- banque-casino.fr
- palatine.fr
- bpi-online.net
- barclays.fr
- credit-du-nord.fr
- gmf.fr
- hsbc.fr
- monabanq.com
- description: Assurances
hostnames:
- actassur.com
- gie-afer.fr
- ag2rlamondiale.fr
- consultations.agipi.com
- agpm.fr
- alptis.org
- altaprofits.com
- amv.fr
- apicil.com
- april.fr
- fapes-diffusion.fr
- assu2000.fr
- assurone.com
- avip.fr
- avivadirect.fr
- canisante.com
- carac.fr
- cegema.com
- chienchatsante.com
- direct-assurance.fr
- euro-assurance.com
- eca-assurances.com
- fma.fr
- gaipare.com
- gapassurance.com
- generali.fr
- hedios.com
- ingdirect.fr
- conservateur.fr
- linxea.com
- maaf.fr
- macif.fr
- macsf.fr
- maif.fr
- matmut.fr
- mgel.fr
- mma.fr
- nationalesuisse.ch
- nexx.fr
- sainteauprevoyance.com
- santevet.com
- selfepargne.fr
- sicavonline.fr
- smabtp.fr
- cybermutuelle.com
- sollyazar.com
- swisslife.fr
- description: Organismes de crédit
hostnames:
- cetelem.fr
- cofinoga.fr
- sofinco.fr
- pret-dunion.fr
- franfinance.fr
- 123credit.com
- disponis.fr
- complicio.fr
- creditfoncier.fr
- credit.fr
- credit-immobilier-de-france.fr
- csf.fr
- gemoneybank.fr
- oney.fr
- description: Webmails
hostnames:
- mailden.fr
- free.fr
- numericable.fr
- orange-business.com
- orange.fr
- gandi.net
- sfr.fr
- online.net
- amen.fr
- ovh.com
- aliceadsl.fr
- laposte.net
- openmailbox.org
- description: Administration
hostnames:
- ameli.fr
- moncompte.mobi
- service-public.fr
- impots.gouv.fr
- pole-emploi.fr
- caf.fr
- justice.gouv.fr
- interieur.gouv.fr
- cnil.fr
- quechoisir.org
- rsi.fr
- jedeclare.com
- net-entreprises.fr
- description: Sites de commerce en ligne
hostnames:
- ebay.fr
- ldlc.com
- grosbill.com
- darty.com
- boulanger.fr
- capitainetrain.com
- voyages-sncf.com
- pixmania.fr
- cdiscount.com
- ikea.com
- fnac.com
- laredoute.fr
- carrefour.fr
- paymill.com
- paymium.com
- materiel.net
- topachat.com
- description: « Cloud » / Gestionnaires de mot de passe
hostnames:
- lastpass.com
- dashlane.com
- passpack.com
- clipperz.is
- mitro.co
- icloud.com
- dropbox.com
- spideroak.com
- hubic.com
- box.com
- description: Divers
hostnames:
- mailden.net
- sharypic.com
- google.fr
- duckduckgo.com
- octopuce.fr

10
output/xmpp.erb
View File

@ -4,7 +4,7 @@
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>XMPP</title>
<title>SSL/TLS &mdash; XMPP</title>
<link rel="stylesheet" href="bootstrap.min.css">
<style>
body {
@ -91,8 +91,10 @@
s = n.server
%>
<tr>
<th id="<%= s.hostname %>">
<a href="#<%= s.hostname %>"><%= s.hostname %></a>
</th>
<% if s.is_a? Tls::TlsNotSupportedServer %>
<th id="<%= s.hostname %>"><%= s.hostname %></th>
<td class="critical" colspan="16">
No SSL/TLS
</td>
@ -104,7 +106,6 @@
when 'T', 'M' then :critical
else :danger
end %>
<th id="<%= s.domain %>"><%= s.domain %></th>
<td class="<%= rank_color %>">
<%= n.grade %>
</td>
@ -171,6 +172,9 @@
<% end %>
</tbody>
</table>
<div class="pull-right">
Generated on <%= Time.now.strftime '%FT%T%:z' %>
</div>
</div>
</div>
</div>

4
output/xmpp.yml
View File

@ -15,3 +15,7 @@
- citronna.de
- matlink.fr
- verry.org
- keuse.fr
- cappuccino.uk.to
- corzntin.fr
- fralef.me

Write Preview
Loading…
Cancel
Save