@@ -1,38 +1,57 @@ | |||
PWD = $(shell pwd) | |||
export CPATH = $(PWD)/openssl/include | |||
export LIBRARY_PATH = $(PWD)/openssl | |||
OPENSSL_VERSION = OpenSSL_1_0_1j | |||
RUBY_VERSION = 2.1.5 | |||
RUBY_OPENSSL_EXT_DIR = ruby-$(RUBY_VERSION)/ext/openssl | |||
OPENSSL_VERSION = 1.0.1m | |||
OPENSSL_DIR = openssl-$(OPENSSL_VERSION) | |||
RUBY_MAJOR_VERSION = 2.2 | |||
RUBY_VERSION = $(RUBY_MAJOR_VERSION).2 | |||
RUBY_DIR = ruby-$(RUBY_VERSION) | |||
RUBY_OPENSSL_EXT_DIR = $(RUBY_DIR)/ext/openssl | |||
export LIBRARY_PATH = $(PWD)/lib | |||
export C_INCLUDE_PATH = $(PWD)/$(OPENSSL_DIR)/include | |||
all: lib/libssl.so.1.0.0 lib/libcrypto.so.1.0.0 lib/openssl.so | |||
.SECONDARY: | |||
all: libs ext | |||
clean: | |||
rm -rf ruby-$(RUBY_VERSION) openssl | |||
rm -rf $(RUBY_DIR) $(OPENSSL_DIR) | |||
mr-proper: clean | |||
rm -rf lib/libcrypto.so* lib/libssl.so* lib/openssl.so | |||
$(OPENSSL_DIR)/: | |||
wget https://www.openssl.org/source/$(OPENSSL_DIR).tar.gz | |||
tar xf $(OPENSSL_DIR).tar.gz | |||
rm -rf $(OPENSSL_DIR).tar.gz | |||
openssl: | |||
git clone https://github.com/openssl/openssl -b $(OPENSSL_VERSION) | |||
$(OPENSSL_DIR)/Makefile: $(OPENSSL_DIR)/ | |||
cd $(OPENSSL_DIR); ./config shared | |||
openssl/Makefile: openssl | |||
cd openssl; ./config shared | |||
$(OPENSSL_DIR)/libssl.so.1.0.0 $(OPENSSL_DIR)/libcrypto.so.1.0.0: $(OPENSSL_DIR)/Makefile | |||
$(MAKE) -C $(OPENSSL_DIR) depend build_libs | |||
openssl/libssl.so: openssl/Makefile | |||
cd openssl; $(MAKE) depend all | |||
lib/%.so.1.0.0: $(OPENSSL_DIR)/%.so.1.0.0 | |||
cp $< $@ | |||
lib/%.so: lib/%.so.1.0.0 | |||
ln -s $(notdir $<) $@ | |||
lib/%.so.1.0.0: openssl/%.so | |||
cp $^ $@ | |||
libs: lib/libssl.so lib/libcrypto.so | |||
ruby-$(RUBY_VERSION): | |||
wget http://cache.ruby-lang.org/pub/ruby/2.1/ruby-$(RUBY_VERSION).tar.gz | |||
tar xf ruby-$(RUBY_VERSION).tar.gz | |||
rm -f ruby-$(RUBY_VERSION).tar.gz | |||
$(RUBY_DIR): | |||
wget http://cache.ruby-lang.org/pub/ruby/$(RUBY_MAJOR_VERSION)/$(RUBY_DIR).tar.gz | |||
tar xf $(RUBY_DIR).tar.gz | |||
rm -f $(RUBY_DIR).tar.gz | |||
$(RUBY_OPENSSL_EXT_DIR)/Makefile: ruby-$(RUBY_VERSION) | |||
$(RUBY_OPENSSL_EXT_DIR)/Makefile: libs $(RUBY_DIR) | |||
cd $(RUBY_OPENSSL_EXT_DIR); ruby extconf.rb | |||
patch $@ patch | |||
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/Makefile | |||
cd $(RUBY_OPENSSL_EXT_DIR); $(MAKE); $(MAKE) install | |||
$(RUBY_OPENSSL_EXT_DIR)/openssl.so: libs $(RUBY_OPENSSL_EXT_DIR)/Makefile | |||
$(MAKE) -C $(RUBY_OPENSSL_EXT_DIR) | |||
lib/openssl.so: $(RUBY_OPENSSL_EXT_DIR)/openssl.so | |||
cp $< $@ | |||
ext: lib/openssl.so |
@@ -3,6 +3,8 @@ $:.unshift 'lib' | |||
require 'logging' | |||
require 'cryptcheck' | |||
GROUP_NAME = 'Top 100 Alexa' | |||
::Logging.logger.root.appenders = ::Logging.appenders.stdout | |||
::Logging.logger.root.level = :error | |||
@@ -10,7 +12,7 @@ hosts = [] | |||
::File.open('top-1m.csv', 'r') do |file| | |||
i = 0 | |||
while line = file.gets | |||
hosts << ['Top 100 Alexa', line.strip.split(',')[1]] | |||
hosts << [GROUP_NAME, line.strip.split(',')[1]] | |||
i += 1 | |||
break if i == 100 | |||
end | |||
@@ -0,0 +1,17 @@ | |||
#!/usr/bin/env ruby | |||
$:.unshift 'lib' | |||
require 'logging' | |||
require 'cryptcheck' | |||
name = ARGV[0] | |||
unless name | |||
::CryptCheck::Tls::Smtp.analyze_from_file 'output/smtp.yml', 'output/smtp.html' | |||
else | |||
::Logging.logger.root.appenders = ::Logging.appenders.stdout | |||
::Logging.logger.root.level = :warn | |||
server = ::CryptCheck::Tls::Smtp::Server.new(ARGV[0], ARGV[1] || 25) | |||
p grade = ::CryptCheck::Tls::Smtp::Grade.new(server) | |||
end | |||
@@ -1,4 +1,5 @@ | |||
module CryptCheck | |||
autoload :Tls, 'cryptcheck/tls' | |||
module Tls | |||
autoload :Server, 'cryptcheck/tls/server' | |||
autoload :TcpServer, 'cryptcheck/tls/server' | |||
@@ -18,5 +19,11 @@ module CryptCheck | |||
autoload :Server, 'cryptcheck/tls/xmpp/server' | |||
autoload :Grade, 'cryptcheck/tls/xmpp/grade' | |||
end | |||
autoload :Smtp, 'cryptcheck/tls/smtp' | |||
module Smtp | |||
autoload :Server, 'cryptcheck/tls/smtp/server' | |||
autoload :Grade, 'cryptcheck/tls/smtp/grade' | |||
end | |||
end | |||
end |
@@ -0,0 +1,71 @@ | |||
require 'erb' | |||
require 'logging' | |||
require 'parallel' | |||
module CryptCheck | |||
module Tls | |||
MAX_ANALYSIS_DURATION = 600 | |||
PARALLEL_ANALYSIS = 10 | |||
@@log = ::Logging.logger[Tls] | |||
def self.grade(hostname, port, server_class:, grade_class:) | |||
timeout MAX_ANALYSIS_DURATION do | |||
grade_class.new server_class.new hostname, port | |||
end | |||
rescue ::Exception => e | |||
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" } | |||
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port | |||
end | |||
def self.analyze(hosts, template, output, groups = nil, port:, server_class:, grade_class:) | |||
results = {} | |||
semaphore = ::Mutex.new | |||
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host| | |||
result = grade host.strip, port, server_class: server_class, grade_class: grade_class | |||
semaphore.synchronize do | |||
if results.include? description | |||
results[description] << result | |||
else | |||
results[description] = [result] | |||
end | |||
end | |||
end | |||
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups | |||
results.each do |d, _| | |||
results[d].sort! do |a, b| | |||
cmp = score(a) <=> score(b) | |||
if cmp == 0 | |||
cmp = b.score <=> a.score | |||
if cmp == 0 | |||
cmp = a.server.hostname <=> b.server.hostname | |||
end | |||
end | |||
cmp | |||
end | |||
end | |||
::File.write output, ::ERB.new(::File.read(template)).result(binding) | |||
end | |||
def self.analyze_from_file(file, template, output, port:, server_class:, grade_class:) | |||
config = ::YAML.load_file file | |||
hosts = [] | |||
groups = [] | |||
config.each do |c| | |||
d, hs = c['description'], c['hostnames'] | |||
groups << d | |||
hs.each { |host| hosts << [d, host] } | |||
end | |||
self.analyze hosts, template, output, groups, port: port, server_class: server_class, grade_class: grade_class | |||
end | |||
private | |||
SCORES = %w(A+ A A- B C D E F T M X) | |||
def self.score(a) | |||
SCORES.index a.grade | |||
end | |||
end | |||
end |
@@ -1,72 +1,12 @@ | |||
require 'erb' | |||
require 'logging' | |||
require 'parallel' | |||
module CryptCheck | |||
module Tls | |||
module Https | |||
MAX_ANALYSIS_DURATION = 600 | |||
PARALLEL_ANALYSIS = 10 | |||
@@log = ::Logging.logger[Https] | |||
def self.grade(hostname, port=443) | |||
timeout MAX_ANALYSIS_DURATION do | |||
Grade.new Server.new hostname, port | |||
end | |||
rescue ::Exception => e | |||
@@log.error { "Error during #{hostname}:#{port} analysis : #{e}" } | |||
TlsNotSupportedGrade.new TlsNotSupportedServer.new hostname, port | |||
end | |||
def self.analyze(hosts, output, groups = nil) | |||
results = {} | |||
semaphore = ::Mutex.new | |||
::Parallel.each hosts, progress: 'Analysing', in_threads: PARALLEL_ANALYSIS, finish: lambda { |item, _, _| puts item[1] } do |description, host| | |||
result = grade host.strip | |||
semaphore.synchronize do | |||
if results.include? description | |||
results[description] << result | |||
else | |||
results[description] = [result] | |||
end | |||
end | |||
end | |||
results = ::Hash[groups.collect { |g| [g, results[g]] }] if groups | |||
results.each do |d, _| | |||
results[d].sort! do |a, b| | |||
cmp = score(a) <=> score(b) | |||
if cmp == 0 | |||
cmp = b.score <=> a.score | |||
if cmp == 0 | |||
cmp = a.server.hostname <=> b.server.hostname | |||
end | |||
end | |||
cmp | |||
end | |||
end | |||
::File.write output, ::ERB.new(::File.read('output/https.erb')).result(binding) | |||
def self.analyze(hosts, output) | |||
Tls.analyze hosts, 'output/https.erb', output, nil, port: 443, server_class: Server, grade_class: Grade | |||
end | |||
def self.analyze_from_file(file, output) | |||
config = ::YAML.load_file file | |||
hosts = [] | |||
groups = [] | |||
config.each do |c| | |||
d, hs = c['description'], c['hostnames'] | |||
groups << d | |||
hs.each { |host| hosts << [d, host] } | |||
end | |||
self.analyze hosts, output, groups | |||
end | |||
private | |||
SCORES = %w(A+ A A- B C D E F T M X) | |||
def self.score(a) | |||
SCORES.index a.grade | |||
Tls.analyze_from_file file, 'output/https.erb', output, port: 443, server_class: Server, grade_class: Grade | |||
end | |||
end | |||
end | |||
@@ -1,5 +1,3 @@ | |||
require 'socket' | |||
require 'openssl' | |||
require 'httparty' | |||
module CryptCheck | |||
@@ -17,7 +15,7 @@ module CryptCheck | |||
port = @port == 443 ? '' : ":#{@port}" | |||
response = nil | |||
@methods.each do |method| | |||
EXISTING_METHODS.each do |method| | |||
begin | |||
next unless SUPPORTED_METHODS.include? method | |||
@log.debug { "Check HSTS with #{method}" } | |||
@@ -38,6 +38,7 @@ module CryptCheck | |||
@port = port | |||
@log.error { "Begin analysis" } | |||
extract_cert | |||
#@prefered_ciphers = @supported_ciphers = Hash[SUPPORTED_METHODS.collect { |m| [m, []]}] | |||
fetch_prefered_ciphers | |||
check_supported_cipher | |||
@log.error { "End analysis" } | |||
@@ -191,8 +192,8 @@ module CryptCheck | |||
@log.debug { "Waiting for SSL write to #{@hostname}:#{@port}" } | |||
raise TLSTimeout unless IO.select nil, [socket], nil, SSL_TIMEOUT | |||
retry | |||
rescue ::OpenSSL::SSL::SSLError => e | |||
raise TLSException, e | |||
rescue => e | |||
raise TLSException, e | |||
ensure | |||
ssl_socket.close | |||
end | |||
@@ -283,14 +284,14 @@ module CryptCheck | |||
def verify_trust(chain, cert) | |||
store = ::OpenSSL::X509::Store.new | |||
store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT | |||
%w(mozilla cacert).each do |directory| | |||
store.set_default_paths | |||
%w(cacert).each do |directory| | |||
::Dir.glob(::File.join '/usr/share/ca-certificates', directory, '*').each do |file| | |||
::File.open file, 'r' do |file| | |||
cert = ::OpenSSL::X509::Certificate.new file.read | |||
begin | |||
store.add_cert cert | |||
rescue ::OpenSSL::X509::StoreError | |||
end | |||
cert = ::OpenSSL::X509::Certificate.new ::File.read file | |||
begin | |||
store.add_cert cert | |||
rescue ::OpenSSL::X509::StoreError | |||
end | |||
end | |||
end | |||
@@ -300,7 +301,9 @@ module CryptCheck | |||
rescue ::OpenSSL::X509::StoreError | |||
end | |||
end | |||
store.verify cert | |||
trusted = store.verify cert | |||
p store.error_string unless trusted | |||
trusted | |||
end | |||
end | |||
@@ -0,0 +1,9 @@ | |||
module CryptCheck | |||
module Tls | |||
module Smtp | |||
def self.analyze_from_file(file, output) | |||
Tls.analyze_from_file file, 'output/smtp.erb', output, port: 25, server_class: Server, grade_class: Grade | |||
end | |||
end | |||
end | |||
end |
@@ -0,0 +1,8 @@ | |||
module CryptCheck | |||
module Tls | |||
module Smtp | |||
class Grade < Tls::Grade | |||
end | |||
end | |||
end | |||
end |
@@ -0,0 +1,35 @@ | |||
require 'resolv' | |||
module CryptCheck | |||
module Tls | |||
module Smtp | |||
class Server < Tls::TcpServer | |||
RESOLVER = Resolv::DNS.new | |||
attr_reader :domain | |||
def initialize(domain, port=25) | |||
@domain = domain | |||
srv = RESOLVER.getresources(domain, Resolv::DNS::Resource::IN::MX).sort_by(&:preference).first | |||
if srv | |||
hostname = srv.exchange.to_s | |||
else # DNS is not correctly set, guess config… | |||
hostname = domain | |||
end | |||
super hostname, port | |||
end | |||
def ssl_connect(socket, context, method, &block) | |||
socket.recv 1024 | |||
socket.write "EHLO #{Socket.gethostbyname(Socket.gethostname).first}\r\n" | |||
features = socket.recv(1024).split "\r\n" | |||
starttls = features.find { |f| /250[- ]STARTTLS/ =~ f } | |||
raise TLSNotAvailableException unless starttls | |||
socket.write "STARTTLS\r\n" | |||
socket.recv 1024 | |||
super | |||
end | |||
end | |||
end | |||
end | |||
end |
@@ -7,7 +7,7 @@ module CryptCheck | |||
module Xmpp | |||
MAX_ANALYSIS_DURATION = 600 | |||
PARALLEL_ANALYSIS = 10 | |||
@@log = ::Logging.logger[Https] | |||
@@log = ::Logging.logger[Xmpp] | |||
def self.grade(hostname, type=:s2s) | |||
timeout MAX_ANALYSIS_DURATION do | |||
@@ -1,5 +1,3 @@ | |||
require 'socket' | |||
require 'openssl' | |||
require 'nokogiri' | |||
require 'resolv' | |||
@@ -0,0 +1,69 @@ | |||
- description: Autorités de certification | |||
hostnames: | |||
- www.cacert.org | |||
- acedicom.edicomgroup.com | |||
- grca.nat.gov.tw | |||
- pki.atos.net | |||
- www.bundesdruckerei.de | |||
- www.cybertrust.ne.jp | |||
- www.logius.nl | |||
- www.procert.net.ve | |||
- www.s-trust.de | |||
- webappsecurity.trendmicro.com | |||
- www1.cnnic.cn | |||
- www.actalis.it | |||
- www.aoc.cat | |||
- www.a-trust.at | |||
- www.buypass.no | |||
- www.camerfirma.com | |||
- www.certicamara.com | |||
- www.certigna.fr | |||
- www.certinomis.com | |||
- www.certsign.ro | |||
- www.certum.pl | |||
- www.cfca.com.cn | |||
- www.cht.com.tw | |||
- www.comodo.com | |||
- www.comsign.co.il | |||
- www.digicert.com | |||
- www.disig.eu | |||
- www.emc.com | |||
- www.entrust.net | |||
- www.e-szigno.hu | |||
- www.etugra.com.tr | |||
- www.firmaprofesional.com | |||
- www.geotrust.com | |||
- www.globalsign.com | |||
- www.godaddy.com | |||
- www.gpki.go.jp | |||
- www.harica.gr | |||
- www.hongkongpost.gov.hk | |||
- www.identrust.com | |||
- www.izenpe.com | |||
- www.kamusm.gov.tr | |||
- www.netlock.hu | |||
- www.networksolutions.com | |||
- www.opentrust.com | |||
- www.pki.gva.es | |||
- www.quovadisglobal.com | |||
- www.secomtrust.net | |||
- www.sgtrustservices.com | |||
- www.sk.ee | |||
- www.ssi.gouv.fr | |||
- www.startssl.com | |||
- www.swissdigicert.ch | |||
- www.swisssign.com | |||
- www.symantec.com | |||
- www.teliasonera.com | |||
- www.thawte.com | |||
- www.trustcenter.de | |||
- www.trustis.com | |||
- www.trustwave.com | |||
- www.t-systems.com | |||
- www.turktrust.com.tr | |||
- www.twca.com.tw | |||
- www.verizon.com | |||
- www.visa.com | |||
- www.wellsfargo.com | |||
- www.wisekey.com | |||
- www.wosign.com |
@@ -4,7 +4,7 @@ | |||
<meta charset="utf-8"> | |||
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | |||
<meta name="viewport" content="width=device-width, initial-scale=1"> | |||
<title>Status SSL/TLS banque & commerce en ligne</title> | |||
<title>SSL/TLS — HTTP</title> | |||
<link rel="stylesheet" href="bootstrap.min.css"> | |||
<style> | |||
body { | |||
@@ -77,9 +77,7 @@ | |||
%> | |||
<tr> | |||
<th id="<%= s.hostname %>"> | |||
<a href="https://www.ssllabs.com/ssltest/analyze.html?d=<%= s.hostname %>" target="_blank"> | |||
<%= s.hostname %> | |||
</a> | |||
<a href="#<%= s.hostname %>"><%= s.hostname %></a> | |||
</th> | |||
<% if s.is_a? Tls::TlsNotSupportedServer %> | |||
<td class="critical" colspan="16"> | |||
@@ -189,6 +187,9 @@ | |||
<% end %> | |||
</tbody> | |||
</table> | |||
<div class="pull-right"> | |||
Generated on <%= Time.now.strftime '%FT%T%:z' %> | |||
</div> | |||
</div> | |||
</div> | |||
</div> | |||
@@ -7,7 +7,7 @@ | |||
- rss.decornulier.eu | |||
- fralef.me | |||
- jeekajoo.eu | |||
- status.jbfavre.org | |||
- jbfavre.org | |||
- rosset.net | |||
- owc.h.arysthaar.pw | |||
- crifo.org | |||
@@ -16,6 +16,12 @@ | |||
- komic.eu | |||
- apericraft.ovh | |||
- nicolas.legland.fr | |||
- clauzel.eu | |||
- vinilox.eu | |||
- keuse.fr | |||
- regar42.fr | |||
- tcit.fr | |||
- aplu.fr | |||
- description: Associations | |||
hostnames: | |||
- april.org | |||
@@ -30,11 +36,49 @@ | |||
- lea-linux.org | |||
- framasoft.org | |||
- gnu.org | |||
- www.fdn.fr | |||
- description: Framasoft | |||
hostnames: | |||
- framabag.org | |||
- framabin.org | |||
- framabag.org | |||
- framadate.org | |||
- framanews.org | |||
- framasphere.org | |||
- framacalc.org | |||
- framakey.org | |||
- framapic.org | |||
- framindmap.org | |||
- framacolibri.org | |||
- framabee.org | |||
- tontonroger.org | |||
- trouvons.org | |||
- frama.link | |||
- huit.re | |||
- lite.framapad.org | |||
- lite2.framapad.org | |||
- lite3.framapad.org | |||
- lite4.framapad.org | |||
- lite5.framapad.org | |||
- lite6.framapad.org | |||
- quotidien.framapad.org | |||
- hebdo.framapad.org | |||
- mensuel.framapad.org | |||
- bimensuel.framapad.org | |||
- semestriel.framapad.org | |||
- annuel.framapad.org | |||
- git.framasoft.org | |||
- participer.framasoft.org | |||
- contact.framasoft.org | |||
- stats.framasoft.org | |||
- status.framasoft.org | |||
- soutenir.framasoft.org | |||
- description: Banques en ligne | |||
hostnames: | |||
- www.labanquepostale.fr | |||
- voscomptesenligne.labanquepostale.fr | |||
- www.labanquepostale-cartesprepayees.fr | |||
- www.secure.bnpparibas.net | |||
- mabanque.bnpparibas | |||
- www.axabanque.fr | |||
- www.fortuneo.fr | |||
- www.ca-paris.fr | |||
@@ -51,7 +95,6 @@ | |||
- www.creditmutuel.fr | |||
- www.caisse-epargne.fr | |||
- paiement.systempay.fr | |||
- cnce.wlp-acs.com | |||
- www.cmb.fr | |||
- www.ca-paris.fr | |||
- www.ca-cotesdarmor.fr | |||
@@ -70,6 +113,14 @@ | |||
- www.gmf.fr | |||
- www.hsbc.fr | |||
- www.monabanq.com | |||
- www.ca-atlantique-vendee.fr | |||
- description: 3D « Secure » | |||
hostnames: | |||
- ssl.paiement.cic-banques.fr | |||
- cnce.wlp-acs.com | |||
- ingdf.wlp-acs.com | |||
- ca-sp.wlp-acs.com | |||
- www.e-i.com | |||
- description: Assurances | |||
hostnames: | |||
- www.actassur.com | |||
@@ -135,6 +186,7 @@ | |||
- www.csf.fr | |||
- client.gemoneybank.fr | |||
- www.oney.fr | |||
- www.cofidis.fr | |||
- description: Webmails | |||
hostnames: | |||
- webmail.mailden.fr | |||
@@ -167,6 +219,7 @@ | |||
- mon.rsi.fr | |||
- jedeclare.com | |||
- net-entreprises.fr | |||
- www.i-cad.fr | |||
- description: Sites de commerce en ligne | |||
hostnames: | |||
- signin.ebay.fr | |||
@@ -182,10 +235,11 @@ | |||
- secure.fnac.com | |||
- www.laredoute.fr | |||
- online.carrefour.fr | |||
- www.paymill.com | |||
# - www.paymill.com | |||
- paymium.com | |||
- www.materiel.net | |||
- www.topachat.com | |||
- auth.topachat.com | |||
- customer.rueducommerce.fr | |||
- description: « Cloud » / Gestionnaires de mot de passe | |||
hostnames: | |||
- lastpass.com | |||
@@ -198,10 +252,39 @@ | |||
- spideroak.com | |||
- hubic.com | |||
- box.com | |||
- description: FAI | |||
hostnames: | |||
- www.bouyguestelecom.fr | |||
- www.sfr.fr | |||
- www.orange.com | |||
- www.nordnet.com | |||
- www.free.fr | |||
- www.fdn.fr | |||
- www.connexion-verte.fr | |||
- www.budget-telecom.com | |||
- www.quantic-telecom.net | |||
- www.nerim.fr | |||
- offres.numericable.fr | |||
- portail.dartybox.com | |||
- www.ovh.com | |||
- www.coriolis.com | |||
- www.prixtel.com | |||
- www.virginmobile.fr | |||
- www.wibox.fr | |||
- www.wimifi.net | |||
- www.viveole.fr | |||
- www.societehautdebit.fr | |||
- www.skydsl.eu | |||
- www.ozone.net | |||
- www.nomotech.com | |||
- www.bollore.com | |||
- www.ifw.fr | |||
- www.wizeo.com | |||
- www.infosat-telecom.fr | |||
- description: Divers | |||
hostnames: | |||
- www.mailden.net | |||
- www.sharypic.com | |||
- google.fr | |||
- duckduckgo.com | |||
- octopuce.fr | |||
- sharypic.com |
@@ -0,0 +1,35 @@ | |||
- description: Journaux & Presse en ligne | |||
hostnames: | |||
- charliehebdo.fr | |||
- tempsreel.nouvelobs.com | |||
- www.20minutes.fr | |||
- www.challenges.fr | |||
- www.courrierinternational.com | |||
- www.directmatin.fr | |||
- www.francesoir.fr | |||
- www.humanite.presse.fr | |||
- www.la-croix.com | |||
- www.latribune.fr | |||
- www.lecanardenchaine.fr | |||
- www.lefigaro.fr | |||
- www.lejdd.fr | |||
- www.lemonde.fr | |||
- www.leparisien.fr | |||
- www.lepoint.fr | |||
- www.lequipe.fr | |||
- www.lesechos.fr | |||
- www.lexpress.fr | |||
- www.liberation.fr | |||
- www.lopinion.fr | |||
- www.marianne.net | |||
- www.mediapart.fr | |||
- www.metronews.fr | |||
- www.minute-hebdo.fr | |||
- www.monde-diplomatique.fr | |||
- www.monde-libertaire.fr | |||
- www.parismatch.com | |||
- www.telerama.fr | |||
- www.vsd.fr | |||
- www.slate.fr | |||
- reader.fr | |||
- www.arretsurimages.net |
@@ -0,0 +1,25 @@ | |||
- description: SecureDrop instances | |||
hostnames: | |||
- securedrop.propublica.org | |||
- ssl.washingtonpost.com | |||
- nrkbeta.no | |||
- exposefacts.org | |||
- firstlook.org | |||
- www.safesource.org.nz | |||
- safesource.forbes.com | |||
- pressfreedomfoundation.org | |||
- projects.newyorker.com | |||
- securedrop.theguardian.com | |||
- securedrop.pogo.org | |||
- bayleaks.com | |||
- securedrop.radio24syv.dk | |||
- tcfmailvault.info | |||
- www.balkanleaks.eu | |||
- description: GlobalLeaks instances | |||
hostnames: | |||
- secure.publeaks.nl | |||
- secure.wildleaks.org | |||
- www.extremeleaks.org | |||
- description: Misc | |||
hostnames: | |||
- secure.frenchleaks.fr |
@@ -0,0 +1,192 @@ | |||
<!DOCTYPE html> | |||
<html lang="fr"> | |||
<head> | |||
<meta charset="utf-8"> | |||
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | |||
<meta name="viewport" content="width=device-width, initial-scale=1"> | |||
<title>SSL/TLS — SMTP</title> | |||
<link rel="stylesheet" href="bootstrap.min.css"> | |||
<style> | |||
body { | |||
margin-top: 10px; | |||
} | |||
td { | |||
text-align: center; | |||
} | |||
.critical { | |||
background-color: #000; | |||
color: #fff; | |||
} | |||
tr:hover > td.critical, td:hover.critical { | |||
background-color: #333 !important; | |||
} | |||
</style> | |||
</head> | |||
<body> | |||
<div class="container-fluid"> | |||
<div class="row"> | |||
<div class="col-md-12"> | |||
<table class="table table-bordered table-hover table-condensed"> | |||
<tbody> | |||
<% | |||
first = true | |||
results.each do |r| | |||
unless first | |||
%> | |||
<tr> | |||
<th colspan="15"> </th> | |||
</tr> | |||
<% | |||
end | |||
first = false | |||
%> | |||
<tr> | |||
<th colspan="14" id="<%= r[0] %>"><%= r[0] %></th> | |||
</tr> | |||
<tr> | |||
<th rowspan="2">Site</th> | |||
<td rowspan="2">Grade</td> | |||
<td colspan="2">Certificate</td> | |||
<td colspan="4">Protocols</td> | |||
<td colspan="5">Ciphers</td> | |||
<td>Best practices</td> | |||
</tr> | |||
<tr> | |||
<td>Key size (bits)</td> | |||
<td class="warning">SHA1 sig</td> | |||
<td class="critical">SSL v2</td> | |||
<td class="critical">SSL v3</td> | |||
<td class="success">TLS 1.2</td> | |||
<td class="info">TLS</td> | |||
<td>Strength (bits)</td> | |||
<td class="critical">MD5</td> | |||
<td class="warning">SHA1</td> | |||
<td class="critical">DES/RC4</td> | |||
<td class="danger">3DES</td> | |||
<td class="info">PFS</td> | |||
</tr> | |||
<% r[1].each do |n| | |||
s = n.server | |||
%> | |||
<tr> | |||
<% if s.is_a? Tls::TlsNotSupportedServer %> | |||
<th id="<%= s.hostname %>"> | |||
<a href="#<%= s.hostname %>"><%= s.hostname %></a> | |||
</th> | |||
<td class="critical" colspan="16"> | |||
No SSL/TLS | |||
</td> | |||
<% | |||
else | |||
rank_color = case n.grade | |||
when 'A+' then :info | |||
when 'A', 'A-' then :success | |||
when 'B', 'C' then :warning | |||
when 'T', 'M' then :critical | |||
else :danger | |||
end | |||
%> | |||
<th id="<%= s.domain %>"><%= s.domain %></th> | |||
<td class="<%= rank_color %>"> | |||
<%= n.grade %> | |||
</td> | |||
<td class="<%= s.key_size < 2048 ? :danger : s.key_size < 4096 ? :warning : :success %>"> | |||
<% type, size = s.key %> | |||
<%= "#{size} (#{type.to_s.upcase})" %> | |||
<span class="sr-only">(<%= s.key_size < 2048 ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.sha1_sig? ? :warning : :success %>"> | |||
<%= s.sha1_sig? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.sha1_sig? ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.sslv2? ? :critical : :success %>"> | |||
<%= s.sslv2? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.sslv2? ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.sslv3? ? :critical : :success %>"> | |||
<%= s.sslv3? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.sslv3? ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.tlsv1_2? ? :success : :danger %>"> | |||
<%= s.tlsv1_2? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.tlsv1_2? ? '☺' : '☹' %>)</span> | |||
</td> | |||
<td class="<%= s.tls? ? (s.tls_only? ? :info : :success) : :danger %>"> | |||
<%= s.tls? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.tls? ? '☺' : '☹' %>)</span> | |||
</td> | |||
<% cipher_size = s.cipher_size[:worst] %> | |||
<td class="<%= cipher_size < 112 ? :danger : cipher_size < 128 ? :warning : :success %>"> | |||
<%= cipher_size %> | |||
<span class="sr-only">(<%= cipher_size < 128 ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.md5? ? :critical : :success %>"> | |||
<%= s.md5? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.md5? ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.sha1? ? :warning : :success %>"> | |||
<%= s.sha1? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.sha1? ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= (s.rc4? or s.des?) ? :critical : :success %>"> | |||
<%= (s.rc4? or s.des?) ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= (s.rc4? or s.des?) ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.des3? ? :danger : :success %>"> | |||
<%= s.des3? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.des3? ? '☹' : '☺' %>)</span> | |||
</td> | |||
<td class="<%= s.pfs? ? (s.pfs_only? ? :info : :success) : :danger %>"> | |||
<%= s.pfs? ? '✓' : '✗' %> | |||
<span class="sr-only">(<%= s.pfs? ? '☺' : '☹' %>)</span> | |||
</td> | |||
<% end %> | |||
</tr> | |||
<% end %> | |||
<tr> | |||
<th rowspan="2">Site</th> | |||
<td rowspan="2">Grade</td> | |||
<td>Key size (bits)</td> | |||
<td class="warning">SHA1 sig</td> | |||
<td class="critical">SSL v2</td> | |||
<td class="critical">SSL v3</td> | |||
<td class="success">TLS 1.2</td> | |||
<td class="info">TLS</td> | |||
<td>Strength (bits)</td> | |||
<td class="critical">MD5</td> | |||
<td class="warning">SHA1</td> | |||
<td class="critical">DES/RC4</td> | |||
<td class="danger">3DES</td> | |||
<td class="info">PFS</td> | |||
</tr> | |||
<tr> | |||
<td colspan="2">Certificate</td> | |||
<td colspan="4">Protocols</td> | |||
<td colspan="5">Ciphers</td> | |||
<td>Best practices</td> | |||
</tr> | |||
<% end %> | |||
</tbody> | |||
</table> | |||
<div class="pull-right"> | |||
Generated on <%= Time.now.strftime '%FT%T%:z' %> | |||
</div> | |||
</div> | |||
</div> | |||
</div> | |||
</body> | |||
</html> |
@@ -0,0 +1,205 @@ | |||
- description: Serveurs personnels | |||
hostnames: | |||
- imirhil.fr | |||
- libwalk.so | |||
- keltia.net | |||
- demouliere.eu | |||
- decornulier.eu | |||
- fralef.me | |||
- jeekajoo.eu | |||
- jbfavre.org | |||
- rosset.net | |||
- arysthaar.pw | |||
- crifo.org | |||
- matlink.fr | |||
- pfag.me | |||
- komic.eu | |||
- apericraft.ovh | |||
- legland.fr | |||
- description: Associations | |||
hostnames: | |||
- april.org | |||
- laquadrature.net | |||
- fsf.org | |||
- ubuntu-paris.org | |||
- parinux.org | |||
- aful.org | |||
- rmll.info | |||
- ubuntu-fr.org | |||
- linuxfr.org | |||
- lea-linux.org | |||
- framasoft.org | |||
- gnu.org | |||
- description: Banques en ligne | |||
hostnames: | |||
- labanquepostale.fr | |||
- labanquepostale-cartesprepayees.fr | |||
- bnpparibas.net | |||
- axabanque.fr | |||
- fortuneo.fr | |||
- ca-paris.fr | |||
- credit-cooperatif.coop | |||
- coopanet.com | |||
- cic.fr | |||
- societegenerale.fr | |||
- groupama.fr | |||
- banquepopulaire.fr | |||
- ca-des-savoie.fr | |||
- lcl.fr | |||
- boursorama.com | |||
- bpe.fr | |||
- creditmutuel.fr | |||
- caisse-epargne.fr | |||
- systempay.fr | |||
- wlp-acs.com | |||
- cmb.fr | |||
- ca-paris.fr | |||
- ca-cotesdarmor.fr | |||
- ingdirect.fr | |||
- banque-accord.fr | |||
- banque-casino.fr | |||
- bforbank.com | |||
- hellobank.fr | |||
- carrefour-banque.fr | |||
- agf.fr | |||
- banque-casino.fr | |||
- palatine.fr | |||
- bpi-online.net | |||
- barclays.fr | |||
- credit-du-nord.fr | |||
- gmf.fr | |||
- hsbc.fr | |||
- monabanq.com | |||
- description: Assurances | |||
hostnames: | |||
- actassur.com | |||
- gie-afer.fr | |||
- ag2rlamondiale.fr | |||
- consultations.agipi.com | |||
- agpm.fr | |||
- alptis.org | |||
- altaprofits.com | |||
- amv.fr | |||
- apicil.com | |||
- april.fr | |||
- fapes-diffusion.fr | |||
- assu2000.fr | |||
- assurone.com | |||
- avip.fr | |||
- avivadirect.fr | |||
- canisante.com | |||
- carac.fr | |||
- cegema.com | |||
- chienchatsante.com | |||
- direct-assurance.fr | |||
- euro-assurance.com | |||
- eca-assurances.com | |||
- fma.fr | |||
- gaipare.com | |||
- gapassurance.com | |||
- generali.fr | |||
- hedios.com | |||
- ingdirect.fr | |||
- conservateur.fr | |||
- linxea.com | |||
- maaf.fr | |||
- macif.fr | |||
- macsf.fr | |||
- maif.fr | |||
- matmut.fr | |||
- mgel.fr | |||
- mma.fr | |||
- nationalesuisse.ch | |||
- nexx.fr | |||
- sainteauprevoyance.com | |||
- santevet.com | |||
- selfepargne.fr | |||
- sicavonline.fr | |||
- smabtp.fr | |||
- cybermutuelle.com | |||
- sollyazar.com | |||
- swisslife.fr | |||
- description: Organismes de crédit | |||
hostnames: | |||
- cetelem.fr | |||
- cofinoga.fr | |||
- sofinco.fr | |||
- pret-dunion.fr | |||
- franfinance.fr | |||
- 123credit.com | |||
- disponis.fr | |||
- complicio.fr | |||
- creditfoncier.fr | |||
- credit.fr | |||
- credit-immobilier-de-france.fr | |||
- csf.fr | |||
- gemoneybank.fr | |||
- oney.fr | |||
- description: Webmails | |||
hostnames: | |||
- mailden.fr | |||
- free.fr | |||
- numericable.fr | |||
- orange-business.com | |||
- orange.fr | |||
- gandi.net | |||
- sfr.fr | |||
- online.net | |||
- amen.fr | |||
- ovh.com | |||
- aliceadsl.fr | |||
- laposte.net | |||
- openmailbox.org | |||
- description: Administration | |||
hostnames: | |||
- ameli.fr | |||
- moncompte.mobi | |||
- service-public.fr | |||
- impots.gouv.fr | |||
- pole-emploi.fr | |||
- caf.fr | |||
- justice.gouv.fr | |||
- interieur.gouv.fr | |||
- cnil.fr | |||
- quechoisir.org | |||
- rsi.fr | |||
- jedeclare.com | |||
- net-entreprises.fr | |||
- description: Sites de commerce en ligne | |||
hostnames: | |||
- ebay.fr | |||
- ldlc.com | |||
- grosbill.com | |||
- darty.com | |||
- boulanger.fr | |||
- capitainetrain.com | |||
- voyages-sncf.com | |||
- pixmania.fr | |||
- cdiscount.com | |||
- ikea.com | |||
- fnac.com | |||
- laredoute.fr | |||
- carrefour.fr | |||
- paymill.com | |||
- paymium.com | |||
- materiel.net | |||
- topachat.com | |||
- description: « Cloud » / Gestionnaires de mot de passe | |||
hostnames: | |||
- lastpass.com | |||
- dashlane.com | |||
- passpack.com | |||
- clipperz.is | |||
- mitro.co | |||
- icloud.com | |||
- dropbox.com | |||
- spideroak.com | |||
- hubic.com | |||
- box.com | |||
- description: Divers | |||
hostnames: | |||
- mailden.net | |||
- sharypic.com | |||
- google.fr | |||
- duckduckgo.com | |||
- octopuce.fr |
@@ -4,7 +4,7 @@ | |||
<meta charset="utf-8"> | |||
<meta http-equiv="X-UA-Compatible" content="IE=edge"> | |||
<meta name="viewport" content="width=device-width, initial-scale=1"> | |||
<title>XMPP</title> | |||
<title>SSL/TLS — XMPP</title> | |||
<link rel="stylesheet" href="bootstrap.min.css"> | |||
<style> | |||
body { | |||
@@ -91,8 +91,10 @@ | |||
s = n.server | |||
%> | |||
<tr> | |||
<th id="<%= s.hostname %>"> | |||
<a href="#<%= s.hostname %>"><%= s.hostname %></a> | |||
</th> | |||
<% if s.is_a? Tls::TlsNotSupportedServer %> | |||
<th id="<%= s.hostname %>"><%= s.hostname %></th> | |||
<td class="critical" colspan="16"> | |||
No SSL/TLS | |||
</td> | |||
@@ -104,7 +106,6 @@ | |||
when 'T', 'M' then :critical | |||
else :danger | |||
end %> | |||
<th id="<%= s.domain %>"><%= s.domain %></th> | |||
<td class="<%= rank_color %>"> | |||
<%= n.grade %> | |||
</td> | |||
@@ -171,6 +172,9 @@ | |||
<% end %> | |||
</tbody> | |||
</table> | |||
<div class="pull-right"> | |||
Generated on <%= Time.now.strftime '%FT%T%:z' %> | |||
</div> | |||
</div> | |||
</div> | |||
</div> | |||
@@ -15,3 +15,7 @@ | |||
- citronna.de | |||
- matlink.fr | |||
- verry.org | |||
- keuse.fr | |||
- cappuccino.uk.to | |||
- corzntin.fr | |||
- fralef.me |