Skip to content

TLS scan the SUT multiple times with different cipiher suites and version#13

Open
akarmegam wants to merge 1 commit intokubearmor:mainfrom
akarmegam:tlsscan_multiple_times
Open

TLS scan the SUT multiple times with different cipiher suites and version#13
akarmegam wants to merge 1 commit intokubearmor:mainfrom
akarmegam:tlsscan_multiple_times

Conversation

@akarmegam
Copy link
Copy Markdown

@akarmegam akarmegam commented Jul 4, 2023
edited
Loading

Created a json file config/nist-sp-800-52.json to keep NIST recommended and non recommended ciphersuites. And updated tlsscan to parse it using jq and invoke openssl s_client multiple times to scan each service.

And finally tlsscan generates report file tls_conn_report.json. From this a summar.csv is generated with list of tls versions supported and ciphersuites count and it is displayed in table form on console using tabled.

nyrahul
nyrahul requested changes Jul 6, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@nyrahul nyrahul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for the PR @raja-ashok
It would be great to have separate plugins to handle NIST on top of TLS scan report. This would make it extensible. The plugins should enrich the base TLS scan report with their own findings.

@akarmegam akarmegam force-pushed the tlsscan_multiple_times branch from 8066cb2 to edd4812 Compare July 22, 2023 11:55
@akarmegam akarmegam force-pushed the tlsscan_multiple_times branch 4 times, most recently from 15342c4 to 814fdaf Compare August 6, 2023 16:11
@akarmegam akarmegam changed the title [WIP] TLS scan the SUT multiple times with different cipiher suites and version TLS scan the SUT multiple times with different cipiher suites and version Aug 6, 2023
@nyrahul
Copy link
Copy Markdown
Contributor

nyrahul commented Aug 8, 2023

Hey @raja-ashok , this looks great! Can you attach a sample report that is generated as part of this? Thanks

@akarmegam akarmegam force-pushed the tlsscan_multiple_times branch from 814fdaf to 2c8927c Compare August 8, 2023 18:19
@akarmegam akarmegam force-pushed the tlsscan_multiple_times branch from 2c8927c to 9c06084 Compare August 8, 2023 18:42
@akarmegam
Copy link
Copy Markdown
Author

akarmegam commented Aug 8, 2023

Started two openssl s_server process and ran the tlsscan for testing.

openssl s_server -port 4455 
openssl s_server -port 4466 -tls1_2
./src/tlsscan --infile data/addr.list

image

@nandhued nandhued mentioned this pull request May 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nyrahul nyrahul nyrahul requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@akarmegam @nyrahul