@@ -180,9 +180,12 @@ class Cert < ApiObject
180180 :crlURIs ,
181181 :ocspURIs ,
182182 :revocationStatus ,
183+ :crlRevocationStatus ,
184+ :ocspRevocationStatus ,
183185 :sgc? ,
184186 :validationType ,
185- :issues
187+ :issues ,
188+ :sct? ,
186189
187190 def valid?
188191 issues == 0
@@ -196,10 +199,19 @@ def invalid?
196199 class ChainCert < ApiObject
197200 has_fields :subject ,
198201 :label ,
202+ :notBefore ,
203+ :notAfter ,
199204 :issuerSubject ,
200205 :issuerLabel ,
206+ :sigAlg ,
201207 :issues ,
202- :raw
208+ :keyAlg ,
209+ :keySize ,
210+ :keyStrength ,
211+ :revocationStatus ,
212+ :crlRevocationStatus ,
213+ :ocspRevocationStatus ,
214+ :raw ,
203215
204216 def valid?
205217 issues == 0
@@ -354,6 +366,8 @@ class EndpointDetails < ApiObject
354366 :npnProtocols ,
355367 :sessionTickets ,
356368 :ocspStapling? ,
369+ :staplingRevocationStatus ,
370+ :staplingRevocationErrorMessage ,
357371 :sniRequired? ,
358372 :httpStatusCode ,
359373 :httpForwarding ,
@@ -364,8 +378,11 @@ class EndpointDetails < ApiObject
364378 has_fields :heartbleed? ,
365379 :heartbeat? ,
366380 :openSslCcs ,
381+ :poodle? ,
367382 :poodleTls ,
368- :fallbackScsv?
383+ :fallbackScsv? ,
384+ :freak? ,
385+ :hasSct
369386 end
370387
371388 class Endpoint < ApiObject
@@ -375,6 +392,7 @@ class Endpoint < ApiObject
375392 :statusDetails ,
376393 :statusDetailsMessage ,
377394 :grade ,
395+ :gradeTrustIgnored ,
378396 :hasWarnings? ,
379397 :isExceptional? ,
380398 :progress ,
@@ -408,7 +426,7 @@ def initialize(info = {})
408426 SSL/TLS assessment during a penetration test.
409427 } ,
410428 'License' => MSF_LICENSE ,
411- 'Author' =>
429+ 'Author' =>
412430 [
413431 'Denis Kolegov <dnkolegov[at]gmail.com>' ,
414432 'Francois Chagnon' # ssllab.rb author (https://github.com/Shopify/ssllabs.rb)
@@ -472,6 +490,8 @@ def output_endpoint_data(r)
472490 report_bad "Overall rating: #{ r . grade }
473491 end
474492
493+ report_warning "Grade is #{ r . grade_trust_ignored } if r . grade . to_s != r . grade_trust_ignored . to_s
494+
475495 # Supported protocols
476496 r . details . protocols . each do |i |
477497 p = ssl_protocols . detect { |x | x [ :id ] == i . id }
@@ -511,7 +531,12 @@ def output_endpoint_data(r)
511531 report_good "BEAST attack - No"
512532 end
513533
514- # puts "POODLE (SSLv3)- ?"
534+ # POODLE (SSLv3)
535+ if r . details . poodle?
536+ report_bad "POODLE SSLv3 - Vulnerable"
537+ else
538+ report_good "POODLE SSLv3 - Not vulnerable"
539+ end
515540
516541 # POODLE TLS
517542 case r . details . poodle_tls
@@ -520,16 +545,23 @@ def output_endpoint_data(r)
520545 when 0
521546 report_warning "POODLE TLS - Unknown"
522547 when 1
523- report_good "POODLE TLS - No "
548+ report_good "POODLE TLS - Not vulnerable "
524549 when 2
525- report_bad "POODLE TLS - Yes "
550+ report_bad "POODLE TLS - Vulnerable "
526551 end
527552
528553 # Downgrade attack prevention
529554 if r . details . fallback_scsv?
530- report_good "Downgrade attack prevention - Yes"
555+ report_good "Downgrade attack prevention - Yes, TLS_FALLBACK_SCSV supported"
556+ else
557+ report_bad "Downgrade attack prevention - No, TLS_FALLBACK_SCSV not supported"
558+ end
559+
560+ # Freak
561+ if r . details . freak?
562+ report_bad "Freak - Vulnerable"
531563 else
532- report_bad "Downgrade attack prevention - No "
564+ report_good "Freak - Not vulnerable "
533565 end
534566
535567 # RC4
@@ -553,7 +585,7 @@ def output_endpoint_data(r)
553585 if r . details . heartbleed?
554586 report_bad "Heartbleed (vulnerability) - Yes"
555587 else
556- report_good "Heartbeat (vulnerability) - No"
588+ report_good "Heartbleed (vulnerability) - No"
557589 end
558590
559591 # OpenSSL CCS
0 commit comments