tls-attacker
diff --git a/‎README.md
Lines changed: 28 additions & 18 deletions b/‎README.md
Lines changed: 28 additions & 18 deletions
diff --git a/‎pom.xml
Lines changed: 7 additions & 2 deletions b/‎pom.xml
Lines changed: 7 additions & 2 deletions
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/ScanJobExecutor.java
Lines changed: 1 addition & 0 deletions b/‎src/main/java/de/rub/nds/tlsscanner/ScanJobExecutor.java
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/TLSScanner.java
Lines changed: 20 additions & 3 deletions b/‎src/main/java/de/rub/nds/tlsscanner/TLSScanner.java
Lines changed: 20 additions & 3 deletions
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/probe/BleichenbacherProbe.java
Lines changed: 46 additions & 0 deletions b/‎src/main/java/de/rub/nds/tlsscanner/probe/BleichenbacherProbe.java
Lines changed: 46 additions & 0 deletions
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/probe/CertificateProbe.java
Lines changed: 1 addition & 1 deletion b/‎src/main/java/de/rub/nds/tlsscanner/probe/CertificateProbe.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/probe/CiphersuiteOrderProbe.java
Lines changed: 0 additions & 2 deletions b/‎src/main/java/de/rub/nds/tlsscanner/probe/CiphersuiteOrderProbe.java
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/probe/Cve20162107Probe.java
Lines changed: 46 additions & 0 deletions b/‎src/main/java/de/rub/nds/tlsscanner/probe/Cve20162107Probe.java
Lines changed: 46 additions & 0 deletions
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/probe/HeartbleedProbe.java
Lines changed: 23 additions & 1 deletion b/‎src/main/java/de/rub/nds/tlsscanner/probe/HeartbleedProbe.java
Lines changed: 23 additions & 1 deletion
diff --git a/‎src/main/java/de/rub/nds/tlsscanner/probe/InvalidCurveProbe.java
Lines changed: 60 additions & 0 deletions b/‎src/main/java/de/rub/nds/tlsscanner/probe/InvalidCurveProbe.java
Lines changed: 60 additions & 0 deletions
@@ -4,8 +4,7 @@ TLS-Scanner is a tool created by the Chair for Network and Data Security from th
 **Please note:**  *TLS-Scanner is a research tool intended for TLS developers, pentesters, administrators and researchers. There is no GUI. It is in the first version and may contain some bugs.*
 
 # Compiling
-In order to compile and use TLS-Scanner, you need to have Java installed, as well as [TLS-Attacker](https://github.com/RUB-NDS/TLS-Attacker)
- and the [ModifiableVariables](https://github.com/RUB-NDS/ModifiableVariable).
+In order to compile and use TLS-Scanner, you need to have Java installed, as well as [TLS-Attacker](https://github.com/RUB-NDS/TLS-Attacker) in Version 2.1
 
 ```bash
 $ cd TLS-Scanner
@@ -24,7 +23,7 @@ $ ./mvnw clean install
 
 For hints on installing the required libraries checkout the corresponding GitHub repositories.
 
-**Please note:**  *In order to run this tool you need TLS-Attacker version 2.0Beta4*
+**Please note:**  *In order to run this tool you need TLS-Attacker version 2.1*
 
 # Running
 In order to run TLS-Scanner you need to run the jar file in the apps/ folder.
@@ -42,20 +41,31 @@ TLS-Scanner uses the concept of "checks" which are performed after it collected
 There are currently multiple checks implemented:
 
 
-| Check                           | Meaning                                                                  | 
-| ------------------------------- |:------------------------------------------------------------------------:|
-| CERTIFICATE_EXPIRED             | Checks if the Certificate is expired yet                                 |
-| CERTIFICATE_NOT_VALID_YET       | Checks if the Certificate is valid yet                                   |
-| CERTIFICATE_WEAK_HASH_FUNCTION  | Checks if the Server uses a weak Hash algorithm for its Certificate      |
-| CERTIFICATE_WEAK_SIGN_ALGORITHM | Checks if the Server uses a weak Signature algorithm for its Certificate |
-| CERTIFICATE_NOT_SENT_BY_SERVER  | Checks if the Server did sent a Certificate at all                       |
-| CIPHERSUITE_ANON                | Checks if the Server has Anon Ciphersuites enabled                       |
-| CIPHERSUITE_CBC                 | Checks if the Server has CBC Ciphersuites enabled for TLS 1.0            | 
-| CIPHERSUITE_EXPORT              | Checks if the Server has Export Ciphersuites enabled                     |
-| CIPHERSUITE_NULL                | Checks if the Server has Null Ciphersuites enabled                       |
-| CIPHERSUITE_RC4                 | Checks if the Server has RC4 Ciphersuites enabled                        |
-| CIPHERSUITEORDER_ENFORCED       | Checks if the Server does not enforce a Ciphersuite ordering             |
-| PROTOCOLVERSION_SSL2            | Checks if SSL 2 is enabled                                               |
-| PROTOCOLVERSION_SSL3            | Checks if SSL 3 is enabled                                               |
+| Check                           | Meaning                                                                  	  | 
+| ------------------------------- |:-----------------------------------------------------------------------------:|
+| CERTIFICATE_EXPIRED             | Checks if the Certificate is expired yet                                	  |
+| CERTIFICATE_NOT_VALID_YET       | Checks if the Certificate is valid yet                                   	  |
+| CERTIFICATE_WEAK_HASH_FUNCTION  | Checks if the Server uses a weak Hash algorithm for its Certificate      	  |
+| CERTIFICATE_WEAK_SIGN_ALGORITHM | Checks if the Server uses a weak Signature algorithm for its Certificate	  |
+| CERTIFICATE_NOT_SENT_BY_SERVER  | Checks if the Server did sent a Certificate at all                      	  |
+| CIPHERSUITE_ANON                | Checks if the Server has Anon Ciphersuites enabled                       	  |
+| CIPHERSUITE_CBC                 | Checks if the Server has CBC Ciphersuites enabled for TLS 1.0            	  | 
+| CIPHERSUITE_EXPORT              | Checks if the Server has Export Ciphersuites enabled                    	  |
+| CIPHERSUITE_NULL                | Checks if the Server has Null Ciphersuites enabled                       	  |
+| CIPHERSUITE_RC4                 | Checks if the Server has RC4 Ciphersuites enabled                       	  |
+| CIPHERSUITEORDER_ENFORCED       | Checks if the Server does not enforce a Ciphersuite ordering             	  |
+| PROTOCOLVERSION_SSL2            | Checks if SSL 2 is enabled                                               	  |
+| PROTOCOLVERSION_SSL3            | Checks if SSL 3 is enabled                                              	  |
+| ATTACK_HEARTBLEED               | Checks if the Server is vulnerable to Heartbleed                        	  |
+| ATTACK_PADDING                  | Checks if the Server is vulnerable to a Padding_Oracle Attack (BETA)    	  |
+| ATTACK_BLEICHENBACHER           | Checks if the Server is vulnerable to the Bleichenbacher Attack (BETA)  	  |
+| ATTACK_POODLE			          | Checks if the Server is vulnerable to the Poodle Attack (BETA)           	  |
+| ATTACK_TLS_POODLE               | Checks if the Server is vulnerable to the TLS variant of Poolde (BETA)   	  |
+| ATTACK_CVE20162107              | Checks if the Server is vulnerable to CVE20162107 (BETA)			y	 	  |
+| ATTACK_INVALID_CURVE            | Checks if the Server is vulnerable to the Invalid Curve Attack (BETA)	      |
+| ATTACK_INVALID_CURVE_EPHEMERAL  | Checks if the Server is vulnerable to an Ephemeral Invalid Curve Attack(BETA) |
+
+
+
 
 **Please note:**  *A check with a _result_ of true is considered non optimal*
@@ -3,13 +3,18 @@
     <modelVersion>4.0.0</modelVersion>
     <artifactId>TLS-Scanner</artifactId>
     <groupId>de.rub.nds.tlsscanner</groupId>
-    <version>1.0</version>
+    <version>1.1</version>
     <packaging>jar</packaging>
     <dependencies>
         <dependency>
             <groupId>de.rub.nds.tlsattacker</groupId>
             <artifactId>TLS-Core</artifactId>
-            <version>2.0Beta4</version>
+            <version>2.1</version>
+        </dependency>
+        <dependency>
+            <groupId>de.rub.nds.tlsattacker</groupId>
+            <artifactId>Attacks</artifactId>
+            <version>2.1</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
 
@@ -47,6 +47,7 @@ public SiteReport execute(ScannerConfig config, ScanJob scanJob) {
                 resultList.add(probeResult.get());
             } catch (InterruptedException | ExecutionException ex) {
                 LOGGER.warn("Encoutered Exception while retrieving probeResult");
+                ex.printStackTrace();
                 LOGGER.warn(ex);
             }
         }
 
@@ -11,12 +11,19 @@
 import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
 import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.probe.BleichenbacherProbe;
 import de.rub.nds.tlsscanner.report.SiteReport;
 import de.rub.nds.tlsscanner.probe.CertificateProbe;
 import de.rub.nds.tlsscanner.probe.CiphersuiteOrderProbe;
 import de.rub.nds.tlsscanner.probe.CiphersuiteProbe;
+import de.rub.nds.tlsscanner.probe.Cve20162107Probe;
+import de.rub.nds.tlsscanner.probe.HeartbleedProbe;
+import de.rub.nds.tlsscanner.probe.InvalidCurveProbe;
+import de.rub.nds.tlsscanner.probe.PaddingOracleProbe;
+import de.rub.nds.tlsscanner.probe.PoodleProbe;
 import de.rub.nds.tlsscanner.probe.ProtocolVersionProbe;
 import de.rub.nds.tlsscanner.probe.TLSProbe;
+import de.rub.nds.tlsscanner.probe.TlsPoodleProbe;
 import java.util.LinkedList;
 import java.util.List;
 import org.apache.logging.log4j.Level;
@@ -49,10 +56,14 @@ public TLSScanner(ScannerConfig config) {
         this.config = config;
         if (config.getGeneralDelegate().getLogLevel() == Level.ALL) {
             Configurator.setAllLevels("de.rub.nds.tlsattacker", Level.ALL);
+            Configurator.setAllLevels("de.rub.nds.modifiablevariable", Level.ALL);
+
         } else if (config.getGeneralDelegate().getLogLevel() == Level.TRACE) {
             Configurator.setAllLevels("de.rub.nds.tlsattacker", Level.INFO);
+            Configurator.setAllLevels("de.rub.nds.modifiablevariable", Level.INFO);
         } else {
             Configurator.setAllLevels("de.rub.nds.tlsattacker", Level.OFF);
+            Configurator.setAllLevels("de.rub.nds.modifiablevariable", Level.OFF);
         }
     }
 
@@ -62,9 +73,15 @@ public SiteReport scan() {
         testList.add(new ProtocolVersionProbe(config));
         testList.add(new CiphersuiteProbe(config));
         testList.add(new CiphersuiteOrderProbe(config));
-        // testList.add(new HeartbleedProbe(websiteHost));
-        // testList.add(new NamedCurvesProbe(websiteHost));
-        // testList.add(new PaddingOracleProbe(websiteHost));
+        testList.add(new HeartbleedProbe(config));
+        //testList.add(new NamedCurvesProbe(websiteHost));
+        testList.add(new PaddingOracleProbe(config));
+        testList.add(new BleichenbacherProbe(config));
+        testList.add(new PoodleProbe(config));
+        testList.add(new TlsPoodleProbe(config));
+        testList.add(new Cve20162107Probe(config));
+        testList.add(new InvalidCurveProbe(config));
+        
         // testList.add(new SignatureAndHashAlgorithmProbe(websiteHost));
         ScanJob job = new ScanJob(testList);
         return executor.execute(config, job);
 
@@ -0,0 +1,46 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.BleichenbacherCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.HeartbleedCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.BleichenbacherAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.HeartbleedAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget <[email protected]>
+ */
+public class BleichenbacherProbe extends TLSProbe {
+
+    public BleichenbacherProbe(ScannerConfig config) {
+        super(ProbeType.BLEICHENBACHER, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting BleichenbacherProbe");
+        BleichenbacherCommandConfig bleichenbacherConfig = new BleichenbacherCommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) bleichenbacherConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        BleichenbacherAttacker attacker = new BleichenbacherAttacker(bleichenbacherConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_BLEICHENBACHER, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+
+    }
+
+}
@@ -38,7 +38,7 @@ public ProbeResult call() {
         tlsConfig.setQuickReceive(true);
         tlsConfig.setEarlyStop(true);
         tlsConfig.setWorkflowTraceType(WorkflowTraceType.HELLO);
-        tlsConfig.setSniHostname(tlsConfig.getConnectionEnd().getHostname());
+        tlsConfig.setSniHostname(tlsConfig.getDefaultClientConnection().getHostname());
         tlsConfig.setAddServerNameIndicationExtension(true);
         tlsConfig.setStopActionsAfterFatal(true);
         Certificate serverCert = CertificateFetcher.fetchServerCertificate(tlsConfig);
 
@@ -14,12 +14,10 @@
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
 import de.rub.nds.tlsattacker.core.state.State;
-import de.rub.nds.tlsattacker.core.state.TlsContext;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutorFactory;
 import de.rub.nds.tlsattacker.core.workflow.action.executor.WorkflowExecutorType;
 import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
-import de.rub.nds.tlsattacker.transport.ClientConnectionEnd;
 import de.rub.nds.tlsscanner.config.ScannerConfig;
 import de.rub.nds.tlsscanner.report.ProbeResult;
 import de.rub.nds.tlsscanner.report.ResultValue;
 
@@ -0,0 +1,46 @@
+/**
+ * TLS-Scanner - A TLS Configuration Analysistool based on TLS-Attacker
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.Cve20162107CommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.Cve20162107Attacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget - [email protected]
+ */
+public class Cve20162107Probe extends TLSProbe {
+
+    public Cve20162107Probe(ScannerConfig config) {
+        super(ProbeType.CVE20162107, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting Cve20162107 Probe");
+        Cve20162107CommandConfig poodleCommandConfig = new Cve20162107CommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) poodleCommandConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        Cve20162107Attacker attacker = new Cve20162107Attacker(poodleCommandConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_CVE20162107, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+    }
+
+}
@@ -8,8 +8,18 @@
  */
 package de.rub.nds.tlsscanner.probe;
 
+import de.rub.nds.tlsattacker.attacks.config.HeartbleedCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.HeartbleedAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
 import de.rub.nds.tlsscanner.config.ScannerConfig;
 import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
 
 /**
  *
@@ -23,7 +33,19 @@ public HeartbleedProbe(ScannerConfig config) {
 
     @Override
     public ProbeResult call() {
-        throw new UnsupportedOperationException("Not supported yet.");
+        LOGGER.debug("Starting HeartbleedProbe");
+        HeartbleedCommandConfig heartbleedConfig = new HeartbleedCommandConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) heartbleedConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        HeartbleedAttacker attacker = new HeartbleedAttacker(heartbleedConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        if (vulnerable == null) {
+            vulnerable = false;
+        }
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_HEARTBLEED, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
     }
 
 }
@@ -0,0 +1,60 @@
+/**
+ * TLS-Scanner - A TLS Configuration Analysistool based on TLS-Attacker
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.InvalidCurveAttackConfig;
+import de.rub.nds.tlsattacker.attacks.impl.InvalidCurveAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget - [email protected]
+ */
+public class InvalidCurveProbe extends TLSProbe {
+
+    public InvalidCurveProbe(ScannerConfig config) {
+        super(ProbeType.INVALID_CURVE, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting InvalidCurveProbe");
+        InvalidCurveAttackConfig invalidCurveAttackConfig = new InvalidCurveAttackConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) invalidCurveAttackConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        InvalidCurveAttacker attacker = new InvalidCurveAttacker(invalidCurveAttackConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        if (vulnerable == null) {
+            vulnerable = false; //TODO
+        }
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_INVALID_CURVE, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        invalidCurveAttackConfig = new InvalidCurveAttackConfig(getScannerConfig().getGeneralDelegate());
+        invalidCurveAttackConfig.setEphemeral(true);
+        delegate = (ClientDelegate) invalidCurveAttackConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        attacker = new InvalidCurveAttacker(invalidCurveAttackConfig);
+        vulnerable = attacker.isVulnerable();
+        if (vulnerable == null) {
+            vulnerable = false; //TODO
+        }
+        check = new TLSCheck(vulnerable, CheckType.ATTACK_INVALID_CURVE_EPHEMERAL, 10);
+        checkList.add(check);
+        
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+    }
+}
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ public SiteReport execute(ScannerConfig config, ScanJob scanJob) {`
`47`	`47`	`resultList.add(probeResult.get());`
`48`	`48`	`} catch (InterruptedException \| ExecutionException ex) {`
`49`	`49`	`LOGGER.warn("Encoutered Exception while retrieving probeResult");`
	`50`	`+ ex.printStackTrace();`
`50`	`51`	`LOGGER.warn(ex);`
`51`	`52`	`}`
`52`	`53`	`}`