-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathget_ssl_ciphers.php
executable file
·114 lines (88 loc) · 3.77 KB
/
get_ssl_ciphers.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
#############################################################################
# Use NMAP to discover what TLS ciphers remote server supports
#############################################################################
$base_dir = dirname(__FILE__);
# Load main config file.
require_once $base_dir . "/conf_default.php";
# Include user-defined overrides if they exist.
if( file_exists( $base_dir . "/conf.php" ) ) {
include_once $base_dir . "/conf.php";
}
$host_name = trim($_REQUEST['hostname']);
# Is it an IP
if(filter_var($host_name, FILTER_VALIDATE_IP) or filter_var($host_name, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) {
$user['ip'] = $host_name;
} else {
$user['ip'] = gethostbyname($_REQUEST['hostname']);
if ( $user['ip'] == $_REQUEST['hostname'] )
die("Address is not an IP and I can't resolve it. Doing nothing");
}
if ( !isset($_REQUEST['port']) ) {
$port = 443;
} else {
$port = is_numeric($_REQUEST['port']) && $_REQUEST['port'] > 1 && $_REQUEST['port'] < 65536 ? $_REQUEST['port'] : 443;
}
$site_id = is_numeric($_REQUEST['site_id']) ? $_REQUEST['site_id'] : -1;
# Need name of this script so we can execute the same on remote nodes
$conf['remote_exe'] = basename ( __FILE__ );
///////////////////////////////////////////////////////////////////////////////
// site_id == -1 means run only on this node. This is the only time
// we don't run stuff elsewhere
///////////////////////////////////////////////////////////////////////////////
if ( $_REQUEST['site_id'] == -1 ) {
# First make sure nmap is available
if ( !is_executable($conf['nmap_bin']) ) {
die("NMAP is not executable. Current path is to to " . $conf['nmap_bin'] . " please set \$conf['nmap_bin'] in conf.php to proper path");
}
?>
<h2>Ciphers</h2>
Running <p> <div style="background-color: #EEEEEE">
<?php
if ( filter_var($user['ip'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6 ) ) {
$is_ipv6 = "-6";
} else {
$is_ipv6 = "";
}
$cmd = $conf['nmap_bin'] . " --script=ssl-enum-ciphers " . $is_ipv6 . " -p " . $port . " " . $user['ip'];
print " " . $cmd;
?>
</div>
<div style="background-color: #DCDCDC">
<pre>
<?php
passthru(escapeshellcmd($cmd));
?>
</pre>
</div>
<?php
///////////////////////////////////////////////////////////////////////////////
// site_id == -100 means run on all remotes. So loop through individual
// remotes and make AJAX calls
///////////////////////////////////////////////////////////////////////////////
} else if ( $site_id == -100 ) {
// Get results from all remotes
foreach ( $conf['remotes'] as $index => $remote ) {
print "<div id='remote_" . $index . "'>
<button onClick='$(\"#ciphers_results_" . $index . "\").toggle();'>" .$conf['remotes'][$index]['name']. "</button></div>";
print "<div id='ciphers_results_" . $index ."'>";
print "<img src=\"img/spinner.gif\"></div>";
print '
<script>
$.get("' . $conf['remote_exe'] . '", "site_id=' . $index . '&hostname=' . htmlentities($_REQUEST['hostname']) . '", function(data) {
$("#ciphers_results_' . $index .'").html(data);
});
</script>
<p></p>';
}
} else if ( isset($conf['remotes'][$site_id]['name'] ) ) {
$sslOptions=array("ssl"=>array("verify_peer"=>false,"verify_peer_name"=>false));
print "<div><h3>" .$conf['remotes'][$site_id]['name']. "</h3></div>";
print "<div class=dns_results>";
print (file_get_contents($conf['remotes'][$site_id]['base_url'] . $conf['remote_exe'] . "?site_id=-1" .
"&hostname=" . $_REQUEST['hostname'] . "&port=" . $port, FALSE, stream_context_create($sslOptions) ));
print "</div>";
} else {
die("No valid site_id supplied");
}
?>