node-red-contrib-testssl - npm Package Compare versions

		@@ -6,2 +6,3 @@ module.exports = function(RED) {
		const aha = require('aha');
		const crypto = require('crypto');
		const moment = require('moment');
		@@ -14,18 +15,18 @@ const validator = require("validator");
		RED.nodes.createNode(this,n);
		var scantarget = n.host;
		var opensslpath = n.opensslpath \|\| '/usr/bin/openssl';
		var cabundlespath = n.cabundlespath \|\| '/etc/ssl';
		let scantarget = n.host;
		let opensslpath = n.opensslpath \|\| '/usr/bin/openssl';
		let cabundlespath = n.cabundlespath \|\| '/etc/ssl';

		var node = this;
		let node = this;

		this.on("input",function(msg) {
		var host = scantarget \|\| msg.host;
		var openssl = opensslpath \|\| msg.opensslpath;
		var cabundles = cabundlespath \|\| msg.cabundlespath;
		var scanID = msg._msgid;
		var env = Object.create( process.env );
		let host = scantarget \|\| msg.host;
		let openssl = opensslpath \|\| msg.opensslpath;
		let capath = cabundlespath \|\| msg.cabundlespath;
		let scanID = msg._msgid;
		let env = Object.create( process.env );

		// setting openssl path
		if (openssl != undefined && openssl != "") {
		console.log("[testssl][" + scanID + "] - using openssl executable: " + openssl);
		node.log(`[testssl][${scanID}] - using openssl executable: ${openssl}`);
		openssl = '--openssl=' + openssl;
		@@ -35,5 +36,5 @@ }
		// setting ca-bundles path
		if (cabundles != undefined && cabundles != "") {
		console.log("[testssl][" + scanID + "] - using ca bundles path: " + cabundles);
		env.CA_BUNDLES_PATH = cabundles;
		if (capath != undefined && capath != "") {
		node.log(`[testssl][${scanID}] - using ca bundles path: ${capath}`);
		env.CA_BUNDLES_PATH = capath;
		}
		@@ -46,6 +47,6 @@
		}
		var tmpHost = '';
		var tmpPort = 443;
		var tmp1 = host.match(/^[A-Za-z0-9\x2E\x2D]*$/); // check for host only
		var tmp2 = host.match(/^([^\x3A]*)\x3A([0-9]{1,5})$/); // check for host + port
		let tmpHost = '';
		let tmpPort = 443;
		let tmp1 = host.match(/^[A-Za-z0-9\x2E\x2D]*$/); // check for host only
		let tmp2 = host.match(/^([^\x3A]*)\x3A([0-9]{1,5})$/); // check for host + port
		if (tmp1 instanceof Array && tmp1.length === 1)
		@@ -62,3 +63,3 @@ {
		{
		node.status({fill:"red",shape:"dot",text:'invalid data given'});
		node.status({fill:"red",shape:"dot",text:"invalid data given"});
		msg.payload = "you provided invalid data";
		@@ -72,3 +73,3 @@ node.send(msg);
		{
		node.status({fill:"red",shape:"dot",text:'not a valid port'});
		node.status({fill:"red",shape:"dot",text:"not a valid port"});
		msg.payload = "this is not a valid port";
		@@ -90,24 +91,30 @@ node.send(msg);
		node.send(msg);
		console.log("[testssl][" + scanID + "] - scanning " + tmpHost + " via " + IPsToScan.join() + " on port " + tmpPort);
		node.log(`[testssl][${scanID}] - scanning ${tmpHost} via ${IPsToScan.join()} on port ${tmpPort}`);

		var timeBefore = moment();
		let timeBefore = moment();

		IPsToScan.forEach(function(singleAddrToScan, index, arr){
		IPsToScan.forEach((singleAddrToScan, index, arr) => {

		var output = "";
		var HTML = "";
		var error = "";
		var timeout = false;
		let output = "";
		let HTML = "";
		let error = "";
		let timeout = false;
		let hash = crypto.createHash('sha256').update(`${scanID}${tmpHost}${tmpPort}`);
		let jsonfile = '/tmp/' + hash.digest('hex');

		var run = spawn('./testssl.sh',
		let run = spawn('./testssl.sh',
		[
		openssl,
		'-f',
		'-p',
		'-S',
		'-P',
		'-U',
		'-E',
		'-s',
		'--protocols',
		'--server-defaults',
		'--server-preference',
		'--headers',
		'--vulnerable',
		'--cipher-per-proto',
		'--pfs',
		'--rc4',
		'--ip',
		'--nodns',
		'--jsonfile',
		jsonfile,
		singleAddrToScan,
		@@ -123,5 +130,5 @@ tmpHost + ':' + tmpPort
		// timeout for scan of 10 minutes
		var timeout = setTimeout(function(){
		let timeout = setTimeout(function(){
		if (run != null) {
		console.log("[testssl][" + scanID + "][" + index + "] - timeout of scan");
		node.log(`[testssl][${scanID}][${index}] - timeout of scan`);
		node.status({fill:"red",shape:"dot",text:"timeout during scan"});
		@@ -135,3 +142,3 @@ timeout = true;
		// interval to inform user of ongoing activity
		var interval = setInterval(function(){
		let interval = setInterval(() => {
		if (run != null) {
		@@ -143,3 +150,3 @@ msg.payload = "scan is still running (" + moment().diff(timeBefore, 'seconds') + " seconds) for " + singleAddrToScan + ":" + tmpPort;

		run.stdout.on('data', function (data) {
		run.stdout.on('data', (data) => {
		HTML+=data.toString('hex');
		@@ -149,8 +156,8 @@ output+=data.toString();

		run.stderr.on('data', function (data) {
		run.stderr.on('data', (data) => {
		error+=data.toString();
		});

		run.on('close', function(){
		console.log("[testssl][" + scanID + "][" + index + "] - scan finished for " + singleAddrToScan + ":" + tmpPort);
		run.on('close', () => {
		node.log(`[testssl][${scanID}][${index}] - scan finished for ${singleAddrToScan}:${tmpPort}`);
		run = null;
		@@ -160,3 +167,3 @@ clearTimeout(timeout);
		if (error != "") {
		node.status({fill:"red",shape:"dot",text:'error during scan'});
		node.status({fill:"red",shape:"dot",text:"error during scan"});
		msg.payload = error.toString().trim().replace(/\[[^m]*m/g,'');
		@@ -166,7 +173,14 @@ node.send(msg);
		else {
		var timeAfter = moment();
		var outputHTML = aha(new Buffer(HTML, 'hex'));
		var payload = {
		let timeAfter = moment();
		let outputHTML = aha(new Buffer(HTML, 'hex'));
		try {
		jsonfile = fs.readFileSync(jsonfile).toString();
		}
		catch (e) {
		node.error(`[testssl][${scanID}][${index}] - ${e}`);
		}
		let payload = {
		text: output,
		html: outputHTML,
		json: jsonfile,
		timeout: timeout,
		@@ -190,5 +204,4 @@ host: singleAddrToScan,

		const GetMyTarget = function(tmpHost, cb)
		{
		var IPsToScan = [];
		const GetMyTarget = (tmpHost, cb) => {
		let IPsToScan = [];
		if (validator.isIP(tmpHost, '4') === true)
		@@ -201,3 +214,3 @@ {
		{
		dns.resolve(tmpHost, function(err, addresses){
		dns.resolve(tmpHost, (err, addresses) => {
		if (err) {
		@@ -204,0 +217,0 @@ cb("Error resolving host: " + err.message);

testssl/testssl.html

Sorry, the diff of this file is not supported yet

Improved metrics