node-red-contrib-testssl
Advanced tools
Comparing version 1.6.2 to 1.7.0
@@ -27,3 +27,3 @@ { | ||
"homepage": "https://github.com/mailsvb/node-red-contrib-testssl#readme", | ||
"version": "1.6.2" | ||
"version": "1.7.0" | ||
} |
@@ -6,2 +6,3 @@ module.exports = function(RED) { | ||
const aha = require('aha'); | ||
const crypto = require('crypto'); | ||
const moment = require('moment'); | ||
@@ -14,18 +15,18 @@ const validator = require("validator"); | ||
RED.nodes.createNode(this,n); | ||
var scantarget = n.host; | ||
var opensslpath = n.opensslpath || '/usr/bin/openssl'; | ||
var cabundlespath = n.cabundlespath || '/etc/ssl'; | ||
let scantarget = n.host; | ||
let opensslpath = n.opensslpath || '/usr/bin/openssl'; | ||
let cabundlespath = n.cabundlespath || '/etc/ssl'; | ||
var node = this; | ||
let node = this; | ||
this.on("input",function(msg) { | ||
var host = scantarget || msg.host; | ||
var openssl = opensslpath || msg.opensslpath; | ||
var cabundles = cabundlespath || msg.cabundlespath; | ||
var scanID = msg._msgid; | ||
var env = Object.create( process.env ); | ||
let host = scantarget || msg.host; | ||
let openssl = opensslpath || msg.opensslpath; | ||
let capath = cabundlespath || msg.cabundlespath; | ||
let scanID = msg._msgid; | ||
let env = Object.create( process.env ); | ||
// setting openssl path | ||
if (openssl != undefined && openssl != "") { | ||
console.log("[testssl][" + scanID + "] - using openssl executable: " + openssl); | ||
node.log(`[testssl][${scanID}] - using openssl executable: ${openssl}`); | ||
openssl = '--openssl=' + openssl; | ||
@@ -35,5 +36,5 @@ } | ||
// setting ca-bundles path | ||
if (cabundles != undefined && cabundles != "") { | ||
console.log("[testssl][" + scanID + "] - using ca bundles path: " + cabundles); | ||
env.CA_BUNDLES_PATH = cabundles; | ||
if (capath != undefined && capath != "") { | ||
node.log(`[testssl][${scanID}] - using ca bundles path: ${capath}`); | ||
env.CA_BUNDLES_PATH = capath; | ||
} | ||
@@ -46,6 +47,6 @@ | ||
} | ||
var tmpHost = ''; | ||
var tmpPort = 443; | ||
var tmp1 = host.match(/^[A-Za-z0-9\x2E\x2D]*$/); // check for host only | ||
var tmp2 = host.match(/^([^\x3A]*)\x3A([0-9]{1,5})$/); // check for host + port | ||
let tmpHost = ''; | ||
let tmpPort = 443; | ||
let tmp1 = host.match(/^[A-Za-z0-9\x2E\x2D]*$/); // check for host only | ||
let tmp2 = host.match(/^([^\x3A]*)\x3A([0-9]{1,5})$/); // check for host + port | ||
if (tmp1 instanceof Array && tmp1.length === 1) | ||
@@ -62,3 +63,3 @@ { | ||
{ | ||
node.status({fill:"red",shape:"dot",text:'invalid data given'}); | ||
node.status({fill:"red",shape:"dot",text:"invalid data given"}); | ||
msg.payload = "you provided invalid data"; | ||
@@ -72,3 +73,3 @@ node.send(msg); | ||
{ | ||
node.status({fill:"red",shape:"dot",text:'not a valid port'}); | ||
node.status({fill:"red",shape:"dot",text:"not a valid port"}); | ||
msg.payload = "this is not a valid port"; | ||
@@ -90,24 +91,30 @@ node.send(msg); | ||
node.send(msg); | ||
console.log("[testssl][" + scanID + "] - scanning " + tmpHost + " via " + IPsToScan.join() + " on port " + tmpPort); | ||
node.log(`[testssl][${scanID}] - scanning ${tmpHost} via ${IPsToScan.join()} on port ${tmpPort}`); | ||
var timeBefore = moment(); | ||
let timeBefore = moment(); | ||
IPsToScan.forEach(function(singleAddrToScan, index, arr){ | ||
IPsToScan.forEach((singleAddrToScan, index, arr) => { | ||
var output = ""; | ||
var HTML = ""; | ||
var error = ""; | ||
var timeout = false; | ||
let output = ""; | ||
let HTML = ""; | ||
let error = ""; | ||
let timeout = false; | ||
let hash = crypto.createHash('sha256').update(`${scanID}${tmpHost}${tmpPort}`); | ||
let jsonfile = '/tmp/' + hash.digest('hex'); | ||
var run = spawn('./testssl.sh', | ||
let run = spawn('./testssl.sh', | ||
[ | ||
openssl, | ||
'-f', | ||
'-p', | ||
'-S', | ||
'-P', | ||
'-U', | ||
'-E', | ||
'-s', | ||
'--protocols', | ||
'--server-defaults', | ||
'--server-preference', | ||
'--headers', | ||
'--vulnerable', | ||
'--cipher-per-proto', | ||
'--pfs', | ||
'--rc4', | ||
'--ip', | ||
'--nodns', | ||
'--jsonfile', | ||
jsonfile, | ||
singleAddrToScan, | ||
@@ -123,5 +130,5 @@ tmpHost + ':' + tmpPort | ||
// timeout for scan of 10 minutes | ||
var timeout = setTimeout(function(){ | ||
let timeout = setTimeout(function(){ | ||
if (run != null) { | ||
console.log("[testssl][" + scanID + "][" + index + "] - timeout of scan"); | ||
node.log(`[testssl][${scanID}][${index}] - timeout of scan`); | ||
node.status({fill:"red",shape:"dot",text:"timeout during scan"}); | ||
@@ -135,3 +142,3 @@ timeout = true; | ||
// interval to inform user of ongoing activity | ||
var interval = setInterval(function(){ | ||
let interval = setInterval(() => { | ||
if (run != null) { | ||
@@ -143,3 +150,3 @@ msg.payload = "scan is still running (" + moment().diff(timeBefore, 'seconds') + " seconds) for " + singleAddrToScan + ":" + tmpPort; | ||
run.stdout.on('data', function (data) { | ||
run.stdout.on('data', (data) => { | ||
HTML+=data.toString('hex'); | ||
@@ -149,8 +156,8 @@ output+=data.toString(); | ||
run.stderr.on('data', function (data) { | ||
run.stderr.on('data', (data) => { | ||
error+=data.toString(); | ||
}); | ||
run.on('close', function(){ | ||
console.log("[testssl][" + scanID + "][" + index + "] - scan finished for " + singleAddrToScan + ":" + tmpPort); | ||
run.on('close', () => { | ||
node.log(`[testssl][${scanID}][${index}] - scan finished for ${singleAddrToScan}:${tmpPort}`); | ||
run = null; | ||
@@ -160,3 +167,3 @@ clearTimeout(timeout); | ||
if (error != "") { | ||
node.status({fill:"red",shape:"dot",text:'error during scan'}); | ||
node.status({fill:"red",shape:"dot",text:"error during scan"}); | ||
msg.payload = error.toString().trim().replace(/\[[^m]*m/g,''); | ||
@@ -166,7 +173,14 @@ node.send(msg); | ||
else { | ||
var timeAfter = moment(); | ||
var outputHTML = aha(new Buffer(HTML, 'hex')); | ||
var payload = { | ||
let timeAfter = moment(); | ||
let outputHTML = aha(new Buffer(HTML, 'hex')); | ||
try { | ||
jsonfile = fs.readFileSync(jsonfile).toString(); | ||
} | ||
catch (e) { | ||
node.error(`[testssl][${scanID}][${index}] - ${e}`); | ||
} | ||
let payload = { | ||
text: output, | ||
html: outputHTML, | ||
json: jsonfile, | ||
timeout: timeout, | ||
@@ -190,5 +204,4 @@ host: singleAddrToScan, | ||
const GetMyTarget = function(tmpHost, cb) | ||
{ | ||
var IPsToScan = []; | ||
const GetMyTarget = (tmpHost, cb) => { | ||
let IPsToScan = []; | ||
if (validator.isIP(tmpHost, '4') === true) | ||
@@ -201,3 +214,3 @@ { | ||
{ | ||
dns.resolve(tmpHost, function(err, addresses){ | ||
dns.resolve(tmpHost, (err, addresses) => { | ||
if (err) { | ||
@@ -204,0 +217,0 @@ cb("Error resolving host: " + err.message); |
Sorry, the diff of this file is not supported yet
16592
250