• Stars
    star
    108
  • Rank 321,259 (Top 7 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created about 8 years ago
  • Updated about 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Make TLS/SSL security mass scans with testssl.sh and import results into ElasticSearch

Mass Scan Tools for testssl.sh

Script collection for generating testssl.sh command lines that can be executed sequentially or in parallel with tools like GNU Parallel and importing the results into a structured document in ElasticSearch for further analysis.

This is how the scan result of a service appears in Kibana:

testssl.sh scan result viewed in Kibana

Create vulnerability lists:

Vulnerability list

Visualize vulnerability distribution:

Vulnerability counts

...or create vulnerability expiration graphs:

Vulnerability expiration graph

Dependencies

  • testssl.sh 2.9dev branch or later version
  • Python 3 with following modules:
    • elasticsearch_dsl
    • tzlocal

Usage

  1. Install dependencies (see above)
  2. Create input file with one host:port pair per line.
  3. Run generate_scan_file.py inputfile > cmdfile to generate file with testssl.sh command lines.
  4. Run parallel < cmdfile to perform testssl.sh scans.
  5. Run import_testssl.sh_csv_to_ES.py *.csv to import scan results into ElasticSearch.
  6. View/Analyze data with Kibana or the tool of your choice.
  7. Fix your TLS configurations :)

Useful Command Lines

List all vulnerabilities in "host;port;vulnerabilities" CSV format:

curl -qsk 'localhost:9200/testssl-*/_search?q=_exists_:vulnerabilities&size=10000' | jq -r '.hits.hits[]._source | [ .ip, ( .port | tostring ), ( .vulnerabilities | join(", ") ) ] | join(";")'

...and add ciphertests field:

curl -qsk 'localhost:9200/testssl-*/_search?q=_exists_:(vulnerabilities+ciphertests)&size=10000' | jq -r '.hits.hits[]._source | [ .ip, ( .port | tostring ), ( .vulnerabilities | if . == null then "" else (. | join(", ") ) end ), ( .ciphertests | if . == null then "" else (. | join(", ") ) end ) ] | join(";")