Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cipher enum bug fixes and improvements #168

Merged
merged 3 commits into from
Jan 25, 2023
Merged

cipher enum bug fixes and improvements #168

merged 3 commits into from
Jan 25, 2023

Conversation

tarunKoyalwar
Copy link
Member

Proposed Changes

  • TLS Version enumeration is enabled internally when using -cipher-enum flag
  • Print Cipher Enum results in standard CLI mode (Only shown in JSON output now)
  • Bug fix Missing OpenSSL ciphers in auto mode
  • Cipher Enum Optimization
    • Skip cipher enumeration in ctls mode when version is TLS 1.3 which caused false positives
    • Adds EnumMode and skip unsupported ciphers by client in Enum Mode

closes #167 #164

@tarunKoyalwar tarunKoyalwar self-assigned this Jan 24, 2023
@tarunKoyalwar
Copy link
Member Author

Screenshot 2023-01-24 at 4 36 16 PM

@tarunKoyalwar
Copy link
Member Author

Optimization

Before

$ cmdutil ./tlsx -u scanme.sh -ve -ce -v 
  

  _____ _    _____  __
 |_   _| |  / __\ \/ /
   | | | |__\__ \>  < 
   |_| |____|___/_/\_\	v1.0.4

		projectdiscovery.io

[INF] Processing input scanme.sh:443
[openssl] does not support SSL_FORTEZZA_KEA_WITH_NULL_SHA cipher. skipping..
...
scanme.sh:443 [tls13,tls10,tls11,tls12]
[INF] Connections made using crypto/tls: 42, zcrypto/tls: 9, openssl: 1347

------------------------------
Command: ./tlsx -u scanme.sh -ve -ce -v
Max RSS: 37 MB
Sys Time: 904.162µs
User Time: 571.226µs
Actual Time: 11m54.194393083s
Voluntary Context Switch (nvcsw): 10902

After

$ cmdutil  ./tlsx -u scanme.sh -ce -v 
  

  _____ _    _____  __
 |_   _| |  / __\ \/ /
   | | | |__\__ \>  < 
   |_| |____|___/_/\_\	v1.0.4

		projectdiscovery.io

[INF] Processing input scanme.sh:443
scanme.sh:443 [tls13] [ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA]
scanme.sh:443 [tls12] [TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_FALLBACK_SCSV,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_ARIA_128_GCM_SHA256,ECDHE-ECDSA-CHACHA20-POLY1305,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA]
scanme.sh:443 [tls10] [TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA]
scanme.sh:443 [tls11] [TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-ECDSA-AES128-SHA]
[INF] Connections made using crypto/tls: 14, zcrypto/tls: 10, openssl: 11

------------------------------
Command: ./tlsx -u scanme.sh -ce -v
Max RSS: 36 MB
Sys Time: 910.905µs
User Time: 808.048µs
Actual Time: 3m53.450157083s
Voluntary Context Switch (nvcsw): 1417

This was linked to issues Jan 24, 2023
enable tls version enum internally when using -cipher-enum flag #164
Closed
cipher enum bug fixes and improvements #167
Closed
Mzack9999
Mzack9999 requested changes Jan 24, 2023
View reviewed changes
go.mod Outdated Show resolved Hide resolved
pkg/tlsx/openssl/openssl.go Show resolved Hide resolved
@sonarcloud
Copy link

sonarcloud bot commented Jan 24, 2023

SonarCloud Quality Gate failed.    Quality Gate failed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

18.0% 18.0% Coverage
11.1% 11.1% Duplication

@ehsandeep ehsandeep merged commit 2fbdce2 into dev Jan 25, 2023
@ehsandeep ehsandeep deleted the issue-44-cipher-enum branch January 25, 2023 10:13
@noraj noraj mentioned this pull request Jan 28, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cipher enum bug fixes and improvements enable tls version enum internally when using -cipher-enum flag
3 participants
@tarunKoyalwar @ehsandeep @Mzack9999