Changes for release v1.2

Author: NetBender

Analyzer/checkServer.sh

@@ -13,21 +13,8 @@ function s_echo {
     echo "[$callingFunction] $1"
 }
 
-function extended_master_checker {
-    version="0.1" #version
-    extended_master_folder=$tools/TLS_Extended_Master_Checker #location (folder)
-
-    cd "$extended_master_folder"
-    s_echo "version: $version"
-    s_echo "Analyzing..."
-    $python TLS_Extended_Master_Checker.py $1 $2 | aha -t ${FUNCNAME[0]} > $report/extended_master_report.html
-    s_echo "Report generated successfully!"
-    echo
-    cd $root_folder
-}
-
 function testssl.sh {
-    version="3.0" #version
+    version="3.0.2" #version
     testssl_folder=$tools/testssl.sh-$version #location (folder)
 
     re_url='^(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?$'
@@ -55,31 +42,35 @@ function tlsfuzzer { #SLOTH checker
     s_echo "version: $version"
     s_echo "Analyzing..."
     PYTHONPATH=. $python $sloth_checker/scripts/test-certificate-verify.py -h $1 -p $2 -k $cert_location/localuser.key -c $cert_location/localuser.crt | aha -t ${FUNCNAME[0]} > $report/tlsfuzzer_report.html
+    PYTHONPATH=. $python $sloth_checker/scripts/test-sig-algs.py -h $1 -p $2 | aha -t ${FUNCNAME[0]} > $report/tlsfuzzer_report_sigs.html
+    PYTHONPATH=. $python $sloth_checker/scripts/test-clienthello-md5.py -h $1 -p $2 | aha -t ${FUNCNAME[0]} > $report/tlsfuzzer_report_clienthello.html
+    PYTHONPATH=. $python $sloth_checker/scripts/test-tls13-pkcs-signature.py -h $1 -p $2 | aha -t ${FUNCNAME[0]} > $report/tlsfuzzer_report_tls13sigs.html
     s_echo "Report generated successfully!"
     echo
     cd $root_folder
 }
 
 function assistant {
+    version="1.2" #version
+    s_echo "version: $version"
+    s_echo "Analyzing..."
+
     host=$1
     re_url='^(http:\/\/www\.|https:\/\/www\.|http:\/\/|https:\/\/)?[a-z0-9]+([-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?$'
+    touch $report/assistant.txt
 
     #--------webserver detection 
-    curl -s --head http://$host | grep "Server" >> $report/assistant.txt 
+    curl -s --head https://$host | grep "Server" >> $report/assistant.txt
 
     if [[ $host =~ $re_url ]]; then #if the target is provided via hostname, do the HTTPS-related checks
 
-        touch $report/assistant.txt
-        google_hsts=$(curl -s https://cs.chromium.org/codesearch/f/chromium/src/net/http/transport_security_state_static.json)
         mozilla_hsts=$(curl -s https://hg.mozilla.org/mozilla-central/raw-file/tip/security/manager/ssl/nsSTSPreloadList.inc)
 
         #--------HTTP available
-        http_status=$(curl --write-out %{http_code} --silent --output /dev/null $1)
-        if [[ "$http_status" == 2* ]]; then #if the server answers with a HTTP success code (e.g. 200)
+        if curl -s --head  --request GET http://$1 | grep "HTTP/1.1 2" > /dev/null; then 
             echo "HTTP available">> $report/assistant.txt
         fi
 
-
         #--------HTTPS enforcing
         if curl -s --head http://$host | grep -i -q "moved permanently"; then #condition 1
             if curl -s --head http://$host | grep -i -q "location: https"; then #condition 2
@@ -104,19 +95,15 @@ function assistant {
             host=$(expr match "$host" '.*\.\(.*\..*\)') #to retrieve the main domain
         fi
 
-        if echo $google_hsts | grep -i -q $host; then #present in Google's list
+        if echo $mozilla_hsts | grep -i -q $host; then #present in Mozilla's list
             echo "HSTS preloaded">> $report/assistant.txt
         else
-            if echo $mozilla_hsts | grep -i -q $host; then #present in Mozilla's list
-                echo "HSTS preloaded">> $report/assistant.txt
-            else
-                echo "HSTS not preloaded">> $report/assistant.txt
-            fi
+            echo "HSTS not preloaded">> $report/assistant.txt
         fi
-
     else
         echo "IP address provided, skipping HTTPS-related checks"
     fi
+    s_echo "Report generated successfully!"
 }
 
 #cleanup
@@ -137,7 +124,6 @@ echo "Target: $server:$port"
 echo
 
 #scripts call
-extended_master_checker $server $port #checks for 3SHAKE
 testssl.sh $server $port #checks for TLS vulnerabilities
 tlsfuzzer $server $port #checks for SLOTH
 assistant $server #checks for HTTPS enforcing and HSTS

Dockerfile

@@ -9,11 +9,11 @@ RUN apt-get update && apt-get install -y git bsdmainutils dnsutils
 
 RUN git clone --depth=1 https://github.com/stfbk/tlsassistant.git
 
+RUN sed -i 's=~/.local/bin/virtualenv=/usr/local/bin/virtualenv=gI' tlsassistant/INSTALL.sh
 RUN sed -i 's/sudo //gI' tlsassistant/INSTALL.sh
-RUN sed -i 's/~/\//gI' tlsassistant/INSTALL.sh
 
 RUN chmod +x tlsassistant/INSTALL.sh
-RUN tlsassistant/INSTALL.sh
+RUN ["/bin/bash", "-c", "bash < <(tlsassistant/INSTALL.sh)"]
 
 RUN chmod +x tlsassistant/TLSAssistant.sh
 ENTRYPOINT ["tlsassistant/TLSAssistant.sh"]

Evaluator/Mitigations/simulateReport.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+root_folder="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+
+if [[ ! -d $root_folder/../../../python_dep ]]; then #if the INSTALLER has never been called
+    echo "Run INSTALL.sh to setup the environment first"
+    exit 1
+fi
+exporter=$root_folder/exporter.py
+mkdir -p $root_folder/../STIX
+IFS='"' #internal field separator - used to escape the double quotes
+
+#report content
+vuln_name=""
+vuln_description=""
+mitigation_description=""
+snippet_apache=""
+snippet_nginx=""
+
+# python wrapping (modules and lists)
+echo "# encoding=utf8" >> $exporter
+echo "from stix2 import CourseOfAction" >> $exporter
+echo "from stix2 import Vulnerability " >> $exporter
+echo "from stix2 import Relationship" >> $exporter
+echo "from stix2 import Bundle" >> $exporter
+echo "coa=[]" >> $exporter
+echo "vuln=[]" >> $exporter
+echo "mitigates=[]" >> $exporter
+
+for entry in $root_folder/../*.xml #for each available entry
+do
+    # values extraction
+    vuln_name=$(xmllint --xpath "/Entry/Name/text()" $entry 2>&1)
+    vuln_description=$(xmllint --xpath "/Entry/Description/text()" $entry 2>&1)
+    mitigation_description=$(xmllint --xpath "/Entry/Mitigation/Textual/text()" $entry 2>&1)
+    snippet_apache=$(xmllint --xpath "/Entry/Mitigation/Snippet/apache/text()" $entry 2>&1)
+    snippet_nginx=$(xmllint --xpath "/Entry/Mitigation/Snippet/nginx/text()" $entry 2>&1)
+
+    #values formatting (removing the newline control character)
+    vuln_name=$(echo $vuln_name|tr -d '\n')
+    vuln_description=$(echo $vuln_description|tr -d '\n')
+    mitigation_description=$(echo $mitigation_description|tr -d '\n')
+    snippet_apache=$(echo $snippet_apache|tr -d '\n')
+    snippet_nginx=$(echo $snippet_nginx|tr -d '\n')
+    coa_name=$(echo $vuln_name"_coa")
+
+    # double quotes escaping
+    read -ra ADDR <<< "$snippet_apache" # split the content using IFS as separator
+    snippet_apache=""
+    for i in "${ADDR[@]}"; do # for each fragment
+        snippet_apache="$snippet_apache $i'" #rebuild the variable adding proper double quoting escaping
+    done
+
+    read -ra ADDR <<< "$snippet_nginx"
+    snippet_nginx=""
+    for i in "${ADDR[@]}"; do 
+        snippet_nginx="$snippet_nginx $i'"
+    done
+
+    # python wrapping (structures creation)
+    echo "coa.append(CourseOfAction(type=\"course-of-action\",name=\"$coa_name\",description=\"$mitigation_description\",x_actions=[{\"mitigation_apache\":\"${snippet_apache::-1}\",\"mitigation_nginx\":\"${snippet_nginx::-1}\"}], allow_custom=True))" >> $exporter #::-1 because the last character is an extra '
+    echo "vuln.append(Vulnerability(type=\"vulnerability\",name=\"$vuln_name\",description=\"$vuln_description\"))" >> $exporter
+    echo "mitigates.append(Relationship(coa[-1], 'mitigates', vuln[-1]))" >> $exporter
+
+done
+
+# python wrapping (json generation)
+echo "for i in range(0, len(coa)):" >> $exporter
+echo "    bundle = Bundle(coa[i], mitigates[i], vuln[i])" >> $exporter
+echo "    filename=\"$root_folder/../STIX/\"+vuln[i]['name']+\".json\"" >> $exporter
+echo "    f = open(filename, \"w\")" >> $exporter
+echo "    f.write(str(bundle)+\"\n\")" >> $exporter
+echo "    f.close()" >> $exporter
+
+$root_folder/../../../python_dep/bin/python $exporter
+rm $exporter

Evaluator/Mitigations/utils/exportSTIX.sh

@@ -0,0 +1,59 @@
+#!/bin/bash 
+if [[ $# -lt 1 ]] ; then #if help requested (or not enough parameters)
+    echo "Usage: \"bash simulateReport.sh <vulnerability>.xml\""
+    exit
+fi
+
+report=${1##*/} #remove the path value
+report=${report%.*} #remove the extension
+report="$report.md"
+
+#~ Name
+printf "## " >> $report
+xmllint --xpath "/Entry/Name/text()" $1 >> $report
+printf "\n\n" >> $report
+
+#~ ExtendedName
+printf "Extended name: " >> $report
+xmllint --xpath "/Entry/ExtendedName/text()" $1 >> $report
+printf "\n\n" >> $report
+
+#~ Description
+xmllint --xpath "/Entry/Description/text()" $1 >> $report
+printf "\n\n" >> $report
+
+#~ CVE
+printf "CVE: " >> $report
+xmllint --xpath "/Entry/CVE/text()" $1 >> $report
+printf "\n\n" >> $report
+
+#~ CVSS
+printf "CVSSv" >> $report
+vuln_cvss=$(xmllint --xpath "/Entry/CVSS3/text()" $1 2>&1)
+if [ "$vuln_cvss" = "XPath set is empty" ]; then #if CVSSv3 score is not available
+    vuln_cvss=$(xmllint --xpath "/Entry/CVSS2/text()" $1 2>&1)
+    printf "2 score:" >> $report
+else
+    printf "3 score:" >> $report
+fi
+printf $vuln_cvss >> $report
+printf "\n\n" >> $report
+
+#~ Mitigation
+#~ Textual
+printf "#### Mitigation\n" >> $report
+xmllint --xpath "/Entry/Mitigation/Textual/text()" $1 >> $report
+printf "\n\n" >> $report
+
+#~ Snippet
+#~ Apache
+printf "##### APACHE\n" >> $report
+xmllint --xpath "/Entry/Mitigation/Snippet/apache/text()" $1 >> $report
+printf "\n\n" >> $report
+
+#~ Nginx
+printf "##### NGINX\n" >> $report
+xmllint --xpath "/Entry/Mitigation/Snippet/nginx/text()" $1 >> $report
+printf "\n\n" >> $report
+
+echo -e "Report saved in $(pwd)"