Skip to content

Commit

Permalink
Updated to v1.3
Browse files Browse the repository at this point in the history 
Updated to v1.3. Changed all SSLv3 to YELLOW because Poodle. Removed the
"Working..." text because it messes with stdout and that makes it more
difficult for other programs to parse the output of this program if you
want to use this program in an automated fashion. Added a NoSchannel
argument, which bypasses the certificate and SChannel stuff and gets
straight to the cipher scanning.
  • Loading branch information
@ryanries
ryanries committed Nov 4, 2014
1 parent fc60a5b commit 521fb9a
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 66 deletions.
100 changes: 36 additions & 64 deletions SharpTLSScan/Program.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using System.Runtime.InteropServices;
using System.IO;

namespace SharpTLSScan
Expand All @@ -26,47 +27,43 @@ class Program
{
private static string productName = Assembly.GetExecutingAssembly().GetName().Name;
private static string productVersion = FileVersionInfo.GetVersionInfo(Assembly.GetExecutingAssembly().Location).FileVersion.Split('.')[0] +
"." + FileVersionInfo.GetVersionInfo(Assembly.GetExecutingAssembly().Location).FileVersion.Split('.')[1];
"." + FileVersionInfo.GetVersionInfo(Assembly.GetExecutingAssembly().Location).FileVersion.Split('.')[1];

static void Main(string[] args)
{
byte[] clientRandom = new byte[28];
bool bypassSchannel = false;

#region Argument validation, DNS resolution, and TCP connectivity
UInt16 portNum = 443;
string hostName = string.Empty;

Regex hostnameRegex = new Regex(@"^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$", RegexOptions.IgnoreCase);

if (args.Length != 1)
{
PrintHelpMessage();
return;
}
if (args.Length != 1 & args.Length != 2)
PrintHelpMessageAndExit();

hostName = args[0].Split(':')[0];

if (!hostnameRegex.IsMatch(hostName))
{
PrintHelpMessage();
return;
}
if (!hostnameRegex.IsMatch(hostName))
PrintHelpMessageAndExit();

if (args[0].Contains(':'))
{
if (!UInt16.TryParse(args[0].Split(':')[1], out portNum))
{
PrintHelpMessage();
return;
}
}
if (args[0].Contains(':'))
if (!UInt16.TryParse(args[0].Split(':')[1], out portNum))
PrintHelpMessageAndExit();

if (!BitConverter.IsLittleEndian)
{
Console.WriteLine("Sorry! This program doesn't work on big endian systems!");
return;
}

if (args.Length == 2)
if (args[1].Equals("NoSchannel", StringComparison.OrdinalIgnoreCase))
bypassSchannel = true;
else
PrintHelpMessageAndExit();

Console.WriteLine("Scanning " + hostName + " on port " + portNum + "...");

IPHostEntry ipHostEntry;
Expand All @@ -88,10 +85,8 @@ static void Main(string[] args)

try
{
using (TcpClient tcpClient = new TcpClient(hostName, portNum))
{
Console.WriteLine(hostName + " responds to TCP on " + portNum + ".\n");
}
using (TcpClient tcpClient = new TcpClient(hostName, portNum))
Console.WriteLine(hostName + " responds to TCP on " + portNum + ".\n");
}
catch (Exception ex)
{
Expand All @@ -106,6 +101,7 @@ static void Main(string[] args)
// but it will fail if you've turned off support of all the protocols/ciphers that the server supports and therefore
// the SChannel SSP cannot negotiate a connection.
#region SChannel Negotiation
if (!bypassSchannel)
try
{
using (TcpClient tcpClient = new TcpClient(hostName, portNum))
Expand Down Expand Up @@ -143,9 +139,7 @@ static void Main(string[] args)
List<string> sslv30CipherSuitesSupported = new List<string>();
List<string> tlsv10CipherSuitesSupported = new List<string>();
List<string> tlsv11CipherSuitesSupported = new List<string>();
List<string> tlsv12CipherSuitesSupported = new List<string>();

Console.Write("Working...");
List<string> tlsv12CipherSuitesSupported = new List<string>();

// With SSLv2, only one request to the server is necessary, because the server
// gives all supported cipher suites in the first ServerHello. SSLv2 is not secure, so all SSLv2 support is hilighted in RED.
Expand Down Expand Up @@ -241,22 +235,11 @@ static void Main(string[] args)
}
#endregion

try
{
Console.SetCursorPosition(0, Console.CursorTop);
}
catch
{
// SetCursorPosition will throw exception if the user redirects standard output!
Console.WriteLine();
}

Console.ForegroundColor = ConsoleColor.Red;
foreach (string line in sslv20CipherSuitesSupported)
Console.WriteLine(line);

Console.ResetColor();
Console.Write("Working...");
Console.ResetColor();

// Parallel powers, ACTIVATE
#region SSLv3,TLSv1.0-1.2
Expand Down Expand Up @@ -360,32 +343,16 @@ static void Main(string[] args)
{

}
}
Console.Write(".");
}
});
#endregion

try
{
Console.SetCursorPosition(0, Console.CursorTop);
}
catch
{
// SetCursorPosition will throw exception if user redirects standard output!
Console.WriteLine();
}

// Changing all SLLv3 to YELLOW because of Poodle
Console.ForegroundColor = ConsoleColor.Yellow;
foreach (string line in sslv30CipherSuitesSupported)
{
if (line.ToLower().Contains("md5") | line.ToLower().Contains("rc4"))
{
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine(line);
Console.ResetColor();
}
else
Console.WriteLine(line);
}
Console.WriteLine(line);

Console.ResetColor();

foreach (string line in tlsv10CipherSuitesSupported)
{
Expand Down Expand Up @@ -426,10 +393,10 @@ static void Main(string[] args)
Console.ResetColor();
}

static void PrintHelpMessage()
static void PrintHelpMessageAndExit()
{
Console.WriteLine("\n" + productName + " " + productVersion + " 2014 by Joseph Ryan Ries\n");
Console.WriteLine("Usage: C:\\>SharpTLSScan myhost.domain.com[:7000]\n");
Console.WriteLine("\n" + productName + " " + productVersion + " 2014 by Joseph Ryan Ries | myotherpcisacloud.com\n");
Console.WriteLine("Usage: C:\\>SharpTLSScan myhost.domain.com[:7000] [NoSchannel]\n");
Console.WriteLine("SSL and TLS diagnostics on myhost.domain.com on port 7000.\n");
Console.WriteLine("If no port number is given, a default of 443 is used.\n");
Console.Write("Good things (such as a valid certificate) are highlighted in ");
Expand All @@ -443,7 +410,10 @@ static void PrintHelpMessage()
Console.Write("OK but not great things (such as MD5 hashes) are highlighted in ");
Console.ForegroundColor = ConsoleColor.Yellow;
Console.WriteLine("YELLOW.\n");
Console.ResetColor();
Console.ResetColor();
Console.WriteLine("The NoSchannel parameter is optional, and if you specify it,");
Console.WriteLine("an Schannel-based connection will not be attempted.\n");
Environment.Exit(1);
}

private static bool CertificateValidationCallBack(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
Expand Down Expand Up @@ -546,6 +516,8 @@ private static string[] splitDN(string input)
}
}



enum ProtocolVersion : ushort
{
SSLv20 = 0x0002,
Expand Down
4 changes: 2 additions & 2 deletions SharpTLSScan/Properties/AssemblyInfo.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,5 +32,5 @@
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.2.0.0")]
[assembly: AssemblyFileVersion("1.2.0.0")]
[assembly: AssemblyVersion("1.3.0.0")]
[assembly: AssemblyFileVersion("1.3.0.0")]

0 comments on commit 521fb9a

Please sign in to comment.