diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/config/ServerScannerConfig.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/config/ServerScannerConfig.java index 30c6dab88..72c2d7518 100644 --- a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/config/ServerScannerConfig.java +++ b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/config/ServerScannerConfig.java @@ -47,6 +47,12 @@ public class ServerScannerConfig extends TlsScannerConfig { "Add one or more custom CA's by separating them with a comma to verify the corresponding chain of certificates.") private List customCAPathList = null; + @Parameter(names = "-vulns", required = false, description = "Vulnerabilities to look for") + private String vulns = ""; + + @Parameter(names = "-numexe", required = false, description = "Number of rexecutions") + private int numexe = 3; + @Parameter( names = "-configSearchCooldown", required = false, @@ -121,4 +127,20 @@ public boolean isConfigSearchCooldown() { public void setConfigSearchCooldown(boolean configSearchCooldown) { this.configSearchCooldown = configSearchCooldown; } + + public int getNumexe() { + return numexe; + } + + public void setNumexe(int numexe) { + this.numexe = numexe; + } + + public String getVulns() { + return vulns; + } + + public void setVulns(String vulns) { + this.vulns = vulns; + } } diff --git a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/execution/TlsServerScanner.java b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/execution/TlsServerScanner.java index 015ab4865..d62937866 100644 --- a/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/execution/TlsServerScanner.java +++ b/TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/execution/TlsServerScanner.java @@ -116,6 +116,7 @@ public final class TlsServerScanner private final ParallelExecutor parallelExecutor; private final ServerScannerConfig config; private boolean closeAfterFinishParallel; + private final String vulns; public TlsServerScanner(ServerScannerConfig config) { super(config.getExecutorConfig()); @@ -128,6 +129,8 @@ public TlsServerScanner(ServerScannerConfig config) { new NamedThreadFactory(config.getClientDelegate().getHost() + "-Worker")); this.configSelector = new ConfigSelector(config, parallelExecutor); setCallbacks(); + this.vulns = config.getVulns(); + fillProbeLists(); } public TlsServerScanner(ServerScannerConfig config, ParallelExecutor parallelExecutor) { @@ -136,6 +139,7 @@ public TlsServerScanner(ServerScannerConfig config, ParallelExecutor parallelExe this.configSelector = new ConfigSelector(config, parallelExecutor); this.parallelExecutor = parallelExecutor; closeAfterFinishParallel = false; + this.vulns = config.getVulns(); setCallbacks(); } @@ -148,6 +152,7 @@ public TlsServerScanner( this.parallelExecutor = parallelExecutor; this.config = config; this.configSelector = new ConfigSelector(config, parallelExecutor); + this.vulns = config.getVulns(); closeAfterFinishParallel = false; setCallbacks(); } @@ -195,76 +200,235 @@ protected void fillProbeLists() { if (config.getAdditionalRandomnessHandshakes() > 0) { registerProbeForExecution(new RandomnessProbe(configSelector, parallelExecutor)); } - registerProbeForExecution(new AlpnProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new AlpacaProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new CommonBugProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new SniProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new CompressionsProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new NamedGroupsProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new NamedCurvesOrderProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new CertificateProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new ProtocolVersionProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new CipherSuiteProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new DirectRaccoonProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new CipherSuiteOrderProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new ExtensionProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new ECPointFormatProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new ResumptionProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new RenegotiationProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new HeartbleedProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new PaddingOracleProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new BleichenbacherProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new InvalidCurveProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new CcaSupportProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new CcaRequiredProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new SignatureAndHashAlgorithmProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new SignatureHashAlgorithmOrderProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new TlsFallbackScsvProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new Sweet32AfterProbe<>()); - registerProbeForExecution(new FreakAfterProbe<>()); - registerProbeForExecution(new LogjamAfterProbe<>()); - registerProbeForExecution(new ServerRandomnessAfterProbe()); - registerProbeForExecution(new EcPublicKeyAfterProbe<>()); - registerProbeForExecution(new DhValueAfterProbe()); - registerProbeForExecution(new PaddingOracleIdentificationAfterProbe<>()); - registerProbeForExecution(new RaccoonAttackAfterProbe()); - registerProbeForExecution(new CertificateSignatureAndHashAlgorithmAfterProbe()); - // DTLS-specific - registerProbeForExecution(new DtlsReorderingProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new DtlsFragmentationProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new DtlsHelloVerifyRequestProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new DtlsBugsProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new DtlsMessageSequenceProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new DtlsRetransmissionsProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new DtlsApplicationFingerprintProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new DtlsIpAddressInCookieProbe(configSelector, parallelExecutor), false); - registerProbeForExecution(new DtlsRetransmissionAfterProbe<>()); - registerProbeForExecution(new DestinationPortAfterProbe()); - // TLS-specific - registerProbeForExecution(new HelloRetryProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new RecordFragmentationProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new EarlyCcsProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new EsniProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new TokenbindingProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new HttpHeaderProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new HttpFalseStartProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new DrownProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new ConnectionClosingProbe(configSelector, parallelExecutor), false); - registerProbeForExecution(new PoodleAfterProbe()); - registerProbeForExecution(new SessionTicketProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new SessionTicketManipulationProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new SessionTicketPaddingOracleProbe(configSelector, parallelExecutor)); - registerProbeForExecution( - new SessionTicketCollectingProbe(configSelector, parallelExecutor)); - registerProbeForExecution(new SessionTicketAfterProbe(configSelector)); + if (vulns == "") { + addProbeToProbeList(new AlpnProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new AlpacaProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CommonBugProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new SniProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CompressionsProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new NamedGroupsProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new NamedCurvesOrderProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CertificateProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new OcspProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new ProtocolVersionProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CipherSuiteProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new DirectRaccoonProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CipherSuiteOrderProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new ExtensionProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new ECPointFormatProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new ResumptionProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new RenegotiationProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new SessionTicketZeroKeyProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new HeartbleedProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new PaddingOracleProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new BleichenbacherProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new InvalidCurveProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CertificateTransparencyProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CcaSupportProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CcaRequiredProbe(configSelector, parallelExecutor)); + addProbeToProbeList( + new SignatureAndHashAlgorithmProbe(configSelector, parallelExecutor)); + addProbeToProbeList( + new SignatureHashAlgorithmOrderProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new TlsFallbackScsvProbe(configSelector, parallelExecutor)); + afterList.add(new Sweet32AfterProbe<>()); + afterList.add(new FreakAfterProbe<>()); + afterList.add(new LogjamAfterProbe<>()); + afterList.add(new ServerRandomnessAfterProbe()); + afterList.add(new EcPublicKeyAfterProbe<>()); + afterList.add(new DhValueAfterProbe()); + afterList.add(new PaddingOracleIdentificationAfterProbe<>()); + afterList.add(new RaccoonAttackAfterProbe()); + afterList.add(new CertificateSignatureAndHashAlgorithmAfterProbe()); + // DTLS-specific + addProbeToProbeList(new DtlsReorderingProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new DtlsFragmentationProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new DtlsHelloVerifyRequestProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new DtlsBugsProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new DtlsMessageSequenceProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new DtlsRetransmissionsProbe(configSelector, parallelExecutor)); + addProbeToProbeList( + new DtlsApplicationFingerprintProbe(configSelector, parallelExecutor)); + addProbeToProbeList( + new DtlsIpAddressInCookieProbe(configSelector, parallelExecutor), false); + afterList.add(new DtlsRetransmissionAfterProbe<>()); + afterList.add(new DestinationPortAfterProbe()); + // TLS-specific + addProbeToProbeList(new HelloRetryProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new RecordFragmentationProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new EarlyCcsProbe(configSelector, parallelExecutor)); + // addProbeToProbeList(new MacProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new CcaProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new EsniProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new TokenbindingProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new HttpHeaderProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new HttpFalseStartProbe(configSelector, parallelExecutor)); + addProbeToProbeList(new DrownProbe(configSelector, parallelExecutor)); + addProbeToProbeList( + new ConnectionClosingProbe(configSelector, parallelExecutor), false); + afterList.add(new PoodleAfterProbe()); + } else { + String[] vulnsList = vulns.split(","); + for (String v : vulnsList) { + // System.out.println(v); + switch (v) { + case "CommonBug": + addProbeToProbeList(new CommonBugProbe(configSelector, parallelExecutor)); + break; + case "Sni": + addProbeToProbeList(new SniProbe(configSelector, parallelExecutor)); + break; + case "Compressions": + addProbeToProbeList( + new CompressionsProbe(configSelector, parallelExecutor)); + break; + case "NamedGroups": + addProbeToProbeList(new NamedGroupsProbe(configSelector, parallelExecutor)); + break; + case "NamedCurvesOrder": + addProbeToProbeList( + new NamedCurvesOrderProbe(configSelector, parallelExecutor)); + break; + case "Alpn": + addProbeToProbeList(new AlpnProbe(configSelector, parallelExecutor)); + break; + case "Alpaca": + addProbeToProbeList(new AlpacaProbe(configSelector, parallelExecutor)); + break; + case "Certificate": + addProbeToProbeList(new CertificateProbe(configSelector, parallelExecutor)); + break; + case "Ocsp": + addProbeToProbeList(new OcspProbe(configSelector, parallelExecutor)); + break; + case "ProtocolVersion": + addProbeToProbeList( + new ProtocolVersionProbe(configSelector, parallelExecutor)); + break; + case "CipherSuite": + addProbeToProbeList(new CipherSuiteProbe(configSelector, parallelExecutor)); + break; + case "DirectRaccoon": + addProbeToProbeList( + new DirectRaccoonProbe(configSelector, parallelExecutor)); + break; + case "CipherSuiteOrder": + addProbeToProbeList( + new CipherSuiteOrderProbe(configSelector, parallelExecutor)); + break; + case "Extension": + addProbeToProbeList(new ExtensionProbe(configSelector, parallelExecutor)); + break; + case "Tokenbinding": + addProbeToProbeList( + new TokenbindingProbe(configSelector, parallelExecutor)); + break; + case "HttpHeader": + addProbeToProbeList(new HttpHeaderProbe(configSelector, parallelExecutor)); + break; + case "HttpFalseStart": + addProbeToProbeList( + new HttpFalseStartProbe(configSelector, parallelExecutor)); + break; + case "ECPointFormat": + addProbeToProbeList( + new ECPointFormatProbe(configSelector, parallelExecutor)); + break; + case "Resumption": + addProbeToProbeList(new ResumptionProbe(configSelector, parallelExecutor)); + break; + case "Renegotiation": + addProbeToProbeList( + new RenegotiationProbe(configSelector, parallelExecutor)); + break; + case "SessionTicketZeroKey": + addProbeToProbeList( + new SessionTicketZeroKeyProbe(configSelector, parallelExecutor)); + break; + case "Heartbleed": + addProbeToProbeList(new HeartbleedProbe(configSelector, parallelExecutor)); + break; + case "PaddingOracle": + addProbeToProbeList( + new PaddingOracleProbe(configSelector, parallelExecutor)); + break; + case "Bleichenbacher": + addProbeToProbeList( + new BleichenbacherProbe(configSelector, parallelExecutor)); + break; + case "TlsPoodle": + afterList.add(new PoodleAfterProbe()); + break; + case "InvalidCurve": + addProbeToProbeList( + new InvalidCurveProbe(configSelector, parallelExecutor)); + break; + case "Drown": + addProbeToProbeList(new DrownProbe(configSelector, parallelExecutor)); + break; + case "EarlyCcs": + addProbeToProbeList(new EarlyCcsProbe(configSelector, parallelExecutor)); + break; + case "Mac": + addProbeToProbeList(new MacProbe(configSelector, parallelExecutor)); + break; + case "CcaSupport": + addProbeToProbeList(new CcaSupportProbe(configSelector, parallelExecutor)); + break; + case "CcaRequired": + addProbeToProbeList(new CcaRequiredProbe(configSelector, parallelExecutor)); + break; + case "Cca": + addProbeToProbeList(new CcaProbe(configSelector, parallelExecutor)); + break; + case "Esni": + addProbeToProbeList(new EsniProbe(configSelector, parallelExecutor)); + break; + case "CertificateTransparency": + addProbeToProbeList( + new CertificateTransparencyProbe(configSelector, parallelExecutor)); + break; + case "RecordFragmentation": + addProbeToProbeList( + new RecordFragmentationProbe(configSelector, parallelExecutor)); + break; + case "HelloRetry": + addProbeToProbeList(new HelloRetryProbe(configSelector, parallelExecutor)); + break; + case "Sweet32After": + afterList.add(new Sweet32AfterProbe<>()); + break; + case "PoodleAfter": + afterList.add(new PoodleAfterProbe()); + break; + case "FreakAfter": + afterList.add(new FreakAfterProbe<>()); + break; + case "LogjamAfter": + afterList.add(new LogjamAfterProbe<>()); + break; + case "ServerRandomnessAfter": + afterList.add(new ServerRandomnessAfterProbe()); + break; + case "EcPublicKeyAfter": + afterList.add(new EcPublicKeyAfterProbe<>()); + break; + case "DhValueAfter": + afterList.add(new DhValueAfterProbe()); + break; + case "PaddingOracleIdentificationAfter": + afterList.add(new PaddingOracleIdentificationAfterProbe<>()); + break; + case "RaccoonAttackAfter": + afterList.add(new RaccoonAttackAfterProbe()); + break; + default: + LOGGER.warn("Unkown vuln type: " + v); + } + } + } + // Init StatsWriter + setDefaultProbeWriter(); } @Override