TLS Tester

 ______  __       ____            ______                __                   
/\__  _\/\ \     /\  _`\         /\__  _\              /\ \__                
\/_/\ \/\ \ \    \ \,\L\_\       \/_/\ \/    __    ____\ \ ,_\    __   _ __  
   \ \ \ \ \ \  __\/_\__ \   _______\ \ \  /'__`\ /',__\\ \ \/  /'__`\/\`'__\
    \ \ \ \ \ \L\ \ /\ \L\ \/\______\\ \ \/\  __//\__, `\\ \ \_/\  __/\ \ \/ 
     \ \_\ \ \____/ \ `\____\/______/ \ \_\ \____\/\____/ \ \__\ \____\\ \_\ 
      \/_/  \/___/   \/_____/          \/_/\/____/\/___/   \/__/\/____/ \/_/
                                                                             
A TLS channel security tester by Tomahawkd@Github
For more information please visit https://github.com/Tomahawkd/TLS-Tester
Thanks to http://patorjk.com/software/taag for Console ASCII art

Introduction

TLS-Tester is a generic SSL/TLS security scanner with plugin system for extensive usage. It has several highly extensible APIs for customized security testing.

My report related to this project. Download

TLS-Tester has three internal analysis procedure for SSL/TLS unsecured channels referred from Postcards from the Post-HTTP World: Amplification of HTTPS Vulnerabilities in the Web Ecosystem.

Note: Currently due to testssl runs on *nix platform, Windows are not available, I'm considering using WSL as alternative for testssl.

Install

1. Download TLS-Tester-X.X.X.jar from release page.

2. Prepare Censys api id and secret and Shodan api key. Then run create_keys.sh for key initialization and move them to ./keys.

3. Download testssl project from here. You need to put the whole folder into the same directory as the jar file. Or you can specific the testssl location using --testssl.

4. Create directory ./extensions if you have extensions. Move your extensions into the directory. Or you can specific the extension dir location using --extension.

5. Run jar file you downloaded. Usage is as follows.

Usage

Usage: <main class> [options] <Type>::<Target String> 
Available format: 
      shodan[::<start>-<end>]::<query>, file::<path>, ips::<ip>:<port>[;<ip>:<port>], 
      socket::[<ip>[:<port>]] 
  Options:
    --db
      Database name.
      Default: tlstester
    --db_pass
      Database password (if any).
      Default: <empty string>
    --db_type
      Database type(sqlite etc.).
      Default: sqlite
    --db_user
      Database username (if any).
      Default: <empty string>
    --debug
      Show debug output (sets logLevel to DEBUG)
      Default: false
    -e, --enable_cert
      enable searching and testing other host has same cert. It will be a long 
      tour. 
      Default: false
    --extension
      manually set extensions' directory
      Default: extensions/
    -h, --help
      Prints usage for all the existing commands.
    --net_thread
      Total network thread for data process to be activated.
      Default: 5
    --quiet
      No output (sets logLevel to NONE)
      Default: false
    --safe
      Ignore all extensions.
      Default: false
    --temp
      Temp file expired day. (-1 indicates forever)
      Default: 7
    --testssl
      Testssl path. (No slash at the end)
      Default: ./testssl.sh
    --testssl_no_timeout
      Disable testssl timeout in connection
      Default: false
    -t, --thread
      Total thread to be activated.
      Default: 5

Build

If you would like to build it yourself, you could follow the instructions below.

Building the project requires maven.

1. Clone the project into your device, and enter the directory.

2. git submodule init, git submodule update and mvn package.

3. You'll get executable and extensions in ./apps/ and ./apps/extensions respectively. API files please refer TLS-Tester-api.

(Note: If Stack Overflow error occurs, please enlarge your stack size by configuring env MAVEN_OPTS=-Xss2m)

Docker

You could also use docker for temporarily test.

WARNING: You have to create keys (for shodan and censys) via create_keys.sh(or .bat) for docker to copy these files.

Key Workflow Phases

• Host Acquire Phase

  • Data acquire from files, Shodan query, command line argument and socket as a slave (implement class TargetSource in data api)
  • Host with the same certificate as the testing host acquire from Censys (activate by -e in command line)

• Data Collect Phase (implement class DataCollector in data api)

  • Shodan Host data
  • Testssl test result (Data structure in testssl-bridge)
  • Device Identification (for device brand detection, implement class Identifier in identifier api)

• Analyze Phase (implement class Analyzer in analyzer api)

  • Three Attack tree analyzers (Leaky, Tainted, Partially Leaky)

• Recording Phase (implement class RecorderDelegate in database api)

  • Use database to store results

Project Structure