├── README └── crypynarf.py /README: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /crypynarf.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # CryPyNarf! Poit. ZOT! 3 | # A threaded test of which SSL/TLS ciphers are 4 | # supported on the server. 5 | 6 | # Requires openssl for testing. 7 | 8 | 9 | suites = {"ssl2": [ 10 | 'DES-CBC3-MD5', 11 | 'IDEA-CBC-MD5', 12 | 'RC2-CBC-MD5', 13 | 'RC4-MD5', 14 | 'DES-CBC-MD5', 15 | 'EXP-RC2-CBC-MD5', 16 | 'EXP-RC4-MD5'], 17 | "ssl3" : [ 18 | 'DHE-RSA-AES256-SHA', 19 | 'DHE-DSS-AES256-SHA', 20 | 'AES256-SHA', 21 | 'DHE-RSA-CAMELLIA256-SHA', 22 | 'DHE-DSS-CAMELLIA256-SHA', 23 | 'CAMELLIA256-SHA', 24 | 'EDH-RSA-DES-CBC3-SHA', 25 | 'EDH-DSS-DES-CBC3-SHA', 26 | 'DES-CBC3-SHA', 27 | 'DHE-RSA-AES128-SHA', 28 | 'DHE-DSS-AES128-SHA', 29 | 'AES128-SHA', 30 | 'DHE-RSA-CAMELLIA128-SHA', 31 | 'DHE-DSS-CAMELLIA128-SHA', 32 | 'CAMELLIA128-SHA', 33 | 'IDEA-CBC-SHA', 34 | 'RC4-SHA', 35 | 'RC4-MD5', 36 | 'EDH-RSA-DES-CBC-SHA', 37 | 'EDH-DSS-DES-CBC-SHA', 38 | 'DES-CBC-SHA', 39 | 'EXP-EDH-RSA-DES-CBC-SHA', 40 | 'EXP-EDH-DSS-DES-CBC-SHA', 41 | 'EXP-DES-CBC-SHA', 42 | 'EXP-RC2-CBC-MD5', 43 | 'EXP-RC4-MD5'], 44 | "tls1" : [ 45 | 'DHE-RSA-AES256-SHA', 46 | 'DHE-DSS-AES256-SHA', 47 | 'AES256-SHA', 48 | 'DHE-RSA-CAMELLIA256-SHA', 49 | 'DHE-DSS-CAMELLIA256-SHA', 50 | 'CAMELLIA256-SHA', 51 | 'EDH-RSA-DES-CBC3-SHA', 52 | 'EDH-DSS-DES-CBC3-SHA', 53 | 'DES-CBC3-SHA', 54 | 'DHE-RSA-AES128-SHA', 55 | 'DHE-DSS-AES128-SHA', 56 | 'AES128-SHA', 57 | 'DHE-RSA-CAMELLIA128-SHA', 58 | 'DHE-DSS-CAMELLIA128-SHA', 59 | 'CAMELLIA128-SHA', 60 | 'IDEA-CBC-SHA', 61 | 'RC4-SHA', 62 | 'RC4-MD5', 63 | 'EDH-RSA-DES-CBC-SHA', 64 | 'EDH-DSS-DES-CBC-SHA', 65 | 'DES-CBC-SHA', 66 | 'EXP-EDH-RSA-DES-CBC-SHA', 67 | 'EXP-EDH-DSS-DES-CBC-SHA', 68 | 'EXP-DES-CBC-SHA', 69 | 'EXP-RC2-CBC-MD5', 70 | 'EXP-RC4-MD5']} 71 | 72 | import threading as th, sys, subprocess as sub 73 | 74 | # Input validation. Sort of. 75 | if len(sys.argv) != 2: 76 | sys.stderr.write("Syntax error! Correct usage:\n%s e.g. %s 127.0.0.1:443\n" % (sys.argv[0], sys.argv[0])) 77 | sys.exit(2) 78 | 79 | # Build the dictionaries to store results. 80 | failciphers = {"ssl2": [], "ssl3": [], "tls1": []} 81 | yayciphers = {"ssl2": [], "ssl3": [], "tls1": []} 82 | 83 | # The thread class to spawn off all of the tests. 84 | class ciphtest(th.Thread): 85 | def __init__ (self, suite, host, cipher): 86 | # Accept parameters passed in. 87 | self.suite = suite 88 | self.host = host 89 | self.cipher = cipher 90 | th.Thread.__init__ ( self ) 91 | 92 | def run(self): 93 | # Build the openssl command, run it, and poll for results. 94 | cmd = 'openssl s_client -' + self.suite + ' -connect ' + self.host + ' -cipher ' + self.cipher 95 | p = sub.Popen(cmd, shell=True, stdout=sub.PIPE, stderr=sub.PIPE) 96 | p.poll() 97 | if p.returncode == None: 98 | # If we have no return yet, read input, and kill ourself. (Emo, yeah!) 99 | p.stdout.readline() 100 | p.kill() 101 | pcom = p.communicate() 102 | # Check for stdout as failures report to stderr. 103 | if pcom[0] != '': 104 | yayciphers[self.suite].append(self.cipher) 105 | else: 106 | failciphers[self.suite].append(self.cipher) 107 | 108 | # Spawn the threads. 109 | for zed in suites: 110 | for x in suites[zed]: 111 | ciphtest(zed, sys.argv[1], x).start() 112 | 113 | # Ungraceful, but effective for now. Display the results for each suite. 114 | print "#####################" 115 | print "## SSLv2 Ciphers ##" 116 | print "#####################" 117 | for a in yayciphers["ssl2"]: 118 | print a 119 | 120 | print "#####################" 121 | print "## SSLv3 Ciphers ##" 122 | print "#####################" 123 | for a in yayciphers["ssl3"]: 124 | print a 125 | 126 | print "#####################" 127 | print "## TLSv1 Ciphers ##" 128 | print "#####################" 129 | for a in yayciphers["tls1"]: 130 | print a 131 | --------------------------------------------------------------------------------