Commit 59259299 authored by Devon Kearns's avatar Devon Kearns

Imported Upstream version 1.0

parents
sslcaudit
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="Encoding" useUTFGuessing="true" native2AsciiForPropertiesFiles="false" />
</project>
<component name="InspectionProjectProfileManager">
<settings>
<option name="PROJECT_PROFILE" />
<option name="USE_PROJECT_PROFILE" value="false" />
<version value="1.0" />
</settings>
</component>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectRootManager" version="2" project-jdk-name="Python 2.7.1+ (/usr/bin/python2.7)" project-jdk-type="Python SDK" />
</project>
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ProjectModuleManager">
<modules>
<module fileurl="file://$PROJECT_DIR$/.idea/sslcaudit.iml" filepath="$PROJECT_DIR$/.idea/sslcaudit.iml" />
</modules>
</component>
</project>
<component name="DependencyValidationManager">
<state>
<option name="SKIP_IMPORT_STATEMENTS" value="false" />
</state>
</component>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<module type="PYTHON_MODULE" version="4">
<component name="NewModuleRootManager">
<content url="file://$MODULE_DIR$" />
<orderEntry type="inheritedJdk" />
<orderEntry type="sourceFolder" forTests="false" />
</component>
</module>
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$" vcs="Git" />
</component>
</project>
''' ----------------------------------------------------------------------
SSLCAUDIT - a tool for automating security audit of SSL clients
Released under terms of GPLv3, see COPYING.TXT
Copyright (C) 2012 Alexandre Bezroutchko abb@gremwell.com
---------------------------------------------------------------------- '''
This diff is collapsed.
INTRODUCTION
The goal of sslcaudit project is to develop a utility to automate testing SSL/TLS
clients for resistance against MITM attacks. It might be useful for testing a thick
client, a mobile application, an appliance, pretty much anything communicating over
SSL/TLS over TCP.
INSTALLATION
There is no proper installation procedure yet (Debian package and distutils-based
Python installer are coming soon). For now just fetch the release from GIT repository:
$ git clone -b release_1_0 https://github.com/grwl/sslcaudit.git
Cloning into sslcaudit...
Then find sslcaudit in the top level directory and run it with -h option. PDF
user-guide is available at doc/sslcaudit-user-guide-1.0.pdf.
Sslcaudit uses M2Crypto Python library. On Debian system M2Crypto library can be
installed with the following command:
$ sudo apt-get install python-m2crypto
MORE INFORMATION
See the user guide for more information or run 'sslcaudit -h'.
LICENSING
GPLv3, see COPYING.TXT
#!/bin/sh -x
for _ in `seq 1 4` ; do socat - OPENSSL:localhost:8443,cafile=/home/abb/certs/sslcaudit-test-cacert.pem ; done
#!/bin/sh -x
./sslcaudit --user-ca-cert \
~/certs/sslcaudit-test-cacert.pem \
--user-ca-key ~/certs/sslcaudit-test-cakey.pem \
--server 62.213.200.252:443
#!/bin/sh -x
for _ in `seq 1 4` ; do curl --cacert /home/abb/certs/sslcaudit-test-cacert.pem https://brufeprd1.hackingmachines.com:8443/ ; done
#!/bin/sh -x
./sslcaudit --user-ca-cert \
~/certs/sslcaudit-test-cacert.pem \
--user-ca-key ~/certs/sslcaudit-test-cakey.pem \
--server 62.213.200.252:443
File added
git svn clone -s http://optparse-gui.googlecode.com/svn optparse-gui
#!/bin/sh -xe
rm -rf sslcaudit.*
rm -rf test/sslcaudit.*
rm -rf test/testfilebag.*
#!/bin/sh -e
# ----------------------------------------------------------------------------
# SSLCAUDIT - a tool for automating security audit of SSL clients
# Released under terms of GPLv3, see COPYING.TXT
# Copyright (C) 2012 Alexandre Bezroutchko abb@gremwell.com
# ----------------------------------------------------------------------------
pid=`ps ax|grep sslcaudit| grep -v grep | awk '{print $1}'`
if [ -n "$pid" ] ; then
kill $pid
echo "killed $pid"
else
echo "nothinig to kill"
fi
#!/bin/sh -xe
# ----------------------------------------------------------------------------
# SSLCAUDIT - a tool for automating security audit of SSL clients
# Released under terms of GPLv3, see COPYING.TXT
# Copyright (C) 2012 Alexandre Bezroutchko abb@gremwell.com
# ----------------------------------------------------------------------------
# After execution of "./prepend.sh F1 F2" file F2 will contain F2 + F1"
# Example:
# find . -name \*.py | xargs -n1 -IF ./prepend_file.sh F COPYING.HEADER
[ $# -eq 2 ]
mv "$1" "$1.orig"
cat "$2" "$1.orig" > "$1"
rm "$1.orig"
= optparse_gui 0.1 =
First release of optparse_gui.
Dynamically generated a wx-based dialog with controls the match the option's
type:
* CheckBox for boolean options
* ComboBox for "choice" options
* TextCtrl for all other options
* An extra TextCtrl for entering non-option command line arguments
Copyright (c) 2008, slider fry
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Welcome to optparse_gui!
= What is *_optparse_gui_*? =
In a single sentence: import *_optparse_gui_* as _optparse_
_optparse_ is a great built-in python module for parsing command line arguments.
see http://docs.python.org/lib/module-optparse.html for more info.
*_optparse_gui_* is a drop-in replacement for _optparse_.
It allows entering command line arguments in a dynamically generated wx-based dialog.
*_optparse_gui_* generates the dialog depending on the provided _optparse_ options:
* CheckBox for boolean options
* ComboBox for "choice" options
* TextCtrl for all other options
* An extra TextCtrl for entering non-option command line arguments
Also, the dialog contains context-sensitive help for every control.
Ever wanted to transparently add a GUI to your command-line driven python scripts?
This is the module for you.
= Installing =
In order to install, simply run "setup.py install" from the command line.
On windows - you can also use the provided installer.
= Using =
Like the title says - simply "import *_optparse_gui_* as _optparse_"
A more elaborate use case might be to use *_optparse_gui_* when the application
is ran with no command line arguments ( i.e. a double-click on the module's icon ),
but use the original _optparse_ to handle the command line arguments if they are
given.
That way, a user can drive your app using a GUI, and yet - the app can
be automated by passing command line arguments.
A sample for this might be as follows ( also included in test\test.py ):
{{{
import sys
import optparse
import optparse_gui
def main():
if 1 == len( sys.argv ):
optparser_class = optparse.OptionParser
else:
optparser_class = optparse_gui.OptionParser
parser = optparser_class.OptionParser()
parser.add_option( ... )
parser.add_option( ... )
parser.add_option( ... )
option, args = parser.parse_args()
do_usefull_stuff( options, args )
}}}
* Magically guess that an option is a filename or directory and provide
a "browse" button.
* Make the options dialog resizable
#!python
"""Bootstrap setuptools installation
If you want to use setuptools in your package's setup.py, just include this
file in the same directory with it, and add this to the top of your setup.py::
from ez_setup import use_setuptools
use_setuptools()
If you want to require a specific version of setuptools, set a download
mirror, or use an alternate download directory, you can do so by supplying
the appropriate options to ``use_setuptools()``.
This file can also be run as a script to install or upgrade setuptools.
"""
import sys
DEFAULT_VERSION = "0.6c8"
DEFAULT_URL = "http://pypi.python.org/packages/%s/s/setuptools/" % sys.version[:3]
md5_data = {
'setuptools-0.6b1-py2.3.egg': '8822caf901250d848b996b7f25c6e6ca',
'setuptools-0.6b1-py2.4.egg': 'b79a8a403e4502fbb85ee3f1941735cb',
'setuptools-0.6b2-py2.3.egg': '5657759d8a6d8fc44070a9d07272d99b',
'setuptools-0.6b2-py2.4.egg': '4996a8d169d2be661fa32a6e52e4f82a',
'setuptools-0.6b3-py2.3.egg': 'bb31c0fc7399a63579975cad9f5a0618',
'setuptools-0.6b3-py2.4.egg': '38a8c6b3d6ecd22247f179f7da669fac',
'setuptools-0.6b4-py2.3.egg': '62045a24ed4e1ebc77fe039aa4e6f7e5',
'setuptools-0.6b4-py2.4.egg': '4cb2a185d228dacffb2d17f103b3b1c4',
'setuptools-0.6c1-py2.3.egg': 'b3f2b5539d65cb7f74ad79127f1a908c',
'setuptools-0.6c1-py2.4.egg': 'b45adeda0667d2d2ffe14009364f2a4b',
'setuptools-0.6c2-py2.3.egg': 'f0064bf6aa2b7d0f3ba0b43f20817c27',
'setuptools-0.6c2-py2.4.egg': '616192eec35f47e8ea16cd6a122b7277',
'setuptools-0.6c3-py2.3.egg': 'f181fa125dfe85a259c9cd6f1d7b78fa',
'setuptools-0.6c3-py2.4.egg': 'e0ed74682c998bfb73bf803a50e7b71e',
'setuptools-0.6c3-py2.5.egg': 'abef16fdd61955514841c7c6bd98965e',
'setuptools-0.6c4-py2.3.egg': 'b0b9131acab32022bfac7f44c5d7971f',
'setuptools-0.6c4-py2.4.egg': '2a1f9656d4fbf3c97bf946c0a124e6e2',
'setuptools-0.6c4-py2.5.egg': '8f5a052e32cdb9c72bcf4b5526f28afc',
'setuptools-0.6c5-py2.3.egg': 'ee9fd80965da04f2f3e6b3576e9d8167',
'setuptools-0.6c5-py2.4.egg': 'afe2adf1c01701ee841761f5bcd8aa64',
'setuptools-0.6c5-py2.5.egg': 'a8d3f61494ccaa8714dfed37bccd3d5d',
'setuptools-0.6c6-py2.3.egg': '35686b78116a668847237b69d549ec20',
'setuptools-0.6c6-py2.4.egg': '3c56af57be3225019260a644430065ab',
'setuptools-0.6c6-py2.5.egg': 'b2f8a7520709a5b34f80946de5f02f53',
'setuptools-0.6c7-py2.3.egg': '209fdf9adc3a615e5115b725658e13e2',
'setuptools-0.6c7-py2.4.egg': '5a8f954807d46a0fb67cf1f26c55a82e',
'setuptools-0.6c7-py2.5.egg': '45d2ad28f9750e7434111fde831e8372',
'setuptools-0.6c8-py2.3.egg': '50759d29b349db8cfd807ba8303f1902',
'setuptools-0.6c8-py2.4.egg': 'cba38d74f7d483c06e9daa6070cce6de',
'setuptools-0.6c8-py2.5.egg': '1721747ee329dc150590a58b3e1ac95b',
}
import sys, os
def _validate_md5(egg_name, data):
if egg_name in md5_data:
from md5 import md5
digest = md5(data).hexdigest()
if digest != md5_data[egg_name]:
print >>sys.stderr, (
"md5 validation of %s failed! (Possible download problem?)"
% egg_name
)
sys.exit(2)
return data
def use_setuptools(
version=DEFAULT_VERSION, download_base=DEFAULT_URL, to_dir=os.curdir,
download_delay=15
):
"""Automatically find/download setuptools and make it available on sys.path
`version` should be a valid setuptools version number that is available
as an egg for download under the `download_base` URL (which should end with
a '/'). `to_dir` is the directory where setuptools will be downloaded, if
it is not already available. If `download_delay` is specified, it should
be the number of seconds that will be paused before initiating a download,
should one be required. If an older version of setuptools is installed,
this routine will print a message to ``sys.stderr`` and raise SystemExit in
an attempt to abort the calling script.
"""
was_imported = 'pkg_resources' in sys.modules or 'setuptools' in sys.modules
def do_download():
egg = download_setuptools(version, download_base, to_dir, download_delay)
sys.path.insert(0, egg)
import setuptools; setuptools.bootstrap_install_from = egg
try:
import pkg_resources
except ImportError:
return do_download()
try:
pkg_resources.require("setuptools>="+version); return
except pkg_resources.VersionConflict, e:
if was_imported:
print >>sys.stderr, (
"The required version of setuptools (>=%s) is not available, and\n"
"can't be installed while this script is running. Please install\n"
" a more recent version first, using 'easy_install -U setuptools'."
"\n\n(Currently using %r)"
) % (version, e.args[0])
sys.exit(2)
else:
del pkg_resources, sys.modules['pkg_resources'] # reload ok
return do_download()
except pkg_resources.DistributionNotFound:
return do_download()
def download_setuptools(
version=DEFAULT_VERSION, download_base=DEFAULT_URL, to_dir=os.curdir,
delay = 15
):
"""Download setuptools from a specified location and return its filename
`version` should be a valid setuptools version number that is available
as an egg for download under the `download_base` URL (which should end
with a '/'). `to_dir` is the directory where the egg will be downloaded.
`delay` is the number of seconds to pause before an actual download attempt.
"""
import urllib2, shutil
egg_name = "setuptools-%s-py%s.egg" % (version,sys.version[:3])
url = download_base + egg_name
saveto = os.path.join(to_dir, egg_name)
src = dst = None
if not os.path.exists(saveto): # Avoid repeated downloads
try:
from distutils import log
if delay:
log.warn("""
---------------------------------------------------------------------------
This script requires setuptools version %s to run (even to display
help). I will attempt to download it for you (from
%s), but
you may need to enable firewall access for this script first.
I will start the download in %d seconds.
(Note: if this machine does not have network access, please obtain the file
%s
and place it in this directory before rerunning this script.)
---------------------------------------------------------------------------""",
version, download_base, delay, url
); from time import sleep; sleep(delay)
log.warn("Downloading %s", url)
src = urllib2.urlopen(url)
# Read/write all in one block, so we don't create a corrupt file
# if the download is interrupted.
data = _validate_md5(egg_name, src.read())
dst = open(saveto,"wb"); dst.write(data)
finally:
if src: src.close()
if dst: dst.close()
return os.path.realpath(saveto)
def main(argv, version=DEFAULT_VERSION):
"""Install or upgrade setuptools and EasyInstall"""
try:
import setuptools
except ImportError:
egg = None
try:
egg = download_setuptools(version, delay=0)
sys.path.insert(0,egg)
from setuptools.command.easy_install import main
return main(list(argv)+[egg]) # we're done here
finally:
if egg and os.path.exists(egg):
os.unlink(egg)
else:
if setuptools.__version__ == '0.0.1':
print >>sys.stderr, (
"You have an obsolete version of setuptools installed. Please\n"
"remove it from your system entirely before rerunning this script."
)
sys.exit(2)
req = "setuptools>="+version
import pkg_resources
try:
pkg_resources.require(req)
except pkg_resources.VersionConflict:
try:
from setuptools.command.easy_install import main
except ImportError:
from easy_install import main
main(list(argv)+[download_setuptools(delay=0)])
sys.exit(0) # try to force an exit
else:
if argv:
from setuptools.command.easy_install import main
main(argv)
else:
print "Setuptools version",version,"or greater has been installed."
print '(Run "ez_setup.py -U setuptools" to reinstall or upgrade.)'
def update_md5(filenames):
"""Update our built-in md5 registry"""
import re
from md5 import md5
for name in filenames:
base = os.path.basename(name)
f = open(name,'rb')
md5_data[base] = md5(f.read()).hexdigest()
f.close()
data = [" %r: %r,\n" % it for it in md5_data.items()]
data.sort()
repl = "".join(data)
import inspect
srcfile = inspect.getsourcefile(sys.modules[__name__])
f = open(srcfile, 'rb'); src = f.read(); f.close()
match = re.search("\nmd5_data = {\n([^}]+)}", src)
if not match:
print >>sys.stderr, "Internal error!"
sys.exit(2)
src = src[:match.start(1)] + repl + src[match.end(1):]
f = open(srcfile,'w')
f.write(src)
f.close()
if __name__=='__main__':
if len(sys.argv)>2 and sys.argv[1]=='--md5update':
update_md5(sys.argv[2:])
else:
main(sys.argv[1:])
This diff is collapsed.
from optparse_gui import __version__
import ez_setup
ez_setup.use_setuptools()
from setuptools import setup, find_packages
setup(
name = "optparse_gui",
version = str( __version__ ),
packages = find_packages(exclude=["tests"]),
author = "slider fry",
author_email = "slider.fry@gmail.com",
description = "import optparse_gui as optparse - wx gui frontend for optparse",
license = "BSD",
keywords = "python gui wx commandline optparse",
url = "http://optparse-gui.googlecode.com",
zip_safe = True,
#install_requires = [ 'wxPython' ],
classifiers = [
'Development Status :: 3 - Alpha',
'Environment :: Win32 (MS Windows)',
'Environment :: X11 Applications',
'Intended Audience :: Developers',
'License :: OSI Approved :: BSD License',
'Operating System :: Microsoft :: Windows',
'Operating System :: POSIX',
'Operating System :: OS Independent',
'Operating System :: MacOS',
'Programming Language :: Python',
'Topic :: Software Development'
],
long_description = \
'''
**optparse_gui** is a drop-in replacement for *optparse*.
It allows entering command line arguments in a dynamically generated wx-based dialog.
''',
download_url = r'http://optparse-gui.googlecode.com/files/optparse_gui-%s.zip' % __version__
)
\ No newline at end of file
import sys
import optparse
import optparse_gui
def main():
usage = "usage: %prog [options] args"
if 1 == len( sys.argv ):
option_parser_class = optparse_gui.OptionParser
else:
option_parser_class = optparse.OptionParser
parser = option_parser_class( usage = usage, version='0.1' )
parser.add_option("-f", "--file", dest="filename", default = r'c:\sample.txt',
help="read data from FILENAME")
parser.add_option("-a", "--action", dest="action",
choices = ['delete', 'copy', 'move'],
help="Which action do you wish to take?!")
parser.add_option("-n", "--number", dest="number", default = 23,
type = 'int',
help="Just a number")
parser.add_option("-v", "--verbose",
action="store_true", dest="verbose",
help = 'To be or not to be? ( verbose )')
options, args = parser.parse_args()
print 'args: %s' % args
print 'options: %s' % options
if '__main__' == __name__:
main()
''' ----------------------------------------------------------------------
SSLCAUDIT - a tool for automating security audit of SSL clients
Released under terms of GPLv3, see COPYING.TXT
Copyright (C) 2012 Alexandre Bezroutchko abb@gremwell.com
---------------------------------------------------------------------- '''
from Queue import Empty
from exceptions import Exception
import logging
import sys
from threading import Thread
from src.core.ClientAuditorServer import ClientAuditorServer
from src.core.ClientConnectionAuditEvent import ClientAuditResult
from src.core.ConfigError import ConfigError
from src.core.FileBag import FileBag
from src.test.ExternalCommandHammer import CurlHammer
from src.test.SSLConnectionHammer import ChainVerifyingSSLConnectionHammer, CNVerifyingSSLConnectionHammer
from src.test.TCPConnectionHammer import TCPConnectionHammer
HOST_ADDR_ANY = '0.0.0.0'
MODULE_MODULE_NAME_PREFIX = 'src.modules'
PROFILE_FACTORY_MODULE_NAME = 'ProfileFactory'
PROFILE_FACTORY_CLASS_NAME = 'ProfileFactory'
PROG_NAME = 'sslcaudit'
PROG_VERSION = '1.0'
class BaseClientAuditController(Thread):
logger = logging.getLogger('BaseClientAuditController')
def __init__(self, options):
Thread.__init__(self, target=self.run)
self.options = options
self.queue_read_timeout = 0.1
if self.options.debug_level > 0:
logging.getLogger().setLevel(logging.DEBUG)
self.file_bag = FileBag(self.options.test_name)
self.init_profile_factories()
self.server = ClientAuditorServer(self.options.listen_on, self.profile_factories)
self.res_queue = self.server.res_queue
#self.logger.info('initialized with options %s' % str(self.options))
self.init_self_tests()
def init_profile_factories(self):
self.profile_factories = []
for module_name in self.options.modules.split(','):
# load the module from under MODULE_NAME_PREFIX
module_name = MODULE_MODULE_NAME_PREFIX + "." + module_name + '.' + PROFILE_FACTORY_MODULE_NAME
try:
__import__(module_name, fromlist=[])
except Exception as ex:
raise ConfigError("cannot load module %s, exception: %s" % (module_name, ex))
# find and instantiate the profile factory class
profile_factory_class = sys.modules[module_name].__dict__[PROFILE_FACTORY_CLASS_NAME]
self.profile_factories.append(profile_factory_class(self.file_bag, self.options))
# there must be some profile factories in the list, otherwise we die right here
if len(self.profile_factories) == 0:
raise ConfigError("no single profile factory configured, nothing to do")
def start(self):
self.do_stop = False
self.server.start()
Thread.start(self)
if self.selftest_hammer is not None:
self.selftest_hammer.start()
def stop(self):
# signal the controller thread to stop
self.do_stop = True
def run(self):
'''
SSLCAuditCLI loop function. Will run until the desired number of clients is handled.
'''
nresults = 0
# loop until get all desired results, quit if stopped
while nresults < self.options.nclients and not self.do_stop:
try:
# wait for a message blocking for short intervals, check stop flag frequently
res = self.server.res_queue.get(True, self.queue_read_timeout)
self.logger.debug("got result %s", res)