Testssl/more services (#67)

* Add more services to testssl.sh scan

* Say no to testssl questions

* Make output a little bit more readable

fixtures/exploits/exploits.csv

@@ -340,6 +340,6 @@ commonly used in php scripts that display forms and when the script file name  i
 167;nmap;http-wordpress-users;Enumerates usernames in Wordpress blog/CMS installations;Enumerates usernames in Wordpress blog/CMS installations by exploiting an information disclosure vulnerability existing in versions 2.6, 3.1, 3.1.1, 3.1.3 and 3.2-beta2 and possibly others.;None;http,https,http-proxy;;
 168;cve-search;cve-search;Search for vulnerabilities;Perform local searches for known vulnerabilities;High;;;
 169;nmap;smb-vuln-ms17-010;SMBv1 RCE (Wanna Cry);Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code execution vulnerability (ms17-010).;High;netbios-ssn,netbios-ns,microsoft-ds;;
-170;testssl;testssl;Tests TLS/SSL encryption;Testing TLS/SSL encryption;Medium;https;;
+170;testssl;testssl;Tests TLS/SSL encryption;Testing TLS/SSL encryption;Medium;https,ftp,smtp,pop3,imap,xmpp,telnet,ldap;;
 171;nmap;http-vuln-cve2017-5638;Apache Struts Remote Code Execution Vulnerability;Apache Struts 2.3.5 - Struts 2.3.31 and Apache Struts 2.5 - Struts 2.5.10 are vulnerable to a Remote Code Execution vulnerability via the Content-Type header.;High;http,https,http-proxy;;
 172;whatweb;whatweb;Website Fingerprinter;"WhatWeb identifies websites. Its goal is to answer the question, ""What is that Website?"". WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1700 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.";None;http,https,http-proxy;;

tests/test_tools/test_ssl/test_base.py

@@ -12,5 +12,13 @@ def setUp(self, mock_file):
         self.base = SSLBase()
 
     def test_init(self):
-        self.assertEqual(self.base.COMMON_ARGS, ('--jsonfile', self.mock_file.return_value.name, '--append'))
+        self.assertEqual(self.base.COMMON_ARGS, ['--warnings', 'batch', '--jsonfile', self.mock_file.return_value.name,
+                                                 '--append'])
         self.assertEqual(self.base.parser.tempfile, self.mock_file.return_value)
+
+    @patch('tools.ssl.base.tempfile.NamedTemporaryFile')
+    def test_double_init(self, mock_file):
+        self.base = SSLBase()
+        self.assertEqual(self.base.COMMON_ARGS, ['--warnings', 'batch', '--jsonfile', mock_file.return_value.name,
+                                                 '--append'])
+        self.assertEqual(self.base.parser.tempfile, mock_file.return_value)

tests/test_tools/test_ssl/test_structs.py

@@ -110,9 +110,6 @@ def test_output(self):
         self.RESULTS.results = [self.CRITICAL_RESULT, self.MEDIUM_RESULT]
         expected = """CVE: CVE-2014-0160
 Finding: Heartbleed: not vulnerable , timed out
-
-----------
-
 Heartbleed: not vulnerable , timed out"""
         result = self.RESULTS.output
 

tests/test_tools/test_ssl/test_tasks.py

@@ -13,7 +13,7 @@ class SSLScriptTaskTest(TestCase):
     def setUp(self):
         exploit = Exploit(exploit_id=3)
         port = Port(node=Node(node_id=2, ip=ipaddress.ip_address('127.0.0.1')),
-                    transport_protocol=TransportProtocol.UDP, number=16)
+                    transport_protocol=TransportProtocol.TCP, number=16)
         aucote = MagicMock()
         self.task = SSLScriptTask(port=port, exploits=[exploit], aucote=aucote)
 
@@ -23,7 +23,13 @@ def test_init(self):
 
     def test_prepare_args(self):
         result = self.task.prepare_args()
-        expected = ['127.0.0.1']
+        expected = ['127.0.0.1:16']
+        self.assertEqual(result, expected)
+
+    def test_prepare_args_non_default_service(self):
+        self.task._port.protocol = 'smtp'
+        result = self.task.prepare_args()
+        expected = ['-t', 'smtp', '127.0.0.1:16']
         self.assertEqual(result, expected)
 
     @patch('tools.ssl.tasks.Vulnerability')

tools/ssl/base.py

@@ -20,6 +20,6 @@ class SSLBase(Command):
 
     def __init__(self):
         temporary_file = tempfile.NamedTemporaryFile('r+')
-        self.COMMON_ARGS = ('--jsonfile', temporary_file.name, '--append')
+        self.COMMON_ARGS = ['--warnings',  'batch', '--jsonfile', temporary_file.name, '--append']
         self.parser = SSLParser(temporary_file)
         super(SSLBase, self).__init__()

tools/ssl/structs.py

@@ -123,4 +123,4 @@ def output(self):
             str
 
         """
-        return "\n\n----------\n\n".join([result.output for result in self.results])
+        return "\n".join(result.output for result in self.results)

tools/ssl/tasks.py

@@ -14,12 +14,16 @@ class SSLScriptTask(CommandTask):
     Task responsible for executing the testssl
 
     """
+    _ADDITIONAL_PROTOCOLS = ('ftp', 'smtp', 'pop3', 'imap', 'xmpp', 'telnet', 'ldap')
 
     def __init__(self, *args, **kwargs):
         super().__init__(command=SSLBase(), *args, **kwargs)
 
     def prepare_args(self):
-        return [str(self._port.node.ip)]
+        target = "{0}:{1}".format(str(self._port.node.ip), str(self._port.number))
+        if self._port.protocol in self._ADDITIONAL_PROTOCOLS:
+            return ['-t', self._port.protocol, target]
+        return [target]
 
     def _get_vulnerabilities(self, results):
         log.debug(results.with_severity_le(SSLSeverity.WARN).output)