An open-source modular framework capable of identifying a wide range of TLS vulnerabilities and assessing compliance with multiple guidelines. Its actionable report can assist the user in correctly and easily fixing their configurations.
Home Page: https://st.fbk.eu/tools/TLSAssistant
License: Apache License 2.0
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
The text2html module used results in fixed width text files; some tags may break across two lines.
The test for 3SHAKE invovles looking for "extended master secret/#23" using a negative grep. If that TLS extension tag breaks across two lines, you'll get a false positive from Evaluator/enumerator.sh.
A multiline with regex grep option works properly as shown below.
#3SHAKE
if ! grep -Pzq "extended[\n| ]master[\n| ]secret/#23" $toolReports/testssl_report.txt ; then
echo "3SHAKE">> $root_folder/vulnerabilityList.txt
echo "- detected: 3SHAKE"
fi
OS:
Ubuntu 22.04.3 LTS
Docker version:
Server Version: 25.0.3
Client: Docker Engine - Community
Version: 25.0.3
Command output:
$ docker build -t tlsassistant .
[+] Building 3.5s (11/12) docker:default
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 793B 0.0s
=> [internal] load metadata for docker.io/library/ubuntu:latest 1.4s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [1/8] FROM docker.io/library/ubuntu:latest@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 0.0s
=> [internal] load build context 1.1s
=> => transferring context: 10.49MB 1.1s
=> CACHED [2/8] RUN apt-get update && apt-get install -y git python3-dev python3-pip sudo bsdmainutils locales dnsutils 0.0s
=> CACHED [3/8] RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen 0.0s
=> CACHED [4/8] RUN DEBIAN_FRONTEND="noninteractive" apt-get -y install tzdata keyboard-configuration 0.0s
=> CACHED [5/8] COPY . /tlsassistant 0.0s
=> CACHED [6/8] WORKDIR /tlsassistant 0.0s
=> ERROR [7/8] RUN pip3 install -r requirements.txt 0.8s
------
> [7/8] RUN pip3 install -r requirements.txt:
0.705 error: externally-managed-environment
0.705
0.705 × This environment is externally managed
0.705 ╰─> To install Python packages system-wide, try apt install
0.705 python3-xyz, where xyz is the package you are trying to
0.705 install.
0.705
0.705 If you wish to install a non-Debian-packaged Python package,
0.705 create a virtual environment using python3 -m venv path/to/venv.
0.705 Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
0.705 sure you have python3-full installed.
0.705
0.705 If you wish to install a non-Debian packaged Python application,
0.705 it may be easiest to use pipx install xyz, which will manage a
0.705 virtual environment for you. Make sure you have pipx installed.
0.705
0.705 See /usr/share/doc/python3.12/README.venv for more information.
0.705
0.705 note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
0.705 hint: See PEP 668 for the detailed specification.
------
Dockerfile:27
--------------------
25 | WORKDIR "/tlsassistant"
26 |
27 | >>> RUN pip3 install -r requirements.txt
28 |
29 | ENV TLSA_IN_A_DOCKER_CONTAINER Yes
--------------------
ERROR: failed to solve: process "/bin/sh -c pip3 install -r requirements.txt" did not complete successfully: exit code: 1
Expected output:
The build completes successfully.
STEP TO REPRODUCE
bash INSTALL.shCURRENT BEHAVIOR
If (for any reason) apt-get fails, the error is not reported and the script is not stopped:
Reading package lists... Done
Building dependency tree
Reading state information... Done
python is already the newest version (2.7.15~rc1-1).
python set to manually installed.
The following additional packages will be installed:
libexpat1-dev libpython-all-dev libpython-dev libpython2.7 libpython2.7-dev python-all python-all-dev
python-asn1crypto python-cffi-backend python-crypto python-cryptography python-dbus python-dev python-enum34
python-gi python-idna python-ipaddress python-keyring python-keyrings.alt python-pip-whl python-secretstorage
python-setuptools python-six python-wheel python-xdg python2.7-dev
Suggested packages:
python-crypto-doc python-cryptography-doc python-cryptography-vectors python-dbus-dbg python-dbus-doc
python-enum34-doc python-gi-cairo gnome-keyring libkf5wallet-bin gir1.2-gnomekeyring-1.0 python-fs python-gdata
python-keyczar python-secretstorage-doc python-setuptools-doc
The following NEW packages will be installed:
libexpat1-dev libpython-all-dev libpython-dev libpython2.7 libpython2.7-dev python-all python-all-dev
python-asn1crypto python-cffi-backend python-crypto python-cryptography python-dbus python-dev python-enum34
python-gi python-idna python-ipaddress python-keyring python-keyrings.alt python-pip python-pip-whl
python-secretstorage python-setuptools python-six python-wheel python-xdg python2.7-dev
0 upgraded, 27 newly installed, 0 to remove and 217 not upgraded.
Need to get 33.0 MB of archives.
After this operation, 56.6 MB of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu bionic/main amd64 libexpat1-dev amd64 2.2.5-3 [122 kB]
Get:2 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 libpython2.7 amd64 2.7.15~rc1-1ubuntu0.1 [1053 kB]
... omissis ...
Get:26 http://archive.ubuntu.com/ubuntu bionic/universe amd64 python-wheel all 0.30.0-0.2 [36.4 kB]
Get:27 http://archive.ubuntu.com/ubuntu bionic/universe amd64 python-xdg all 0.25-4ubuntu1 [31.3 kB]
Fetched 31.2 MB in 14s (2209 kB/s)
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/p/python-pip/python-pip-whl_9.0.1-2.3~ubuntu1_all.deb 404 Not Found [IP: 91.189.88.149 80]
E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/p/python-pip/python-pip_9.0.1-2.3~ubuntu1_all.deb 404 Not Found [IP: 91.189.88.149 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Python installed
The last line is not true: Python is not installed.
Subsequent errors do not stop the script as well:
INSTALL.sh: line 25: pip: command not found
Androguard installed
INSTALL.sh: line 27: pip: command not found
TLS Lite installed
EXPECTED BEHAVIOR
I think that every error should be reported and stop the script.
ENVIRONMENT
I'm using Bash on windows but I don't think it is relevant.
$ cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.1 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.1 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
$ uname -r
4.4.0-18362-Microsoft
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.