当前脚本(scan.sh)花费太多时间与下面列出的任何一个密码进行协商,并且进程在试图进行协商时卡住了。
$ openssl ciphers -V | grep "CBC3"
0xC0,0x12 - ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
0xC0,0x08 - ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
0x00,0x16 - EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
0x00,0x13 - EDH-DSS-DES-CBC3-SHA SSLv3 Kx=DH Au=DSS Enc=3DES(168) Mac=SHA1
0xC0,0x0D - ECDH-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH/RSA Au=ECDH Enc=3DES(168) Mac=SHA1
0xC0,0x03 - ECDH-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH/ECDSA Au=ECDH Enc=3DES(168) Mac=SHA1
0x00,0x0A - DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
运行命令:
。美元/scan.sh X.X.X.X
我如何退出任何延迟密码并移动到下一个密码进行协商?请给我一些建议,我不熟悉Bash。
#scan.sh
#!/usr/bin/env bash
# OpenSSL requires the port number.
SERVER=$1:443
DELAY=1
ciphers=$(openssl ciphers -V | grep "CBC3" | awk '{print $3}')
for cipher in ${ciphers[@]}
do
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ ":error:" ]] ; then
error=$(echo -n $result | cut -d':' -f6)
echo NO ($error)
else
if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then
echo YES
else
echo UNKNOWN RESPONSE
echo $result
fi
fi
sleep $DELAY
done
首先,您可以使ciphers像下面这样一个数组更整洁的外观?
ciphers=( $(openssl ciphers -V | awk '/CBC3/{print $3}') )
,然后执行类似
的操作result="$(timeout 10s openssl s_client -cipher "${cipher[@]" -connect "$SERVER" 2>&1)"
-
timeout 10s等待10s命令完成,否则杀死它 - 将
"$SERVER"等变量双引号,并将脚本变量小写,以免与系统变量冲突