Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Xml/XSLT #54

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Xml/XSLT #54

wants to merge 3 commits into from

Conversation

janiko71
Copy link

Hi,
sslscan is very useful for me, at work, but I needed to be able to use it through a website (because of proxies), so I've just added a small feature to have a colored output in HTML with XSLT.
I send it to you, maybe you can add this based on this work (espacially XSL file, that I can easily translate in english).
Regards,
Jean

@honze-net
Copy link

Hi, I am the author of nmap-bootstrap-xsl. Today I wanted to build a similar XSL for SSLScan, as it is my favorite tool for testing. During my research, I discovered this request. I am happy, that the missing color in the XML is already addressed.

During my testing I found one small bug: The XSL does not loop correctly over all tested servers (if you use --targets=hosts.txt e.g.), it mixes the results. But this could be solved with a loop over the ssltest tag and some tweaking.

I would like to assists to develop this feature. How can I help?

rbsec added a commit that referenced this pull request Mar 24, 2019
@rbsec
Added strength XML attribute to reflect colouring in stdout. #54
d6ba349
@rbsec
Copy link
Owner

rbsec commented Mar 24, 2019

Hi @honze-net,

This is a very old PR that basically got forgotten about, as it wasn't really in a state to merge. I've added in a strength attribute to the XML in commit d6ba349 which reflects the colouring in the output. It gives an idea of the issue rather than just having the colour, so it's a bit more meaningful.

Strength XML attribute Colour in stdout
strong green
acceptable white
medium yellow
weak red
anonymous purple
null red background

XSL isn't something that I've ever used, so I'm afraid it's not really going to be something that I'm able to do very much with - but if there are any (non-breaking) XML changes that would be helpful to make in the code if you're looking to make something like the Nmap XSL then please let me know. I'd not seen your project before, but it looks nice (although I normally just look directly at the .nmap files with some syntax highlighting, it's much more friendly with things like searching built in).

Thanks,

~rbsec

@janiko71
Copy link
Author

Hi, I made the XSLT file. If you have some sample outputs where it doesn't work properly, let's post the files. I'll take a look.

@honze-net
Copy link

Thanks for the support. You are great! I will have a look into that. That should make it easy for me to implement the XSL.

@honze-net
Copy link

It took me a bit, but I created a draft version of the XSL: https://gist.github.com/honze-net/6fc1e810aadcf153cde1a5fe99ff522e
Please download it into the same folder as the xml.
To make it work, you have to insert the following line into your xml.
<?xml-stylesheet href="sslscan-bootstrap-dev1.xsl " type="text/xsl"?>

It should then look like this:

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="sslscan-bootstrap-dev1.xsl" type="text/xsl"?>
<document title="SSLScan Results" version="1.11.13-static" web="http://github.com/rbsec/sslscan">

(Yes, you could also hotlink the raw gist url, if you like.)

It is not finished, yet. Some color features are missing. Please tell me your opinions and features, you are missing.

Thank you!

@rbsec
Copy link
Owner

rbsec commented Apr 12, 2019

@honze-net I'm not sure you've uploaded the right XSL in that Gist - it looks like it's the Nmap one?

@honze-net
Copy link

OMG, sorry. I will fix that, as soon as I get back to my machine.

@honze-net
Copy link

I updated the Gist. It should work as expected, now.

@rbsec
Copy link
Owner

rbsec commented Apr 24, 2019

@honze-net - looks great. Sorry for the delay in getting back to you - been a busy couple of weeks. I can see there are some area where the XML is missing attributes to colour/show it, so when I get a chance I'll go through and add them in to the XML.

Thanks,

~rbsec

@honze-net
Copy link

@rbsec Thank you very much! No problem! I really love to refine the XSL so that you can get the same information as from the console output. That would be awesome!

@rbsec
Copy link
Owner

rbsec commented May 14, 2019

@honze-net apologies, this keep slipping down my todo list.

The current output looks really good - are there any changes you need to the XML for the final attributes?

@honze-net
Copy link

@rbsec I will have a look, what needs to be added. I will compile a list and post it here. Will take me a few days. Thank you!

@honze-net
Copy link

As of now, I propose that these elements should also have the "strength" attribute:

  • signature-algorithm
  • pk (public key)
    I think, that should cover everything I need to complete the XSL file. The XML file should then be equivalent to the console output.

rbsec added a commit that referenced this pull request Jun 16, 2019
@rbsec
Add XML attributes for certificate strength. #54
5007a79
@rbsec
Copy link
Owner

rbsec commented Jun 16, 2019

@honze-net I've added good/acceptable/weak attributes to <pk> and <signature-algorithm>

@honze-net
Copy link

Thank you! I will update my XSL next week.

@rbsec rbsec mentioned this pull request Aug 25, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@janiko71 @honze-net @rbsec