sslscan icon indicating copy to clipboard operation
sslscan copied to clipboard

Published 20 hours ago verified publisher icon rbsec

Xml/XSLT

Open janiko71 opened this issue 9 years ago • 15 comments

Hi, sslscan is very useful for me, at work, but I needed to be able to use it through a website (because of proxies), so I've just added a small feature to have a colored output in HTML with XSLT. I send it to you, maybe you can add this based on this work (espacially XSL file, that I can easily translate in english). Regards, Jean

janiko71 avatar Jul 19 '15 20:07 janiko71

Hi, I am the author of nmap-bootstrap-xsl. Today I wanted to build a similar XSL for SSLScan, as it is my favorite tool for testing. During my research, I discovered this request. I am happy, that the missing color in the XML is already addressed.

During my testing I found one small bug: The XSL does not loop correctly over all tested servers (if you use --targets=hosts.txt e.g.), it mixes the results. But this could be solved with a loop over the ssltest tag and some tweaking.

I would like to assists to develop this feature. How can I help?

honze-net avatar Mar 22 '19 14:03 honze-net

Hi @honze-net,

This is a very old PR that basically got forgotten about, as it wasn't really in a state to merge. I've added in a strength attribute to the XML in commit d6ba3496497a997837630515b29ea34155402b71 which reflects the colouring in the output. It gives an idea of the issue rather than just having the colour, so it's a bit more meaningful.

Strength XML attribute Colour in stdout
strong green
acceptable white
medium yellow
weak red
anonymous purple
null red background

XSL isn't something that I've ever used, so I'm afraid it's not really going to be something that I'm able to do very much with - but if there are any (non-breaking) XML changes that would be helpful to make in the code if you're looking to make something like the Nmap XSL then please let me know. I'd not seen your project before, but it looks nice (although I normally just look directly at the .nmap files with some syntax highlighting, it's much more friendly with things like searching built in).

Thanks,

~rbsec

rbsec avatar Mar 24 '19 18:03 rbsec

Hi, I made the XSLT file. If you have some sample outputs where it doesn't work properly, let's post the files. I'll take a look.

janiko71 avatar Mar 24 '19 19:03 janiko71

Thanks for the support. You are great! I will have a look into that. That should make it easy for me to implement the XSL.

honze-net avatar Mar 26 '19 08:03 honze-net

It took me a bit, but I created a draft version of the XSL: https://gist.github.com/honze-net/6fc1e810aadcf153cde1a5fe99ff522e Please download it into the same folder as the xml. To make it work, you have to insert the following line into your xml. <?xml-stylesheet href="sslscan-bootstrap-dev1.xsl " type="text/xsl"?>

It should then look like this:

<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet href="sslscan-bootstrap-dev1.xsl" type="text/xsl"?>
<document title="SSLScan Results" version="1.11.13-static" web="http://github.com/rbsec/sslscan">

(Yes, you could also hotlink the raw gist url, if you like.)

It is not finished, yet. Some color features are missing. Please tell me your opinions and features, you are missing.

Thank you!

honze-net avatar Apr 12 '19 14:04 honze-net

@honze-net I'm not sure you've uploaded the right XSL in that Gist - it looks like it's the Nmap one?

rbsec avatar Apr 12 '19 15:04 rbsec

OMG, sorry. I will fix that, as soon as I get back to my machine.

honze-net avatar Apr 13 '19 11:04 honze-net

I updated the Gist. It should work as expected, now.

honze-net avatar Apr 15 '19 07:04 honze-net

@honze-net - looks great. Sorry for the delay in getting back to you - been a busy couple of weeks. I can see there are some area where the XML is missing attributes to colour/show it, so when I get a chance I'll go through and add them in to the XML.

Thanks,

~rbsec

rbsec avatar Apr 24 '19 19:04 rbsec

@rbsec Thank you very much! No problem! I really love to refine the XSL so that you can get the same information as from the console output. That would be awesome!

honze-net avatar Apr 25 '19 07:04 honze-net

@honze-net apologies, this keep slipping down my todo list.

The current output looks really good - are there any changes you need to the XML for the final attributes?

rbsec avatar May 14 '19 15:05 rbsec

@rbsec I will have a look, what needs to be added. I will compile a list and post it here. Will take me a few days. Thank you!

honze-net avatar May 20 '19 10:05 honze-net

As of now, I propose that these elements should also have the "strength" attribute:

  • signature-algorithm
  • pk (public key) I think, that should cover everything I need to complete the XSL file. The XML file should then be equivalent to the console output.

honze-net avatar May 31 '19 12:05 honze-net

@honze-net I've added good/acceptable/weak attributes to <pk> and <signature-algorithm>

rbsec avatar Jun 16 '19 13:06 rbsec

Thank you! I will update my XSL next week.

honze-net avatar Jun 23 '19 10:06 honze-net