Инструмент для тестирования TLS-соединений с серверами XMPP

Guus der Kinderen 1e0adf3672 Merge pull request #7 from Zash/zash/fix-1 5 سال پیش
3rdparty 773340ac50 sqlite3 support! The results of tests, certificates, SRV records, TLSA records and ciphers are now stored into a database. See the README for updated installation instructions. 11 سال پیش
net e34348686c Fix same typo, added more debugging. 10 سال پیش
plugins f3fa771de4 Added a squishy file to build automatically. 11 سال پیش
Dockerfile d1cb0e8e8a Stop using hardcoded and outdated root DNSSEC key 6 سال پیش
LICENSE 8921d3925c Added LICENSE file to clarify that xmppoke is licensed under the MIT license. 10 سال پیش
README.md ff6f895dee Merge 'xmppoke-docker' 6 سال پیش
certs.lua 676ab0cc35 Massive patch fixing up the backend to work together with the new frontend correctly. 11 سال پیش
ciphertable.lua d04147f1d4 Allow ciphertable.lua to be invoked directly for converting a hex string to a cipher string. 11 سال پیش
client.lua 55f818c807 Added support for debugging DNS results: 11 سال پیش
configmanager.lua 55f818c807 Added support for debugging DNS results: 11 سال پیش
docker-entrypoint.sh 031a1a5fc0 Add missing file 6 سال پیش
import_ca.lua 29ba82ae70 Missed changes in previous commit. 9 سال پیش
import_directory.lua 06ddb6d74b Managed to save this file from Apollo. 9 سال پیش
onions.lua 44fe3e2e57 Added support for testing Tor hidden services (will break without unbound). 10 سال پیش
poke.lua 04d9c02700 Attempted fix for DANE reporting 5 سال پیش
schema.pg.sql 63443f5548 Remove the UNIQUE index on the certificate_sans table, as certificates can include duplicate SANs, even though they are useless. 9 سال پیش
server.lua a638ef4e60 Use plain "xmpp.net" as the stream identity. 10 سال پیش
sql.lua 2fa07c45ff Simplify and fix the import_ca.lua file. 9 سال پیش
squishy d1cb0e8e8a Stop using hardcoded and outdated root DNSSEC key 6 سال پیش

README.md

XMPPoke - Testing the encryption strength of XMPP servers

What is XMPPoke?

XMPPoke is a tool which is used to probe XMPP servers for their security and connectivity settings. Think testssl.sh, but for XMPP and with different features.

It focuses on cipher suites, certificate validity, authentication options, SRV record setup and DANE.

Installing

Required:

Then:

squish --use-http

to build xmppoke.lua.

Use:

sqlite3 results.db < schema.sql

to initialize the database.

Running

lua xmppoke.lua example.com

This will initiate a number of connections to example.com, to test the TLS configuration.

Usage:

lua xmppoke.lua [-v] [-h] [--out=reports/] [--mode=(server|client)] [--delay=seconds] hostname

  • -v,--verbose verbose.
  • -h,--html write a HTML report, instead of ANSI colored output to the terminal.
  • -o,--output the directory where to store the report. Default is reports/.
  • -m,--mode the mode (either client or server). Default is client.
  • -d,--delay the number of seconds to wait between every connection. Default is 2.
  • --capath path to a directory containing your trusted CA certificates. Default is */etc/ssl/certs/.
  • --cafile path to a directory containing your trusted CA certificates. Default is nil.
  • --certificate path to a client side certificate to use. Some servers refuse s2s connections from servers that use TLS but don't present a client cert. Default is nil.
  • --key path to the private key for the --certificate. Default is nil.
  • --blacklist path to the list of keys included in the openssl-blacklist package. Default is /usr/share/openssl-blacklist/.

Docker

Build the docker image as usual.

The docker image exposes the following interface:

  • The XMPPoke Queue Manager expects some environment variables as configuration. See there for details.

  • The XMPPoke Queue Manager is the command which is run by default when running the image as a container.