Инструмент для тестирования TLS-соединений с серверами XMPP
Guus der Kinderen 1e0adf3672 Merge pull request #7 from Zash/zash/fix-1 | 5 年 前 | |
---|---|---|
3rdparty | 11 年 前 | |
net | 10 年 前 | |
plugins | 11 年 前 | |
Dockerfile | 6 年 前 | |
LICENSE | 10 年 前 | |
README.md | 6 年 前 | |
certs.lua | 11 年 前 | |
ciphertable.lua | 11 年 前 | |
client.lua | 11 年 前 | |
configmanager.lua | 11 年 前 | |
docker-entrypoint.sh | 6 年 前 | |
import_ca.lua | 9 年 前 | |
import_directory.lua | 9 年 前 | |
onions.lua | 10 年 前 | |
poke.lua | 5 年 前 | |
schema.pg.sql | 9 年 前 | |
server.lua | 10 年 前 | |
sql.lua | 9 年 前 | |
squishy | 6 年 前 |
XMPPoke - Testing the encryption strength of XMPP servers
XMPPoke is a tool which is used to probe XMPP servers for their security and connectivity settings. Think testssl.sh, but for XMPP and with different features.
It focuses on cipher suites, certificate validity, authentication options, SRV record setup and DANE.
Required:
luaunbound
directory and copy lunbound.so
to util
.util
in a Prosody build to util/
in xmppoke.Then:
squish --use-http
to build xmppoke.lua.
Use:
sqlite3 results.db < schema.sql
to initialize the database.
lua xmppoke.lua example.com
This will initiate a number of connections to example.com, to test the TLS configuration.
Usage:
lua xmppoke.lua [-v] [-h] [--out=reports/] [--mode=(server|client)] [--delay=seconds] hostname
-v
,--verbose
verbose.-h
,--html
write a HTML report, instead of ANSI colored output to the terminal.-o
,--output
the directory where to store the report. Default is reports/.-m
,--mode
the mode (either client
or server
). Default is client.-d
,--delay
the number of seconds to wait between every connection. Default is 2.--capath
path to a directory containing your trusted CA certificates. Default is */etc/ssl/certs/.--cafile
path to a directory containing your trusted CA certificates. Default is nil.--certificate
path to a client side certificate to use. Some servers refuse s2s connections from servers that use TLS but don't present a client cert. Default is nil.--key
path to the private key for the --certificate
. Default is nil.--blacklist
path to the list of keys included in the openssl-blacklist
package. Default is /usr/share/openssl-blacklist/.Build the docker image as usual.
The docker image exposes the following interface:
The XMPPoke Queue Manager expects some environment variables as configuration. See there for details.
The XMPPoke Queue Manager is the command which is run by default when running the image as a container.