Introducing Opabinia (SSLAuditor4)

hey go checking for SSL forms major part in any infrastructure or web application assessment and also it's not done in depth in most of the assessments mainly because you need to run like multiple tools and also you need to do like various manual checks to do a very thorough review of SSL service this talk is about a tool that I have return return to automate majority of the services so majority of the checks uh which uh mainly integrates a lot of other tools and also it does like a lot of manual checks okay uh let's talk about like pan perere toolkit uh because SSL is SSL auditor is part of Pia toolkit uh what's paneria pans Foria means like life

exists everywhere Across the Universe and it is transferred from one planet to other planet or one uh entity to other entity like moons or asteroids or comets through other entities like comets or asteroids uh and how is this related to this thought is where when we talk about like it there are like multiple worlds uh which which are like uh for example uh networking is a different F whereas like database is a different VA and uh you have something like virtualization and then you have like operating systems you have application so all these are like different different wordss and uh this P per toolkit has like I'm still like developing it okay has like a tool to T

tackle the issues in each of these words and all these pictures are uh like various planets that might have life in them so we don't know they're all few light years away so we are not that advanced to even detect life 100% so let's uh go ahead with SSL audito which is also called like opabinia okay why opabinia what's the meaning of the name opabinia is one of the burgish scale creatures that lived around 500 million years ago and it has five eyes uh mainly to escape from danger uh there there used to be a big Predator called animalic arace it needs to escape from animalic AR to survive and also it can find food much easier

with like five eyes and the other thing that opavia has is a long prosis which it can use to fetch like foods which are difficult to reach how is this related to my talk um my my tool has like five modules to check for various issues on the services so which relate to the five eyes of above and the input module is very flexible to accept input from multiple sources so which relates to the long proses let's have an overview uh okay this is a complete picture of my tool like the checks it does and the various options it has uh at present it does around 30 checks on SSL and RDP Services let's uh go into each of these

components okay the first component is the input modules and the execution modules my tool accepts like four uh different sources of input one is is from on the interface itself so you can add your IP or host on the interface and it accept that the second option uh is a range which you can see on the top it it accepts like a start IP and then he can specify the end IP and it generates the entire list for you uh the third option is the IP list file there are multiple ways it will read those IPS you can separate an IP or host name and the port using colon or space or comma so it

accepts CSV files and the other option is it does sanitization so you don't need to have like a very strict okay this particular form of like URL or it does like it will just remove HTTP and all those kind of prefixes and suffixes and the fourth option is the nmap XML file which accepts like multiple ports you can just specify okay uh grab all the IPS or hes with this specific port and now let's come to the execution options there are a few options which are quite important the first one is a development environment uh which says like sometimes you might be testing as a s services in a development envir and you don't want to flag like okay self-

signed certificates or untrusted certificates so this options ignores four of the checks which is like revocation lists uh self sign wild card and trusted so and the the other option in the tool is automated timers so when the Tool identifies a timeout or an error uh it increases time to 2X and then if it still gets the same error or time mod it pushes it to 5x before it moves to the uh it before it moves to the next module and we'll be looking at autosave options in uh the forther slid and yeah with respect to the scan speed there is an option to increase or decrease a scan speed it's mainly useful when you are uh

running the tool against a local service or a remote service mainly like if it is like going through the internet uh probably it might be like slow so you don't want the tool to time out like very fast so you can just reduce a try let's now look at uh the various Cipher checks that the to does like U The Tool uh checks for the various flag protocols that are supported by the SSL service and also it does check for the various ciphers that are supported by each of those uh protocols and then it lists the prefer ciphers for each of the protocol and it Flags if it finds SSL version two or any of the weak uh ciphers

enabled and uh this is a sample report and these are the the various fields in the report now let's look at certificate checks yeah these are like some of the certificate checks the tool does for you so uh mainly it it does check for various issues on the certificate itself as well as it check for various issues on the configuration of the SSL service there some of them can be like self- signed validity or Wild Card certificates or weak crypto stuff like weak uh RSA keys or weak signing algorithms and uh the various uh things related to configuration include like uh Beast attack or compression which leads to crime and uh fession uh resumption and

security negotiation now let's look at web service why did I include like web service checks in an SSL tool it's quite important because uh if you look at the Modern web servers they support a lot of additional features uh say for example like hsts s which greatly improves the security of an SSL survey so it's very important to have these headers in place to have a a very strong SSL uh so this module checks of various headers on the SSL service it also checks for uh various tools like cookie flags and cash settings but these are on the index page it's not a web app scanner so it not go inside the web pages so and it also checks

for various disclosure through uh web server headers now let's look at the other module which is RDP Service uh RDP Service uh supports like three protocols so this module checks for the support of like each of these protocol one is like R SSP SSL and Native RP and if SSL is enabled it will check for self signed certificates and weak ciphers if native RP is enabled it will check for uh the security level as well as like the cipher supported by the by the service and yeah the this are various this is another module which checks for uh the mainly the validity of the certificate and it gives like a different coloring if it is like

expiring or expired it's mainly focused towards administrators and this is like uh the report structure which is like it does like two reports one is like validity and the audit report audit report is a general one which like more detailed information about the SSL service and the validity report is just like a table which gives like which is expired or expiring or it's fine and yeah uh maybe I think like we are running out of time so let skip the demo and I'm like very thankful to Dave and also to my friends uh for helping me out with the feedback with respect to the tool and the presentation and yeah the tool can be downloaded from

my website and also the presentation is available on my website and the demos are available on YouTube and yes sorry