it-security-2-deep-thought/raw_scans/9_gcp_ubuntu_20.04/testssl-3.log

369 lines
17 KiB
Plaintext
Raw Normal View History

2021-01-08 22:06:34 +01:00
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t ftp localhost:21"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:07:28 -->> 127.0.0.1:21 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:21. 
Fatal error: Can't connect to "127.0.0.1:21"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:21"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:07:30 -->> 127.0.0.1:21 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:21. 
Fatal error: Can't connect to "127.0.0.1:21"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:465"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:07:32 -->> 127.0.0.1:465 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:465. 
Fatal error: Can't connect to "127.0.0.1:465"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t smtp localhost:587"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:07:34 -->> 127.0.0.1:587 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): --
 Oops: STARTTLS handshake failed (code: 1)
Fatal error: repeated STARTTLS problems, giving up (1)
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:465"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:07:37 -->> 127.0.0.1:465 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:465. 
Fatal error: Can't connect to "127.0.0.1:465"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:587"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:07:39 -->> 127.0.0.1:587 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): --
 127.0.0.1:587 doesn't seem to be a TLS/SSL enabled server
 The results might look ok but they could be nonsense. Really proceed ? ("yes" to continue) -->  Service detected: Couldn't determine what's running on port 587, assuming no HTTP service => skipping all HTTP checks
 Testing protocols via native openssl
 SSLv2 not offered (OK)
 SSLv3 not offered (OK)
 TLS 1 not offered
 TLS 1.1 not offered
 TLS 1.2 not offered
 TLS 1.3 Local problem: timeout --preserve-status 10 ./bin/openssl.Linux.x86_64 doesn't support "s_client -tls1_3"
You should not proceed as no protocol was detected. If you still really really want to, say "YES" -->  NPN/SPDY not offered
 ALPN/HTTP2 not offered
 Testing cipher categories 
 NULL ciphers (no encryption) not offered (OK)
 Anonymous NULL Ciphers (no authentication) not offered (OK)
 Export ciphers (w/o ADH+NULL) not offered (OK)
 LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
 Triple DES Ciphers / IDEA not offered
 Obsoleted CBC ciphers (AES, ARIA etc.) not offered
 Strong encryption (AEAD ciphers) with no FS not offered
 Forward Secrecy strong encryption (AEAD ciphers) not offered
 Testing server's cipher preferences 
 Has server cipher order? Handshake error!no (NOT ok)
 Negotiated protocol TLSv1.2
 Negotiated cipher default cipher empty (Hint: if IIS6 give OpenSSL 1.0.1 a try) (limited sense as client will pick)
 Cipher per protocol
Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits Cipher Suite Name (IANA/RFC)
-----------------------------------------------------------------------------------------------------------------------------
SSLv2
-
SSLv3
-
TLSv1
-
TLSv1.1
-
TLSv1.2
-
TLSv1.3
-
 Testing robust forward secrecy (FS) -- omitting Null Authentication/Encryption, 3DES, RC4 
 No ciphers supporting Forward Secrecy (FS) offered
 Testing server defaults (Server Hello) 
 TLS extensions (standard) (none)
 Session Ticket RFC 5077 hint no -- no lifetime advertised
 SSL Session ID support yes
 Session Resumption Tickets no, ID resumption test failed
 TLS clock skew SSLv3 through TLS 1.2 didn't return a timestamp
Client problem, No server cerificate could be retrieved. Thus we can't continue with "server defaults".
 Testing vulnerabilities 
 Heartbleed (CVE-2014-0160) not vulnerable (OK), no heartbeat extension
 CCS (CVE-2014-0224) not vulnerable (OK)
 Ticketbleed (CVE-2016-9244), experiment. -- (applicable only for HTTPS)
 ROBOT Server does not support any cipher suites that use RSA key transport
 Secure Renegotiation (RFC 5746) OpenSSL handshake didn't succeed
 Secure Client-Initiated Renegotiation not vulnerable (OK)
 CRIME, TLS (CVE-2012-4929) test failed (couldn't connect)
 POODLE, SSL (CVE-2014-3566) not vulnerable (OK), no SSLv3 support
 TLS_FALLBACK_SCSV (RFC 7507) test failed (couldn't connect)
 SWEET32 (CVE-2016-2183, CVE-2016-6329) not vulnerable (OK), 38/53 (SSLv2: 8/8) local ciphers
 FREAK (CVE-2015-0204)  Oops: openssl s_client connect problem
not vulnerable (OK)
 DROWN (CVE-2016-0800, CVE-2016-0703) not vulnerable on this host and port (OK)
no RSA certificate, thus certificate can't be used with SSLv2 elsewhere
 LOGJAM (CVE-2015-4000), experimental not vulnerable (OK): no DH EXPORT ciphers, no DH key detected with <= TLS 1.2
 BEAST (CVE-2011-3389) not vulnerable (OK), no SSL3 or TLS1
 LUCKY13 (CVE-2013-0169), experimental not vulnerable (OK), 123/154 local ciphers
 Winshock (CVE-2014-6321), experimental not vulnerable (OK) - no HTTP or RDP
 RC4 (CVE-2013-2566, CVE-2015-2808) no RC4 ciphers detected (OK)
Could not determine the protocol, only simulating generic clients.
 Running client simulations via openssl  -- pls note "--ssl-native" will return some false results
Browser Protocol Cipher Suite Name (OpenSSL) Forward Secrecy
------------------------------------------------------------------------------------------------
Android 4.4.2 No connection
Android 5.0.0 No connection
Android 6.0 No connection
Android 7.0 (native) No connection
Android 8.1 (native) No connection
Android 9.0 (native) No connection
Android 10.0 (native) No connection
Chrome 74 (Win 10) No connection
Chrome 79 (Win 10) No connection
Firefox 66 (Win 8.1/10) No connection
Firefox 71 (Win 10) No connection
IE 6 XP No connection
IE 8 Win 7 No connection
IE 8 XP No connection
IE 11 Win 7 No connection
IE 11 Win 8.1 No connection
IE 11 Win Phone 8.1 No connection
IE 11 Win 10 No connection
Edge 15 Win 10 No connection
Edge 17 (Win 10) No connection
Opera 66 (Win 10) No connection
Safari 9 iOS 9 No connection
Safari 9 OS X 10.11 No connection
Safari 10 OS X 10.12 No connection
Safari 12.1 (iOS 12.2) No connection
Safari 13.0 (macOS 10.14.6) No connection
Apple ATS 9 iOS 9 No connection
Java 6u45 No connection
Java 7u25 No connection
Java 8u161 No connection
Java 11.0.2 (OpenJDK) No connection
Java 12.0.1 (OpenJDK) No connection
OpenSSL 1.0.2e No connection
OpenSSL 1.1.0l (Debian) No connection
OpenSSL 1.1.1d (Debian) No connection
Thunderbird (68.3) No connection
 Rating (experimental) 
 Rating specs (not complete) SSL Labs's 'SSL Server Rating Guide' (version 2009q from 2020-01-30)
 Specification documentation https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide
 Protocol Support (weighted) 50 (15)
 Key Exchange  (weighted) 100 (30)
 Cipher Strength  (weighted) 60 (24)
 Final Score 69
 Overall Grade C
 Grade cap reasons Grade capped to C. TLS 1.2 or TLS 1.3 are not offered
Grade capped to B. Forward Secrecy (FS) is not supported
 Done 2021-01-07 15:11:32 [ 235s] -->> 127.0.0.1:587 (localhost) <<--
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:110"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:34 -->> 127.0.0.1:110 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:110. 
Fatal error: Can't connect to "127.0.0.1:110"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t pop3 localhost:995"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:36 -->> 127.0.0.1:995 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:995. 
Fatal error: Can't connect to "127.0.0.1:995"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:110"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:39 -->> 127.0.0.1:110 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:110. 
Fatal error: Can't connect to "127.0.0.1:110"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:995"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:41 -->> 127.0.0.1:995 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:995. 
Fatal error: Can't connect to "127.0.0.1:995"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t imap localhost:993"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:43 -->> 127.0.0.1:993 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:993. 
Fatal error: Can't connect to "127.0.0.1:993"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:993"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:45 -->> 127.0.0.1:993 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:993. 
Fatal error: Can't connect to "127.0.0.1:993"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t postgres localhost:5432"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:48 -->> 127.0.0.1:5432 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:5432. 
Fatal error: Can't connect to "127.0.0.1:5432"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:5432"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:50 -->> 127.0.0.1:5432 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:5432. 
Fatal error: Can't connect to "127.0.0.1:5432"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 -t mysql localhost:3306"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:52 -->> 127.0.0.1:3306 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:3306. 
Fatal error: Can't connect to "127.0.0.1:3306"
Make sure a firewall is not between you and your scanning target!
## Scan started as: "testssl.sh --logfile ../outputs/testssl-3.log --append --connect-timeout 10 --openssl-timeout 10 --ssl-native localhost:3306"
## at ubuntu-20:./bin/openssl.Linux.x86_64
## version testssl: 3.1dev 477bd13 from 2021-01-07
## version openssl: "1.0.2-chacha" from "Jan 18 17:12:17 2019")
 Start 2021-01-07 15:11:54 -->> 127.0.0.1:3306 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): -- Oops: TCP connect problem
Unable to open a socket to 127.0.0.1:3306. 
Fatal error: Can't connect to "127.0.0.1:3306"
Make sure a firewall is not between you and your scanning target!