21 posts categorized "cryptonark"


OS X 10.8.4 Updates OpenSSL to v0.9.8x

The good news is that cryptonark still works!


CryptoNark 0.4.7 Released

This is the first new release in about 8 months and this version adds one new feature and one bug fix; both involving certificate and host name validation.

Previous versions of CryptoNark, when run with the --insecure switch, would exit if the host name scanned did not match the common name or subject alternative name bound to the certificate. This made it hard to do things like scan an IP address or scan a single host in a farm of servers to see what ciphers were enabled (or if cipher remediation steps were successful). Now, when the --insecure argument is given, cryptonark will not perform any host name or certificate validation at all, (but it will still perform a cipher scan).

New in this version is a cosmetic change. Previous versions of cryptonark would perform certificate and host name validation but would only output the common name of the certificate. This version now outputs the common name and any subject alternative names that are bound to the certificate.

The main cryptonark page has been updated to reflect this change history and you can download a copy from the Techstacks Downloads page. Thanks again for everyone who has given this tool a try! Please let me know of any issues by sending me a mail at techstacks [at] gmail [dot] com or via twitter @techstacks.



CryptoNark v0.4.6 Released

I'm releasing an update to CryptoNark today, which is a maintenance release that fixes a few bugs that have been sitting out there for a little while now.  No new SSL/TLS testing functionality is in this release.  The three changes in this release are:

  1. Modified cryptonark to utilize a port number in all $url variable assignments.  This was an easy way for me to allow cryptonark to perform the extended http scanning when those http hosts were not using well-known port numbers.  This functionality may also change in the future as I retool things to accomodate SSL listeners that run on ports other than 443.
  2. Sometime in an earlier v0.4.x release, non-ssl host tests were still getting ssl tests sent to it.  This release fixes that issue.
  3. The get_server_type function has been fixed as well so it now properly sets the global variable that was supposed to be assigned the value of the HTTP Server header.  My "discovery" that the HTTP PROPFIND method test was broken in the previous release drove this fix.

The Downloads page on this site has been updated with the new version.  Because the script is now over 600 lines long, I do not post the source in release posts any longer.