Merge pull request #1810 from drwetter/starttls_injection

STARTTLS injection

Author: drwetter

CHANGELOG.md

@@ -12,7 +12,8 @@
 * Percent output char problem fixed
 * Several display/output fixes
 * BREACH check: list all compression methods and add brotli
-* test for winshock vulnerability
+* Test for old winshock vulnerability
+* Test for STARTTLS injection vulnerabilities (SMTP, POP3, IMAP)
 * Security fix: DNS input
 * Don't use external pwd anymore
 * STARTTLS: XMPP server support
@@ -30,6 +31,7 @@
 * Client simulation runs in wide mode which is even better readable
 * Added --reqheader to support custom headers in HTTP requests
 
+
 ### Features implemented / improvements in 3.0
 
 * Full support of TLS 1.3, shows also drafts supported

Dockerfile

@@ -2,7 +2,7 @@ FROM alpine:3.11
 
 RUN apk update && \
     apk upgrade && \
-    apk add bash procps drill git coreutils libidn curl && \
+    apk add bash procps drill git coreutils libidn curl socat openssl && \
     rm -rf /var/cache/apk/* && \
     addgroup testssl && \
     adduser -G testssl -g "testssl user"  -s /bin/bash -D testssl && \

doc/testssl.1

@@ -354,7 +354,10 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, Expect\-CT,\.\.\. , CSP
 \fB\-T, \-\-ticketbleed\fR Checks for Ticketbleed memory leakage in BigIP loadbalancers\.
 .
 .P
-\fB\-BB, \-\-robot\fR Checks for vulnerability to ROBOT / (\fIReturn Of Bleichenbacher\'s Oracle Threat\fR) attack\.
+\fB\-\-BB, \-\-robot\fR Checks for vulnerability to ROBOT / (\fIReturn Of Bleichenbacher\'s Oracle Threat\fR) attack\.
+.
+.P
+\fB\-\-SI, \-\-starttls\-injection\fR Checks for STARTTLS injection vulnerabilities (SMTP, IMAP, POP3 only)\. \fIsocat\fR and OpenSSL >=1.1.0 is needed\.
 .
 .P
 \fB\-R, \-\-renegotiation\fR Tests renegotiation vulnerabilities\. Currently there\'s a check for \fISecure Renegotiation\fR and for \fISecure Client\-Initiated Renegotiation\fR\. Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP)\. A check for \fIInsecure Client\-Initiated Renegotiation\fR is not yet implemented\.

doc/testssl.1.html

@@ -234,7 +234,9 @@ Also for multiple server certificates are being checked for as well as for the c
 
 `-T, --ticketbleed`             Checks for Ticketbleed memory leakage in BigIP loadbalancers.
 
-`-BB, --robot`          Checks for vulnerability to ROBOT / (*Return Of Bleichenbacher's Oracle Threat*) attack.
+`--BB, --robot`          Checks for vulnerability to ROBOT / (*Return Of Bleichenbacher's Oracle Threat*) attack.
+
+`--SI, --starttls-injection`          Checks for STARTTLS injection vulnerabilities (SMTP, IMAP, POP3 only). `socat` and OpenSSL >=1.1.0 is needed.
 
 `-R, --renegotiation`           Tests renegotiation vulnerabilities. Currently there's a check for *Secure Renegotiation* and for *Secure Client-Initiated Renegotiation*. Please be aware that vulnerable servers to the latter can likely be DoSed very easily (HTTP). A check for *Insecure Client-Initiated Renegotiation* is not yet implemented.