Published on May 11th, 2011 | by NJ Ouchn0
CryptoNark v0.4.5 released
One of the problems with third-party scanning of your site is that the third-party scanner may charge you additional money to perform out-of-band re-scans in order for you to test to see if your remediation activities were successful. A secondary problem is that the ASV is under no obligation to tell you how they determined that a particular vulnerability was discovered so it is up to you to figure it out. CryptoNark scans your site and reports back all ciphers that an ssl client can successfully negotiate.
Please understand that the purpose of this tool is only intended to be used by a web site administrator scanning a site that he or she is directly responsible for supporting. This tool was written because in an enterprise, validating a configuration change is just as important as providing implementation and backout plans and waiting for the next quarterly PCI scan was not an option for me. If “you” are the individual or group of individuals who need to remediate secured web sites that allow weak encryption, this tool will help you. NOTE: CryptoNark does not check the validity of the certificate used to encrypt a web site–this is because it’s primary purpose from an SSL perspective is to check to see what ciphers are enabled.
cnark.pl -h|–host <hostname> -p|–port <port>
[ -i|–insecure ] [ -xl| –kitchen-sink ]
cnark was initially written using Perl 5.8.8 but is now maintained on Perl 5.10. Since Perl iterates through hashes in a randomly chosen order and because I want to maintain the sort order consistency for output purposes, the Perl module Tie::Hash::Indexed was used. In addition to this module, IO::Socket::SSL is required as well. If you have Perl installed, you probably have the cpan tool installed as well so if you do an ‘install Tie::Hash::Indexed’ and an ‘install IO::Socket::SSL’, the modules that these two depend on should be installed as well. Finally, Term::ANSIColor is used to provide colorized output.
- Added HTTP PropFind Test, which is executed if the -xl option is specified.
- Add supporting module: XML::LibXML
- Disabled redirection on the unsafe URL checks. This was creating some false positives.
Download the current version from the Downloads page.