1. changed the date format from "%Y/%m/%d" to "%Y-%m-%d" to make it ANSI and ISO 8601 compliant.
2. Changed the issuer and subject to issuer_str and subject_str which are formatted string from the x509 objects.
3. Added subject to ssl_expired_certificate_vuln and ssl_expiring_certificate_scan modules
1. Change the date format from d/m/Y to Y-m-d (e.g. 2004-08-28)
2. In the return/output of ssl_certificate_scan in SSL library please add certificate "subject" and "issuer" so these could be logged
3. Rename ssl_version module to ssl_weak_version
4. Change ssl_expired_certificate module to return expired certs only ( do not count expiring_soon certs - it is not a vulnerability!)
5. Create a separate ssl_expiring_certificate module in modules/scan (remember 'expiring soon' is not a vulnerability, so we need to make this a 'scan' module)
6. Rename ssl_signed_certificate module to ssl_certificate_weak_signature and remove the self-signed check from it
7. Create a separate ssl_self_signed_certificate module in modules/vuln
Next in nettacker/core/lib/ssl.py
in class SslLibrary(BaseLibrary): you have ssl_certificate_scan and ssl_version_and_cipher_scan methods.
There is a common code in these two methods so these could be refactored to remove the repetition. Please refactor/improve this.
In ssl_version_and_cipher_scan also please add add to the output /return certificate "subject" ,"issuer" and an expiry date.
This way if a user scans they network using IP addresses and some servers will come up with weak SSL versions/ciphers it will be easier for user to identify the servers using the certificate subject/issuer
This is a refactor of existing Nettacker code I've been working on recently. The (incomplete) list of changes:
- add pre-commit checks
- apply OOP approach to the application architecture
- consolidate common modules logic into a base class
- extract YAML parsing logic into a separate module
- fix some typos
- get rid of (not all) misused try/except blocks
- migrate to poetry, remove requirements.* files
- re-design configuration module
- re-design logging module
- split application logic into classes
- use `pathlib` for path related manipulations
- use context-based naming for variables, modules, directories, etc
- use module level imports (vs function level)
- use the base class for specific protocol libraries
Arkadii Yakovets
Captain-T2004
Arkadii Yakovets
Rodolfo Cabral Neves