Last active
June 8, 2016 12:42
-
-
Save 0xded093/dbcbce0fb762c070a1bb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| # -*- coding: iso-8859-15 -*- | |
| import re | |
| import json | |
| from pprint import pprint | |
| from clint.textui import colored | |
| import argparse | |
| def split_comma(param): | |
| for x in param.split(','): | |
| #print x | |
| check_compliance(x) | |
| def check_compliance(value): | |
| # regex | |
| result = re.compile('\[(.*?)\]') | |
| regexed = result.findall(value) | |
| _regexed = regexed[0] | |
| if int(_regexed) == 1: | |
| print value + colored.green(" - Good configuration") | |
| if int(_regexed) == 2: | |
| print value + colored.red(" - Not NIST compliant") | |
| if int(_regexed) == 3: | |
| print value + " - Misconfiguration" | |
| if int(_regexed) == 4: | |
| print value + " - Information" | |
| if int(_regexed) == 5: | |
| print value + colored.red(" - Not PCI-DSS compliant") | |
| if int(_regexed) == 6: | |
| print value + colored.red(" - Not PCI-DSS & NIST compliant") | |
| parser = argparse.ArgumentParser(description='SSL scan for NIST & PCI-DSS compliance') | |
| parser.add_argument('-q','--query', help='Inserire dominio', required=True) | |
| domain = vars(parser.parse_args()) | |
| with open(domain['query']+'.json') as data_file: | |
| data = json.load(data_file) | |
| #pprint(data) | |
| print "-----------------------------" | |
| print colored.blue(data["HOSTNAME"]) + " - " + data["FINAL_GRADE"] | |
| print "-----------------------------" | |
| # nist | |
| print "------------------------------------" | |
| print colored.yellow("Check for NIST Compliance") | |
| print "------------------------------------" | |
| split_comma(data["SSL_PROTOCOL-NIST"]) | |
| split_comma(data["DH_PARAM_WEAK-NIST"]) | |
| split_comma(data["EC_BITS-NIST"]) | |
| split_comma(data["SSL_CIPHER-NIST"]) | |
| split_comma(data["OCSP_STAPLING_NOT_SUPPORTED-NIST"]) | |
| check_compliance(data["NOT_NIST_COMPLIANT"]) | |
| # pci-dss | |
| print "------------------------------------" | |
| print colored.yellow("Check for PCI-DSS Compliance") | |
| print "------------------------------------" | |
| split_comma(data["DH_PARAM_WEAK-PCIDSS"]) | |
| split_comma(data["EC_NAME-PCIDSS"]) | |
| split_comma(data["EC_BITS-PCIDSS"]) | |
| split_comma(data["SSL_PROTOCOL-PCIDSS"]) | |
| split_comma(data["SSL_CIPHER-PCIDSS"]) | |
| split_comma(data["CLIENT_INITIATED_SECURE_RENEGOTIATION_SUPPORTED-PCIDSS"]) | |
| split_comma(data["CLIENT_INITIATED_INSECURE_RENEGOTIATION_NOT_SUPPORTED-PCIDSS"]) | |
| check_compliance(data["NOT_PCI_COMPLIANT"]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment