File: endpoint_scaninfo.txt

package info (click to toggle)
golang-github-cloudflare-cfssl 1.2.0%2Bgit20160825.89.7fb22c8-3
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 4,916 kB
  • ctags: 2,827
  • sloc: sh: 146; sql: 62; python: 11; makefile: 8
file content (83 lines) | stat: -rw-r--r-- 3,049 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
THE SCANINFO ENDPOINT

Endpoint: /api/v1/cfssl/scaninfo
Method:   GET

Result:

    The returned result is a JSON object with keys for each scan family. For
    each family, there exists a `description` containing a string describing the
    family and a `scanners` object mapping each of the family's scanners to
    an object containing a `description` string.

Example:

    $ curl ${CFSSL_HOST}/api/v1/cfssl/scaninfo | python -m json.tool
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  1412  100  1412    0     0   391k      0 --:--:-- --:--:-- --:--:--  459k
{
    "errors": [],
    "messages": [],
    "result": {
        "Broad": {
            "description": "Large scale scans of TLS hosts",
            "scanners": {
                "IntermediateCAs": {
                    "description": "Scans a CIDR IP range for unknown Intermediate CAs"
                }
            }
        },
        "Connectivity": {
            "description": "Scans for basic connectivity with the host through DNS and TCP/TLS dials",
            "scanners": {
                "CloudFlareStatus": {
                    "description": "Host is on CloudFlare"
                },
                "DNSLookup": {
                    "description": "Host can be resolved through DNS"
                },
                "TCPDial": {
                    "description": "Host accepts TCP connection"
                },
                "TLSDial": {
                    "description": "Host can perform TLS handshake"
                }
            }
        },
        "PKI": {
            "description": "Scans for the Public Key Infrastructure",
            "scanners": {
                "ChainExpiration": {
                    "description": "Host's chain hasn't expired and won't expire in the next 30 days"
                },
                "ChainValidation": {
                    "description": "All certificates in host's chain are valid"
                },
                "MultipleCerts": {
                    "description": "Host serves same certificate chain across all IPs"
                }
            }
        },
        "TLSHandshake": {
            "description": "Scans for host's SSL/TLS version and cipher suite negotiation",
            "scanners": {
                "CipherSuite": {
                    "description": "Determines host's cipher suites accepted and prefered order"
                },
                "SigAlgs": {
                    "description": "Determines host's accepted signature and hash algorithms"
                }
            }
        },
        "TLSSession": {
            "description": "Scans host's implementation of TLS session resumption using session tickets/session IDs",
            "scanners": {
                "SessionResume": {
                    "description": "Host is able to resume sessions across all addresses"
                }
            }
        }
    },
    "success": true
}