
The goal: to display security vulnerabilities in the environment of the target machine:

Documentation.
Main site here. Note that it is part of OWASP



Dependencies
A Perl distribution
Given the choice, maybe pick Strawberry Perl rather than e.g. ActivePerl, as the former seems to make it much easier to run OpenSsl, and it’s designed for Windows.. whatever that means in practice.




Test the basics…




perl \perl_tests\hello_world.pl

Now over to the O-Saft section
Go to the https://www.owasp.org/index.php/O-Saft I referenced earlier and download as per the screenshot above.
Now that comes down as a file like this..

So drill in and keep unzipping until you get to this level below o-saft.tar:

, and then move all that to a folder osaft, and delete the file I’ve highlighted below:

Then go to an administrator prompt and type

So now we start to get stuff. The red flags are the combinations of yes (i.e. I support on my machine ), and especially low or medium. Can we find any bad ones? Why yes…

Rather than plough through the file, much better to get PowerShell to parse it (yes Perl did occur to me, but you can have too many script languages). Our first test could just be for the yes/weak combinations. For that, let’s:
- get the O-Saft output into a text file (as I don’t think I can get the perl directly into a variable)
- move that text file into a variable
- walk the variable, outputting (case-insensitive) [yes(tab)weak] matches
Which gives this (on my Windows 10 laptop – the first command takes about 15 seconds):
perl o-saft.pl +check localhost > .\osaft.txt
$warnings = Get-Content -Path .\osaft.txt
$warnings | Where-Object {$_ -match 'yes[\t]weak'}

Are there any other bad combinations?
$warnings | Where-Object {$_ -match 'yes[\t]weak' -or $_ -match 'yes[\t]medium' -or $_ -match 'yes[\t]medium'}

No. However there is clearly repetition, so let’s reduce to unique combinations (and I am not bringing out under which particular protocols we are weak – for now we have to scan the file for the detail (osaft.txt in this example)).
$warnings | Where-Object {$_ -match 'yes[\t]weak' -or $_ -match 'yes[\t]medium' -or $_ -match 'yes[\t]low'} | select -Unique

And finally, this person deserves a call-out for their useful summary of Regex in PowerShell: http://ss64.com/ps/syntax-regex.html
fin
Well, of that section. And then there’s OpenSsl:

Can’t find the config file, certainly not in that location. OK – set the system envvar to hold it:



Now we can do other stuff. This looks handy around OpenSsl examples.