Home

Awesome

AWS SHA256 Compatibility Scanner

The AWS SHA256 Compatibility Scanner helps users to identify if their applications or user base are affected by the SHA1 Deprecation taking place this year. It works by parsing the UserAgent string of the application and attempting to determine the application name, application version, os name, and os version. It then uses this information to check against a known list of applications and operating systems that are known either to support or not support SHA256 certificates. It outputs a single line per UserAgent, the output can be used to identify if a specific application is either 'supported', 'not supported', or if 'support is unknown'.

Amazon Web Services bulletins about the SHA1 Certificate Deprecation is available here:

You can find additional information about the SHA1 Deprecation here: CA/Browser Forum

AWS-SHA256-AGENTCS Links:

Getting Started

Sign up for AWS

Before you begin, you may need an AWS account. Please see the AWS Account and Credentials section of the developer guide for information about how to create an AWS account and retrieve your AWS credentials.

Minimum requirements

Installation of required packages

user-agents is hosted on PyPI/user-agents and GitHub/user-agents ua-parser is hosted on PyPI/ua-parser and on GitHub as GitHub/uap-python and GitHub/uap-core pyyaml is hosted on PyPI/pyyaml and PyYaml.org

and they can be installed as shown here:

pip install pyyaml ua-parser user-agents

Alternatively, you can also get the latest source code from each project's Github and install them manually.

Downloading this Application and Library

  1. The recommended way to get the code is to use 'git clone https://github.com/awslabs/aws-sha256-agentcs.git' to clone this repository to your local machine.
  2. Enter the local repository folder with 'cd ecs-task-kite'
  3. You are now ready to begin using this library and the included applications.

Using The Included Applications

This repository includes:

3 Example Applications

Each of the applications will output help on how to run them if executed with no arguments.

1 User Agent Scanning Library

Examples on how to use and call this library directly can be found in the above listed applications.

Example Usages and Output####

#####uascan_app1.py

% ./uascan_app1.py 'Mozilla/5.0 (Windows NT 6.3) Firefox/36.0'
0 Firefox

% echo -n 'Mozilla/5.0 (Windows NT 6.3) Firefox/36.0' | uascan_app1.py
0 Firefox

#####uascan_app2.py

% ./uascan_app2.py useragents.txt
0 Firefox

#####uascan_app3.py

% ./uascan_app3.py s3access.log
mybucket 192.168.1.125 0 Firefox

Features

Important Note: Up To Date Browser Regexes

This library makes use of ua-parser. The ua-parser regex files in PyPi may not be the latest versions. The latest versions are recommended for maximium User Agent compatibility. The latest ua-parser 'regexes.yaml' file can be downloaded from: GitHub/uap-core

To determine where your current ua-parser 'regexes.yaml' resides do the following:

% python
> import ua_parser
> print ua_parser.__file__
/Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/__init__.pyc
> exit()

We can then see where the regex files exist by looking in the folder that the library exist in:

% ls /Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.*
/Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.json
/Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.yaml

The existing regex files can be updated using the following example:

% mv /Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.yaml /Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.yaml.bak
% mv /Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.json /Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.json.bak
% cp regexes.yaml /Users/myuser/Library/Python/2.7/lib/python/site-packages/ua_parser/regexes.yaml

Known Issues

Example:

# First remove the installed libraries from the system folder.
% pip remove pyyaml ua-parser user-agents

# Install the required libraries into the user's local python library folder.
% pip install --user pyyaml ua-parser user-agents

How to identify what version of OpenSSL my interpreted language is using?

####NodeJS

% node -pe process.versions
{ http_parser: '2.3',
node: '0.12.7',
v8: '3.28.71.19',
uv: '1.6.1',
zlib: '1.2.8',
modules: '14',
openssl: '1.0.1p' }

####PHP

% php -r 'echo OPENSSL_VERSION_TEXT . "\n";'
OpenSSL 1.0.2d 9 Jul 2015

####Python

% python -c "import ssl;print ssl.OPENSSL_VERSION;"
OpenSSL 1.0.2d 9 Jul 2015

####Ruby

% ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'
OpenSSL 1.0.2d 9 Jul 2015

Supported Versions

1.0.0 - Initial Release