XMPPoke - Testing the encryption strength of XMPP servers
- Install squish from http://matthewwild.co.uk/projects/squish/home,
- Build luasec from the xmppoke branch of https://github.com/xnyhps/luasec/tree/xmppoke,
- Copy encodings.so and hashes.so from
utilin a Prosody build to
- Install luadbi (at least the sqlite3 driver).
to build xmppoke.lua.
sqlite3 results.db < schema.sql
to initialize the database.
lua xmppoke.lua example.com
This will initiate a number of connections to example.com, to test the TLS configuration.
lua xmppoke.lua [-v] [-h] [--out=reports/] [--mode=(server|client)] [--delay=seconds] hostname
--htmlwrite a HTML report, instead of ANSI colored output to the terminal.
--outputthe directory where to store the report. Default is reports/.
--modethe mode (either
server). Default is client.
--delaythe number of seconds to wait between every connection. Default is 2.
--capathpath to a directory containing your trusted CA certificates. Default is */etc/ssl/certs/.
--cafilepath to a directory containing your trusted CA certificates. Default is nil.
--certificatepath to a client side certificate to use. Some servers refuse s2s connections from servers that use TLS but don't present a client cert. Default is nil.
--keypath to the private key for the
--certificate. Default is nil.
--blacklistpath to the list of keys included in the
openssl-blacklistpackage. Default is /usr/share/openssl-blacklist/.