Ignore Bad SSL Certs
Closed this issue · 4 comments
random-robbie commented
Can we get the scanner to ignore bad SSL certs?
Steps to reproduce the behavior
root@04df222c1069:/# acstis -c -siv -d "https://13.56.76.150/" -vp
/$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$$$ /$$$$$$ /$$$$$$
/$$__ $$ /$$__ $$ /$$__ $$|__ $$__/|_ $$_/ /$$__ $$
| $$ \ $$| $$ \__/| $$ \__/ | $$ | $$ | $$ \__/
| $$$$$$$$| $$ | $$$$$$ | $$ | $$ | $$$$$$
| $$__ $$| $$ \____ $$ | $$ | $$ \____ $$
| $$ | $$| $$ $$ /$$ \ $$ | $$ | $$ /$$ \ $$
| $$ | $$| $$$$$$/| $$$$$$/ | $$ /$$$$$$| $$$$$$/
|__/ |__/ \______/ \______/ |__/ |______/ \______/
Version 3.0.1 - Copyright 2017 Tijme Gommers <tijme@finnwea.com>
[INFO] Looking for AngularJS version using a headless browser.
[INFO] Waiting until DOM is completely loaded.
[ERROR] Couldn't determine the AngularJS version (`angular.version.full` threw an exception).
[ERROR] If you are certain this URL uses AngularJS, specify the version via the `--angular-version` argument.
root@04df222c1069:/#
tijme commented
You can ignore invalid SSL certificates using the command line arguments.
-iic, --ignore-invalid-certificates
You can also trust a given certfificate.
-tc TRUSTED_CERTIFICATES, --trusted-certificates TRUSTED_CERTIFICATES
random-robbie commented
tijme commented
Yeah this is already deployed on the develop
branch I think. However, it's a long time ago I worked on it, so I have to check if it's stable enough to merge it to the master.
tijme commented
I think if you update the nyawc
dependency to 1.7.10 it might remove the warnings (see https://github.com/tijme/not-your-average-web-crawler/releases)