diff --git a/nselib/data/ssl-fingerprints.txt b/nselib/data/ssl-fingerprints similarity index 99% rename from nselib/data/ssl-fingerprints.txt rename to nselib/data/ssl-fingerprints index 899ab77e3..4fd3b6069 100644 --- a/nselib/data/ssl-fingerprints.txt +++ b/nselib/data/ssl-fingerprints @@ -1,3 +1,27 @@ +# SHA-1 hashes of SSL certificates that have known private keys. These are from +# Little Black Box 0.1 (http://code.google.com/p/littleblackbox/), which has +# this copyright notice: +# +# Copyright (c) 2010 Craig Heffner +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +# THE SOFTWARE. + 00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96,Little Black Box 0.1 00:3A:E5:45:D6:9C:47:FB:1C:C2:53:59:AA:D7:54:62:D6:D7:89:90,Little Black Box 0.1 00:3C:F1:AB:48:B4:6C:41:5E:48:15:10:3F:F8:28:AC:7C:60:D5:51,Little Black Box 0.1 diff --git a/scripts/ssl-known-key.nse b/scripts/ssl-known-key.nse index ea22d95b8..a8522fa48 100644 --- a/scripts/ssl-known-key.nse +++ b/scripts/ssl-known-key.nse @@ -31,43 +31,12 @@ require("nmap") require("shortport") require("stdnse") -local FINGERPRINT_FILE = "ssl-fingerprints.txt" - -local SSL_PORTS = { - 443, - 465, - 587, - 636, - 989, - 990, - 992, - 993, - 994, - 995, - 5061, - 6679, - 6697, - 8443 -} - -local SSL_SERVICES = { - "ftps", - "ftps-data", - "https", - "https-alt", - "imaps", - "ircs", - "ldapssl", - "pop3s", - "sip-tls", - "smtps", - "telnets" -} +local FINGERPRINT_FILE = "ssl-fingerprints" local get_fingerprints = function(path) -- Check registry for cached fingerprints. if nmap.registry.ssl_fingerprints then - stdnse.print_debug(1, "Using cached SSL fingerprints.") + stdnse.print_debug(2, "Using cached SSL fingerprints.") return true, nmap.registry.ssl_fingerprints end @@ -76,7 +45,7 @@ local get_fingerprints = function(path) if not full_path then full_path = path end - stdnse.print_debug("Loading SSL fingerprints from %s.", full_path) + stdnse.print_debug(2, "Loading SSL fingerprints from %s.", full_path) -- Open database. local file = io.open(full_path, "r") @@ -86,20 +55,15 @@ local get_fingerprints = function(path) -- Parse database. local fingerprints = {} - while true do - local line = file:read("*line") - if not line then - break + for line in file:lines() do + line = line:gsub("#.*", "") + line = line:gsub("^%s*", "") + line = line:gsub("%s*$", "") + if line ~= "" then + local fields = stdnse.strsplit(",", line) + stdnse.print_debug(4, "Added %s to database with reason %s.", fields[1], fields[2]) + fingerprints[fields[1]] = fields[2] end - - line = line:gsub("\n", "") - if line == "" then - break - end - - local fields = stdnse.strsplit(",", line) - stdnse.print_debug(3, "Added %s to database with reason %s.", fields[1], fields[2]) - fingerprints[fields[1]] = fields[2] end -- Close database. @@ -111,7 +75,7 @@ local get_fingerprints = function(path) return true, fingerprints end -portrule = shortport.port_or_service(SSL_PORTS, SSL_SERVICES) +portrule = shortport.ssl action = function(host, port) -- Get script arguments.