PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-12 10:49:02 +00:00
Code Issues Projects Releases Wiki Activity

Unify logging with protocol prefix

Browse Source
This commit is contained in:
dmiller
2014-08-12 02:38:17 +00:00
parent 29b614ccca
commit 1622edabc2
1 changed files with 29 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
scripts/ssl-enum-ciphers.nse
View File

@@ -144,6 +144,11 @@ local rankedciphers={}
local mincipherstrength=9999 --artificial "highest value" local mincipherstrength=9999 --artificial "highest value"
local rankedciphersfilename=false local rankedciphersfilename=false
-- Add additional context (protocol) to debug output
local function ctx_log(level, protocol, fmt, ...)
return stdnse.debug(level, "(%s) " .. fmt, protocol, ...)
end
local function try_params(host, port, t) local function try_params(host, port, t)
local buffer, err, i, record, req, resp, sock, status local buffer, err, i, record, req, resp, sock, status
@@ -157,7 +162,7 @@ local function try_params(host, port, t)
local status local status
status, sock = specialized(host, port) status, sock = specialized(host, port)
if not status then if not status then
stdnse.debug1("Can't connect: %s", err) ctx_log(1, t.protocol, "Can't connect: %s", err)
return nil return nil
end end
else else
@@ -165,7 +170,7 @@ local function try_params(host, port, t)
sock:set_timeout(timeout) sock:set_timeout(timeout)
local status = sock:connect(host, port) local status = sock:connect(host, port)
if not status then if not status then
stdnse.debug1("Can't connect: %s", err) ctx_log(1, t.protocol, "Can't connect: %s", err)
sock:close() sock:close()
return nil return nil
end end
@@ -177,7 +182,7 @@ local function try_params(host, port, t)
req = tls.client_hello(t) req = tls.client_hello(t)
status, err = sock:send(req) status, err = sock:send(req)
if not status then if not status then
stdnse.debug1("Can't send: %s", err) ctx_log(1, t.protocol, "Can't send: %s", err)
sock:close() sock:close()
return nil return nil
end end
@@ -189,13 +194,13 @@ local function try_params(host, port, t)
local status local status
status, buffer, err = tls.record_buffer(sock, buffer, 1) status, buffer, err = tls.record_buffer(sock, buffer, 1)
if not status then if not status then
stdnse.debug1("Couldn't read a TLS record: %s", err) ctx_log(1, t.protocol, "Couldn't read a TLS record: %s", err)
return nil return nil
end end
-- Parse response. -- Parse response.
i, record = tls.record_read(buffer, 1) i, record = tls.record_read(buffer, 1)
if record and record.type == "alert" and record.body[1].level == "warning" then if record and record.type == "alert" and record.body[1].level == "warning" then
stdnse.debug1("Ignoring warning: %s", record.body[1].description) ctx_log(1, t.protocol, "Ignoring warning: %s", record.body[1].description)
-- Try again. -- Try again.
elseif record then elseif record then
sock:close() sock:close()
@@ -358,32 +363,32 @@ local function find_ciphers_group(host, port, protocol, group)
if record == nil then if record == nil then
if protocol_worked then if protocol_worked then
stdnse.debug2("%d ciphers rejected. (No handshake)", #group) ctx_log(2, protocol, "%d ciphers rejected. (No handshake)", #group)
else else
stdnse.debug1("%d ciphers and/or protocol %s rejected. (No handshake)", #group, protocol) ctx_log(1, protocol, "%d ciphers and/or protocol rejected. (No handshake)", #group)
end end
break break
elseif record["protocol"] ~= protocol then elseif record["protocol"] ~= protocol then
stdnse.debug1("Protocol %s rejected.", protocol) ctx_log(1, protocol, "Protocol rejected.")
protocol_worked = nil protocol_worked = nil
break break
elseif record["type"] == "alert" and record["body"][1]["description"] == "handshake_failure" then elseif record["type"] == "alert" and record["body"][1]["description"] == "handshake_failure" then
protocol_worked = true protocol_worked = true
stdnse.debug2("%d ciphers rejected.", #group) ctx_log(2, protocol, "%d ciphers rejected.", #group)
break break
elseif record["type"] ~= "handshake" or record["body"][1]["type"] ~= "server_hello" then elseif record["type"] ~= "handshake" or record["body"][1]["type"] ~= "server_hello" then
stdnse.debug2("Unexpected record received.") ctx_log(2, protocol, "Unexpected record received.")
break break
else else
protocol_worked = true protocol_worked = true
name = record["body"][1]["cipher"] name = record["body"][1]["cipher"]
stdnse.debug2("Cipher %s chosen.", name) ctx_log(2, protocol, "Cipher %s chosen.", name)
if not remove(group, name) then if not remove(group, name) then
stdnse.debug1("%s: chose cipher %s that was not offered.", t.protocol, name) ctx_log(1, protocol, "chose cipher %s that was not offered.", name)
stdnse.debug1("%s: removing high-byte ciphers and trying again.", t.protocol) ctx_log(1, protocol, "removing high-byte ciphers and trying again.")
local size_before = #group local size_before = #group
group = remove_high_byte_ciphers(group) group = remove_high_byte_ciphers(group)
stdnse.debug1("%s: removed %d high-byte ciphers.", t.protocol, size_before - #group) ctx_log(1, protocol, "removed %d high-byte ciphers.", size_before - #group)
if #group == size_before then if #group == size_before then
-- No changes... Server just doesn't like our offered ciphers. -- No changes... Server just doesn't like our offered ciphers.
break break
@@ -447,25 +452,25 @@ local function find_compressors(host, port, protocol, good_cipher)
if record == nil then if record == nil then
if protocol_worked then if protocol_worked then
stdnse.debug2("%d compressors rejected. (No handshake)", #compressors) ctx_log(2, protocol, "%d compressors rejected. (No handshake)", #compressors)
else else
stdnse.debug1("%d compressors and/or protocol %s rejected. (No handshake)", #compressors, protocol) ctx_log(1, protocol, "%d compressors and/or protocol %s rejected. (No handshake)", #compressors, protocol)
end end
break break
elseif record["protocol"] ~= protocol then elseif record["protocol"] ~= protocol then
stdnse.debug1("Protocol %s rejected.", protocol) ctx_log(1, protocol, "Protocol rejected.")
break break
elseif record["type"] == "alert" and record["body"][1]["description"] == "handshake_failure" then elseif record["type"] == "alert" and record["body"][1]["description"] == "handshake_failure" then
protocol_worked = true protocol_worked = true
stdnse.debug2("%d compressors rejected.", #compressors) ctx_log(2, protocol, "%d compressors rejected.", #compressors)
break break
elseif record["type"] ~= "handshake" or record["body"][1]["type"] ~= "server_hello" then elseif record["type"] ~= "handshake" or record["body"][1]["type"] ~= "server_hello" then
stdnse.debug2("Unexpected record received.") ctx_log(2, protocol, "Unexpected record received.")
break break
else else
protocol_worked = true protocol_worked = true
name = record["body"][1]["compressor"] name = record["body"][1]["compressor"]
stdnse.debug2("Compressor %s chosen.", name) ctx_log(2, protocol, "Compressor %s chosen.", name)
remove(compressors, name) remove(compressors, name)
-- Add compressor to the list of accepted compressors. -- Add compressor to the list of accepted compressors.
@@ -492,10 +497,10 @@ local function compare_ciphers(host, port, protocol, cipher_a, cipher_b)
end end
local record = try_params(host, port, t) local record = try_params(host, port, t)
if record and record["type"] == "handshake" and record["body"][1]["type"] == "server_hello" then if record and record["type"] == "handshake" and record["body"][1]["type"] == "server_hello" then
stdnse.debug2("%s: compare %s %s -> %s", t.protocol, cipher_a, cipher_b, record["body"][1]["cipher"]) ctx_log(2, protocol, "compare %s %s -> %s", cipher_a, cipher_b, record["body"][1]["cipher"])
return record["body"][1]["cipher"] return record["body"][1]["cipher"]
else else
stdnse.debug2("%s: compare %s %s -> error", t.protocol, cipher_a, cipher_b) ctx_log(2, protocol, "compare %s %s -> error", cipher_a, cipher_b)
return nil, string.format("Error when comparing %s and %s", cipher_a, cipher_b) return nil, string.format("Error when comparing %s and %s", cipher_a, cipher_b)
end end
end end
@@ -522,7 +527,7 @@ local function find_cipher_preference(host, port, protocol, ciphers)
-- Do a comparison in both directions to see if server ordering is consistent. -- Do a comparison in both directions to see if server ordering is consistent.
local cipher_a, cipher_b = ciphers[1], ciphers[2] local cipher_a, cipher_b = ciphers[1], ciphers[2]
stdnse.debug1("Comparing %s to %s", cipher_a, cipher_b) ctx_log(1, protocol, "Comparing %s to %s", cipher_a, cipher_b)
local winner_forwards, err = compare_ciphers(host, port, protocol, cipher_a, cipher_b) local winner_forwards, err = compare_ciphers(host, port, protocol, cipher_a, cipher_b)
if not winner_forwards then if not winner_forwards then
return nil, err return nil, err
@@ -547,7 +552,7 @@ local function sort_ciphers(host, port, protocol, ciphers)
return nil, "Network error" return nil, "Network error"
end end
if #chunk ~= size then if #chunk ~= size then
stdnse.debug1("%s warning: %d ciphers offered but only %d accepted", protocol, size, #chunk) ctx_log(1, protocol, "warning: %d ciphers offered but only %d accepted", size, #chunk)
end end
table.insert(chunks, chunk) table.insert(chunks, chunk)
end end