PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-17 21:19:01 +00:00
Code Issues Projects Releases Wiki Activity

Add some fingerprints of problematic keys reportedly belonging to APT1. Contributed by Mariusz Ziulek. http://seclists.org/nmap-dev/2013/q3/638

Browse Source
This commit is contained in:
fyodor
2013-09-28 03:13:07 +00:00
parent 8505a92c17
commit 35e118802b
2 changed files with 37 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
nselib/data/ssl-fingerprints
View File

@@ -1,6 +1,7 @@
# SHA-1 hashes of SSL certificates that have known private keys. These are from # SHA-1 hashes of SSL certificates that have known private keys. Most
# Little Black Box 0.1 (http://code.google.com/p/littleblackbox/), which has # of these are from Little Black Box 0.1
# this copyright notice: # (http://code.google.com/p/littleblackbox/), which has this copyright
# notice:
# #
# Copyright (c) 2010 Craig Heffner # Copyright (c) 2010 Craig Heffner
# #
@@ -2045,3 +2046,29 @@ FFC5BE611E44997728EEC8B5C21C28B19C87B8C8
FFD51A486C89C80C126A6767FA967D7883570858 FFD51A486C89C80C126A6767FA967D7883570858
FFF1C6FD1DBD58604E5E5C4D444C9072CFCDF8EF FFF1C6FD1DBD58604E5E5C4D444C9072CFCDF8EF
FFFEB1B7BEC6D2A261CCA510808A4BAC8DE712EA FFFEB1B7BEC6D2A261CCA510808A4BAC8DE712EA
[APT1 - https://www.mandiant.com/blog/md5-sha1/]
7BC0CC2CF7C3A996C32DBE7E938993F7087105B4
7855C132AF1390413D4E4FF4EAD321F8802D8243
F3E3C590D7126BD227733E9D8313D2575C421243
D4D4E896CE7D73B573F0A0006080A246AEC61FE7
BCDF4809C1886AC95478BBAFDE246D0603934298
6B4855DF8AFC8D57A671FE5ED628F6D88852A922
D50FDC82C328319AC60F256D3119B8708CD5717B
70B48D5177EEBE9C762E9A37ECABEBFD10E1B7E9
3A6A299B764500CE1B6E58A32A257139D61A3543
BF4F90E0029B2263AF1141963DDF2A0C71A6B5FB
B21139583DEC0DAE344CCA530690EC1F344ACC79
21971FFEF58BAF6F638DF2F7E2CCEB4C58B173C8
04ECFF66973C92A1C348666D5A4738557CCE0CFC
F97D1A703AEC44D0F53A3A294E33ACDA43A49DE1
C0D32301A7C96ECB0BC8E381EC19E6B4EAF5D2FE
1B27A897CDA019DA2C3A6DC838761871E8BF5B5D
D515996E8696612DC78FC6DB39006466FC6550DF
8F79315659E59C79F1301EF4AEE67B18AE2D9F1C
A57A84975E31E376E3512DA7B05AD06EF6441F53
B3DB37A0EDDE97B3C3C15DA5F2D81D27AF82F583
6D8F1454F6392361FB2464B744D4FC09EEE5FCFD
B66E230F404B2CC1C033CCACDA5D0A14B74A2752
4ACBADB86A91834493DDE276736CDF8F7EF5D497
86A48093D9B577955C4C9BD19E30536AAE5543D4

12
scripts/ssl-known-key.nse
View File

@@ -12,11 +12,13 @@ description = [[
Checks whether the SSL certificate used by a host has a fingerprint Checks whether the SSL certificate used by a host has a fingerprint
that matches an included database of problematic keys. that matches an included database of problematic keys.
The only database currently checked the LittleBlackBox 0.1 database of The only databases currently checked are the LittleBlackBox 0.1
compromised keys from various devices, but any file of fingerprints database of compromised keys from various devices and some keys
will serve just as well. For example, this could be used to find weak reportedly used by the Chinese state-sponsored hacking division APT1
Debian OpenSSL keys using the widely available (but too large to (https://www.mandiant.com/blog/md5-sha1/). However, any file of
include with Nmap) list. fingerprints will serve just as well. For example, this could be used
to find weak Debian OpenSSL keys using the widely available (but too
large to include with Nmap) list.
]] ]]
--- ---