PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Check for RSA exponent of 1, resulting in F score

Browse Source
This commit is contained in:
dmiller
2016-06-09 04:36:09 +00:00
parent c71d8e8f4f
commit 39018e3e91
3 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] ssl-enum-ciphers will give a failing score to any server with an RSA
certificate whose public key uses an exponent of 1. [Daniel Miller]
o Update oldest supported Windows version to Vista (Windows 6.0). This enables o Update oldest supported Windows version to Vista (Windows 6.0). This enables
the use of the poll Nsock engine. [Daniel Miller] the use of the poll Nsock engine. [Daniel Miller]

2
nselib/nmap.luadoc
View File

@@ -734,7 +734,7 @@ function pcap_close()
-- --
-- If the <code>pubkey</code> is type <code>"rsa"</code>, it will also have an -- If the <code>pubkey</code> is type <code>"rsa"</code>, it will also have an
-- <code>exponent</code> member, containing the public exponent as a bignum. If -- <code>exponent</code> member, containing the public exponent as a bignum. If
-- the type is <code>"ec"</code>, it will have an <code>ecdhparams</code> -- the type is <code>"ec"</code>, it will have an <code>ecdhparams.curve_params</code>
-- member, containing a table with <code>ec_curve_type</code> and -- member, containing a table with <code>ec_curve_type</code> and
-- <code>curve</code> keys as strings. -- <code>curve</code> keys as strings.
-- --

12
scripts/ssl-enum-ciphers.nse
View File

@@ -322,7 +322,7 @@ categories = {"discovery", "intrusive"}
-- http://seclists.org/nmap-dev/2012/q3/156 -- http://seclists.org/nmap-dev/2012/q3/156
-- http://seclists.org/nmap-dev/2010/q1/859 -- http://seclists.org/nmap-dev/2010/q1/859
local CHUNK_SIZE = 64 local CHUNK_SIZE = 64
local have_ssl, _ = pcall(require,'openssl') local have_ssl, openssl = pcall(require,'openssl')
-- Add additional context (protocol) to debug output -- Add additional context (protocol) to debug output
local function ctx_log(level, protocol, fmt, ...) local function ctx_log(level, protocol, fmt, ...)
@@ -715,6 +715,12 @@ local function find_ciphers_group(host, port, protocol, group, scores)
scores.warnings["Weak certificate signature: SHA1"] = true scores.warnings["Weak certificate signature: SHA1"] = true
end end
kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits) kex_strength = tls.rsa_equiv(kex.pubkey, c.pubkey.bits)
if c.pubkey.exponent then
if openssl.bignum_bn2dec(c.pubkey.exponent) == "1" then
kex_strength = 0
scores.warnings["Certificate RSA exponent is 1, score capped at F"] = true
end
end
if c.pubkey.ecdhparams then if c.pubkey.ecdhparams then
if c.pubkey.ecdhparams.curve_params.ec_curve_type == "namedcurve" then if c.pubkey.ecdhparams.curve_params.ec_curve_type == "namedcurve" then
extra = c.pubkey.ecdhparams.curve_params.curve extra = c.pubkey.ecdhparams.curve_params.curve
@@ -747,6 +753,10 @@ local function find_ciphers_group(host, port, protocol, group, scores)
extra = string.format("%s %d", kex.type, kex_info.strength) extra = string.format("%s %d", kex.type, kex_info.strength)
end end
end end
if kex_info.rsa and kex_info.rsa.exponent == 1 then
kex_strength = 0
scores.warnings["Certificate RSA exponent is 1, score capped at F"] = true
end
end end
end end
scores[name] = { scores[name] = {