PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 20:51:30 +00:00
Code Issues Projects Releases Wiki Activity

Updates to ssl-known-key by Mak Kolybabi,

Browse Source 
http://seclists.org/nmap-dev/2011/q1/934. Change the database format.
Change the output.
This commit is contained in:
david
2011-03-22 19:44:45 +00:00
parent 0e970b4bc6
commit 6142158b43
2 changed files with 2039 additions and 2016 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4021
nselib/data/ssl-fingerprints
View File

File diff suppressed because it is too large Load Diff

34
scripts/ssl-known-key.nse
View File

@@ -34,6 +34,16 @@ require("stdnse")
local FINGERPRINT_FILE = "ssl-fingerprints" local FINGERPRINT_FILE = "ssl-fingerprints"
local get_fingerprints = function(path) local get_fingerprints = function(path)
local pretty = function(key)
local s = key:sub(1, 2)
for i = 3, 40, 2 do
s = s .. ":" .. key:sub(i, i + 1)
end
return s:upper()
end
-- Check registry for cached fingerprints. -- Check registry for cached fingerprints.
if nmap.registry.ssl_fingerprints then if nmap.registry.ssl_fingerprints then
stdnse.print_debug(2, "Using cached SSL fingerprints.") stdnse.print_debug(2, "Using cached SSL fingerprints.")
@@ -54,15 +64,27 @@ local get_fingerprints = function(path)
end end
-- Parse database. -- Parse database.
local section = nil
local fingerprints = {} local fingerprints = {}
for line in file:lines() do for line in file:lines() do
line = line:gsub("#.*", "") line = line:gsub("#.*", "")
line = line:gsub("^%s*", "") line = line:gsub("^%s*", "")
line = line:gsub("%s*$", "") line = line:gsub("%s*$", "")
if line ~= "" then if line ~= "" then
local fields = stdnse.strsplit(",", line) if line:sub(1,1) == "[" then
stdnse.print_debug(4, "Added %s to database with reason %s.", fields[1], fields[2]) -- Start a new section.
fingerprints[fields[1]] = fields[2] line = line:sub(2, #line - 1)
stdnse.print_debug(4, "Starting new section %s.", line)
section = line
elseif section ~= nil then
-- Add fingerprint to section.
line = pretty(line)
stdnse.print_debug(4, "Added key %s to database.", line)
fingerprints[line] = section
else
-- Key found outside of section.
stdnse.print_debug(1, "Key %s is not in a section.", pretty(line))
end
end end
end end
@@ -105,11 +127,11 @@ action = function(host, port)
-- Check SSL fingerprint against database. -- Check SSL fingerprint against database.
local fingerprint = stdnse.tohex(cert:digest("sha1"), {separator=":", group=2}):upper() local fingerprint = stdnse.tohex(cert:digest("sha1"), {separator=":", group=2}):upper()
local reason = fingerprints[fingerprint] local section = fingerprints[fingerprint]
if not reason then if not section then
stdnse.print_debug(2, "%s was not in the database.", fingerprint) stdnse.print_debug(2, "%s was not in the database.", fingerprint)
return return
end end
return fingerprint .. " is in the database with the reason " .. reason return "Found in " .. section .. " (certificate hash: " .. fingerprint .. ")"
end end