PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-02-13 08:56:34 +00:00
Code Issues Projects Releases Wiki Activity

Add CARBANAK certificate thumbprint. Closes #1609

Browse Source
This commit is contained in:
nnposter
2019-05-26 02:03:00 +00:00
parent dd77fa1dac
commit 6cffee9e5d
2 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nselib/data/ssl-fingerprints
View File

@@ -2047,7 +2047,7 @@ FFD51A486C89C80C126A6767FA967D7883570858
FFF1C6FD1DBD58604E5E5C4D444C9072CFCDF8EF
FFFEB1B7BEC6D2A261CCA510808A4BAC8DE712EA
[APT1 - https://www.mandiant.com/blog/md5-sha1/]
[APT1 - https://www.fireeye.com/blog/threat-research/2013/03/md5-sha1.html]
7BC0CC2CF7C3A996C32DBE7E938993F7087105B4
7855C132AF1390413D4E4FF4EAD321F8802D8243
F3E3C590D7126BD227733E9D8313D2575C421243
@@ -2072,3 +2072,6 @@ B3DB37A0EDDE97B3C3C15DA5F2D81D27AF82F583
B66E230F404B2CC1C033CCACDA5D0A14B74A2752
4ACBADB86A91834493DDE276736CDF8F7EF5D497
86A48093D9B577955C4C9BD19E30536AAE5543D4
[CARBANAK - https://www.fireeye.com/blog/threat-research/2019/04/carbanak-week-part-two-continuing-source-code-analysis.html]
0BCBD1C184809164A9E83F308AD6FF4DBAFDA22C

19
scripts/ssl-known-key.nse
View File

@@ -5,20 +5,19 @@ local stdnse = require "stdnse"
local sslcert = require "sslcert"
local tls = require "tls"
-- -*- mode: lua -*-
-- vim: set filetype=lua :
description = [[
Checks whether the SSL certificate used by a host has a fingerprint
that matches an included database of problematic keys.
The only databases currently checked are the LittleBlackBox 0.1
database of compromised keys from various devices and some keys
reportedly used by the Chinese state-sponsored hacking division APT1
(https://www.mandiant.com/blog/md5-sha1/). However, any file of
fingerprints will serve just as well. For example, this could be used
to find weak Debian OpenSSL keys using the widely available (but too
large to include with Nmap) list.
The only databases currently checked are the LittleBlackBox 0.1 database of
compromised keys from various devices, some keys reportedly used by the Chinese
state-sponsored hacking division APT1
(https://www.fireeye.com/blog/threat-research/2013/03/md5-sha1.html),
and the key used by CARBANAK malware
(https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html).
However, any file of fingerprints will serve just as well. For example, this
could be used to find weak Debian OpenSSL keys using the widely available (but
too large to include with Nmap) list.
]]
---