Add CARBANAK certificate thumbprint. Closes #1609

2026-01-06 06:29:03 +00:00 · 2019-05-26 02:03:00 +00:00
parent dd77fa1dac
commit 6cffee9e5d
2 changed files with 13 additions and 11 deletions
--- a/scripts/ssl-known-key.nse
+++ b/scripts/ssl-known-key.nse
@@ -5,20 +5,19 @@ local stdnse = require "stdnse"
 local sslcert = require "sslcert"
 local tls = require "tls"

-- -*- mode: lua -*-
-- vim: set filetype=lua :
-
 description = [[
 Checks whether the SSL certificate used by a host has a fingerprint
 that matches an included database of problematic keys.

-The only databases currently checked are the LittleBlackBox 0.1
-database of compromised keys from various devices and some keys
-reportedly used by the Chinese state-sponsored hacking division APT1
-(https://www.mandiant.com/blog/md5-sha1/).  However, any file of
-fingerprints will serve just as well. For example, this could be used
-to find weak Debian OpenSSL keys using the widely available (but too
-large to include with Nmap) list.
+The only databases currently checked are the LittleBlackBox 0.1 database of
+compromised keys from various devices, some keys reportedly used by the Chinese
+state-sponsored hacking division APT1
+(https://www.fireeye.com/blog/threat-research/2013/03/md5-sha1.html),
+and the key used by CARBANAK malware
+(https://www.fireeye.com/blog/threat-research/2017/06/behind-the-carbanak-backdoor.html).
+However, any file of fingerprints will serve just as well. For example, this
+could be used to find weak Debian OpenSSL keys using the widely available (but
+too large to include with Nmap) list.
 ]]

 ---