PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Add support for SHA256 hostkey fingerprints. Closes #1644

Browse Source
This commit is contained in:
dmiller
2019-06-26 03:22:24 +00:00
parent 294f81a390
commit 9aebe62edb
3 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
nselib/ssh1.lua
View File

@@ -14,6 +14,7 @@ local stdnse = require "stdnse"
local string = require "string" local string = require "string"
local stringaux = require "stringaux" local stringaux = require "stringaux"
local table = require "table" local table = require "table"
local base64 = require "base64"
local openssl = stdnse.silent_require "openssl" local openssl = stdnse.silent_require "openssl"
_ENV = stdnse.module("ssh1", stdnse.seeall) _ENV = stdnse.module("ssh1", stdnse.seeall)
@@ -108,7 +109,7 @@ fetch_host_key = function(host, port)
return {exp=exp,mod=mod,bits=host_key_bits,key_type='rsa1',fp_input=fp_input, return {exp=exp,mod=mod,bits=host_key_bits,key_type='rsa1',fp_input=fp_input,
full_key=('%d %s %s'):format(host_key_bits, exp:todec(), mod:todec()), full_key=('%d %s %s'):format(host_key_bits, exp:todec(), mod:todec()),
key=('%s %s'):format(exp:todec(), mod:todec()), algorithm="RSA1", key=('%s %s'):format(exp:todec(), mod:todec()), algorithm="RSA1",
fingerprint=openssl.md5(fp_input)} fingerprint=openssl.md5(fp_input), fp_sha256=openssl.digest("sha256",fp_input)}
end end
end end
end end
@@ -122,6 +123,16 @@ fingerprint_hex = function( fingerprint, algorithm, bits )
return ("%d %s (%s)"):format( bits, fingerprint, algorithm ) return ("%d %s (%s)"):format( bits, fingerprint, algorithm )
end end
--- Format a key fingerprint in base64.
-- @param fingerprint Key fingerprint.
-- @param hash The hashing algorithm used
-- @param algorithm Key algorithm.
-- @param bits Key size in bits.
fingerprint_base64 = function( fingerprint, hash, algorithm, bits )
fingerprint = base64.enc(fingerprint)
return ("%d %s:%s (%s)"):format( bits, hash, fingerprint, algorithm )
end
--- Format a key fingerprint in Bubble Babble. --- Format a key fingerprint in Bubble Babble.
-- @param fingerprint Key fingerprint. -- @param fingerprint Key fingerprint.
-- @param algorithm Key algorithm. -- @param algorithm Key algorithm.

3
nselib/ssh2.lua
View File

@@ -318,7 +318,8 @@ fetch_host_key = function( host, port, key_type )
socket:close() socket:close()
return { key=base64.enc(public_host_key), key_type=key_type, fp_input=public_host_key, bits=bits, return { key=base64.enc(public_host_key), key_type=key_type, fp_input=public_host_key, bits=bits,
full_key=('%s %s'):format(key_type,base64.enc(public_host_key)), full_key=('%s %s'):format(key_type,base64.enc(public_host_key)),
algorithm=algorithm, fingerprint=openssl.md5(public_host_key) } algorithm=algorithm, fingerprint=openssl.md5(public_host_key),
fp_sha256=openssl.digest("sha256",public_host_key)}
end end
-- constants -- constants

5
scripts/ssh-hostkey.nse
View File

@@ -318,9 +318,12 @@ local function portaction(host, port)
bits=key.bits, bits=key.bits,
key=key.key, key=key.key,
} }
if format:find( 'hex', 1, true ) or all_formats then if format:find( 'md5', 1, true) or format:find( 'hex', 1, true ) or all_formats then
table.insert( output, ssh1.fingerprint_hex( key.fingerprint, key.algorithm, key.bits ) ) table.insert( output, ssh1.fingerprint_hex( key.fingerprint, key.algorithm, key.bits ) )
end end
if format:find( 'sha256', 1, true) or all_formats then
table.insert( output, ssh1.fingerprint_base64( key.fp_sha256, "SHA256", key.algorithm, key.bits ) )
end
if format:find( 'bubble', 1, true ) or all_formats then if format:find( 'bubble', 1, true ) or all_formats then
table.insert( output, ssh1.fingerprint_bubblebabble( openssl.sha1(key.fp_input), key.algorithm, key.bits ) ) table.insert( output, ssh1.fingerprint_bubblebabble( openssl.sha1(key.fp_input), key.algorithm, key.bits ) )
end end