From 9dbef5ab6e92c080ee8172ee5797aae813d08e4a Mon Sep 17 00:00:00 2001 From: henri Date: Thu, 22 Sep 2011 18:37:48 +0000 Subject: [PATCH] Added ssl-google-cert-catalog.nse by Vasiliy Kulikov --- CHANGELOG | 3 ++ scripts/ssl-cert.nse | 14 ++++++ scripts/ssl-google-cert-catalog.nse | 68 +++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 scripts/ssl-google-cert-catalog.nse diff --git a/CHANGELOG b/CHANGELOG index b5f709bd7..e7d985fe2 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added ssl-google-cert-catalog.nse which queries the Google SSL + certificates catalog for each discovered certificate. [Vasiliy Kulikov] + o [NSE] Fixed a bug in dns.lua: ensure that dns.query() always return two values (status, response) and replaced the workaround in asn-query.nse by the proper use. [Henri] diff --git a/scripts/ssl-cert.nse b/scripts/ssl-cert.nse index 1f24fd38f..bf061cbec 100644 --- a/scripts/ssl-cert.nse +++ b/scripts/ssl-cert.nse @@ -200,6 +200,8 @@ action = function(host, port) lines[#lines + 1] = cert.pem end + add_cert(host, port.number, cert) + return stdnse.strjoin("\n", lines) end @@ -255,3 +257,15 @@ function date_to_string(date) return os.date("%Y-%m-%d %H:%M:%S", os.time(date)) end end + +function add_cert(host, port, cert) + if not nmap.registry[host.ip] then + nmap.registry[host.ip] = {} + end + if not nmap.registry[host.ip][port] then + nmap.registry[host.ip][port] = {} + end + + nmap.registry[host.ip][port]["ssl-cert"] = cert +end + diff --git a/scripts/ssl-google-cert-catalog.nse b/scripts/ssl-google-cert-catalog.nse new file mode 100644 index 000000000..eabf30ca5 --- /dev/null +++ b/scripts/ssl-google-cert-catalog.nse @@ -0,0 +1,68 @@ +description = [[ +Matches SSL certificate hash against Google Certificate Catalog. It +uses the certificate gotten from ssl-cert.nse script. +]] + +--- +-- @usage +-- nmap -p 443 --script ssl-cert,ssl-google-cert-catalog +-- +-- @output +-- PORT STATE SERVICE +---443/tcp open https +---| ssl-google-cert-catalog: +---| First/Last time saw: 19 Aug 2011 / 10 Sep 2011 +---|_ Days saw between: 20 + +author = "Vasiliy Kulikov" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = { "safe", "discovery", "external" } +dependencies = { "ssl-cert" } + +require("nmap") +require("shortport") +require("stdnse") +require("dns") + + +local get_cert = function(host, port) + if nmap.registry[host.ip] and nmap.registry[host.ip][port] then + return nmap.registry[host.ip][port]["ssl-cert"] + end +end + +local format_date = function(day_num) + return os.date("%d %b %Y", 60 * 60 * 24 * tonumber(day_num)) +end + +portrule = shortport.ssl + +action = function(host, port) + local lines, sha1, query + local cert = get_cert(host, port.number) + + if not cert then + return nil + end + + sha1 = stdnse.tohex(cert.digest(cert, "sha1")) + query = sha1 .. ".certs.googlednstest.com" + stdnse.print_debug("%s %s", SCRIPT_NAME, query) + + local status, decoded_response = dns.query(query, { dtype = "TXT" }) + + lines = {} + + if status then + local raw_start, raw_stop, delta = string.match(decoded_response, "(%d+) (%d+) (%d+)") + local date_start, date_stop = format_date(raw_start), format_date(raw_stop) + + table.insert(lines, "First/Last time saw: " .. date_start .. " / " .. date_stop) + table.insert(lines, "Days saw between: " .. tonumber(delta)) + else + table.insert(lines, "No DB entry") + end + + return stdnse.format_output(true, lines) +end +