Added ssl-google-cert-catalog.nse by Vasiliy Kulikov

2025-12-21 23:19:03 +00:00 · 2011-09-22 18:37:48 +00:00
parent 6dc4a8820d
commit 9dbef5ab6e
3 changed files with 85 additions and 0 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 # Nmap Changelog ($Id$); -*-text-*-

+o [NSE] Added ssl-google-cert-catalog.nse which queries the Google SSL
+  certificates catalog for each discovered certificate. [Vasiliy Kulikov]
+
 o [NSE] Fixed a bug in dns.lua: ensure that dns.query() always return two values
  (status, response) and replaced the workaround in asn-query.nse by the proper
  use. [Henri]
--- a/scripts/ssl-cert.nse
+++ b/scripts/ssl-cert.nse
@@ -200,6 +200,8 @@ action = function(host, port)
        lines[#lines + 1] = cert.pem
    end

+    add_cert(host, port.number, cert)
+
    return stdnse.strjoin("\n", lines)
 end

@@ -255,3 +257,15 @@ function date_to_string(date)
        return os.date("%Y-%m-%d %H:%M:%S", os.time(date))
    end
 end
+
+function add_cert(host, port, cert)
+    if not nmap.registry[host.ip] then
+        nmap.registry[host.ip] = {}
+    end
+    if not nmap.registry[host.ip][port] then
+        nmap.registry[host.ip][port] = {}
+    end
+
+    nmap.registry[host.ip][port]["ssl-cert"] = cert
+end
+
--- a/scripts/ssl-google-cert-catalog.nse
+++ b/scripts/ssl-google-cert-catalog.nse
@@ -0,0 +1,68 @@
+description = [[
+Matches SSL certificate hash against Google Certificate Catalog.  It
+uses the certificate gotten from ssl-cert.nse script.
+]]
+
+---
+-- @usage
+-- nmap -p 443 --script ssl-cert,ssl-google-cert-catalog <host>
+--
+-- @output
+-- PORT     STATE SERVICE
+---443/tcp open  https
+---| ssl-google-cert-catalog: 
+---|   First/Last time saw: 19 Aug 2011 / 10 Sep 2011
+---|_  Days saw between: 20
+
+author = "Vasiliy Kulikov"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = { "safe", "discovery", "external" }
+dependencies = { "ssl-cert" }
+
+require("nmap")
+require("shortport")
+require("stdnse")
+require("dns")
+
+
+local get_cert = function(host, port)
+    if nmap.registry[host.ip] and nmap.registry[host.ip][port] then
+        return nmap.registry[host.ip][port]["ssl-cert"]
+    end
+end
+
+local format_date = function(day_num)
+    return os.date("%d %b %Y", 60 * 60 * 24 * tonumber(day_num))
+end
+
+portrule = shortport.ssl
+
+action = function(host, port)
+    local lines, sha1, query
+    local cert = get_cert(host, port.number)
+
+    if not cert then
+        return nil
+    end
+
+    sha1 = stdnse.tohex(cert.digest(cert, "sha1"))
+    query = sha1 .. ".certs.googlednstest.com"
+    stdnse.print_debug("%s %s", SCRIPT_NAME, query)
+
+    local status, decoded_response = dns.query(query, { dtype = "TXT" })
+
+    lines = {}
+
+    if status then
+        local raw_start, raw_stop, delta = string.match(decoded_response, "(%d+) (%d+) (%d+)")
+        local date_start, date_stop = format_date(raw_start), format_date(raw_stop)
+
+        table.insert(lines, "First/Last time saw: " .. date_start .. " / " .. date_stop)
+        table.insert(lines, "Days saw between: " .. tonumber(delta))
+    else
+        table.insert(lines, "No DB entry")
+    end
+
+    return stdnse.format_output(true, lines)
+end
+