Add the signature algorithm that was used to sign the target port's x509 (TLS) certificate to the output of ssl-cert.nse

http://seclists.org/nmap-dev/2014/q4/44
2025-12-24 08:29:04 +00:00 · 2014-10-25 18:56:38 +00:00
parent ea749d785b
commit e11e03fa50
3 changed files with 48 additions and 36 deletions
--- a/scripts/ssl-cert.nse
+++ b/scripts/ssl-cert.nse
@@ -26,12 +26,13 @@ With <code>-v</code> it adds the issuer name and fingerprints.
 | ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc.\
 /stateOrProvinceName=California/countryName=US
 | Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
-/organizationName=VeriSign, Inc./countryName=US
-| Public Key type: rsa
-| Public Key bits: 2048
-| Not valid before: 2011-03-23 00:00:00
-| Not valid after:  2013-04-01 23:59:59
-| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
+/organizationName=VeriSign, Inc./countryName=US
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha1WithRSAEncryption
+| Not valid before: 2011-03-23 00:00:00
+| Not valid after:  2013-04-01 23:59:59
+| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
 |_SHA-1: d846 5221 467a 0d15 3df0 9f2e af6d 4390 0213 9a68
 </code>

@@ -47,12 +48,13 @@ certificate.
 /organizationalUnitName=PayPal Production/businessCategory=Private Organization
 | Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA\
 /organizationName=VeriSign, Inc./countryName=US\
-/organizationalUnitName=Terms of use at https://www.verisign.com/rpa (c)06
-| Public Key type: rsa
-| Public Key bits: 2048
-| Not valid before: 2011-03-23 00:00:00
-| Not valid after:  2013-04-01 23:59:59
-| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
+/organizationalUnitName=Terms of use at https://www.verisign.com/rpa (c)06
+| Public Key type: rsa
+| Public Key bits: 2048
+| Signature Algorithm: sha1WithRSAEncryption
+| Not valid before: 2011-03-23 00:00:00
+| Not valid after:  2013-04-01 23:59:59
+| MD5:   bf47 ceca d861 efa7 7d14 88ad 4a73 cb5b
 | SHA-1: d846 5221 467a 0d15 3df0 9f2e af6d 4390 0213 9a68
 | -----BEGIN CERTIFICATE-----
 | MIIGSzCCBTOgAwIBAgIQLjOHT2/i1B7T//819qTJGDANBgkqhkiG9w0BAQUFADCB
@@ -92,12 +94,13 @@ certificate.
 --   <elem key="countryName">US</elem>
 -- </table>
 -- <table key="pubkey">
--   <elem key="type">rsa</elem>
--   <elem key="bits">2048</elem>
-- </table>
-- <table key="validity">
--   <elem key="notBefore">2011-03-23T00:00:00+00:00</elem>
--   <elem key="notAfter">2013-04-01T23:59:59+00:00</elem>
+--   <elem key="type">rsa</elem>
+--   <elem key="bits">2048</elem>
+-- </table>
+-- <elem key="sig_algo">sha1WithRSAEncryption</elem>
+-- <table key="validity">
+--   <elem key="notBefore">2011-03-23T00:00:00+00:00</elem>
+--   <elem key="notAfter">2013-04-01T23:59:59+00:00</elem>
 -- </table>
 -- <elem key="md5">bf47cecad861efa77d1488ad4a73cb5b</elem>
 -- <elem key="sha1">d8465221467a0d153df09f2eaf6d439002139a68</elem>
@@ -185,12 +188,13 @@ end

 local function output_tab(cert)
  local o = stdnse.output_table()
-  o.subject = name_to_table(cert.subject)
-  o.issuer = name_to_table(cert.issuer)
-  o.pubkey = cert.pubkey
-  o.validity = {}
-  for k, v in pairs(cert.validity) do
-    if type(v)=="string" then
+  o.subject = name_to_table(cert.subject)
+  o.issuer = name_to_table(cert.issuer)
+  o.pubkey = cert.pubkey
+  o.sig_algo = cert.sig_algorithm
+  o.validity = {}
+  for k, v in pairs(cert.validity) do
+    if type(v)=="string" then
      o.validity[k] = v
    else
      o.validity[k] = stdnse.format_timestamp(v)
@@ -211,12 +215,13 @@ local function output_str(cert)
    lines[#lines + 1] = "Issuer: " .. stringify_name(cert.issuer)
  end

-  if nmap.verbosity() > 0 then
-    lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type
-    lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits
-  end
-
-  lines[#lines + 1] = "Not valid before: " ..
+  if nmap.verbosity() > 0 then
+    lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type
+    lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits
+    lines[#lines + 1] = "Signature Algorithm: " .. cert.sig_algorithm
+  end
+
+  lines[#lines + 1] = "Not valid before: " ..
  date_to_string(cert.validity.notBefore)
  lines[#lines + 1] = "Not valid after:  " ..
  date_to_string(cert.validity.notAfter)