PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 06:01:28 +00:00
Code Issues Projects Releases Wiki Activity

Update ssl-enum-ciphers to use structured output

Browse Source 
This includes a minor hack to stringify a structure with sorted keys.
This should probably be moved to a formatting library when one is
committed.
This commit is contained in:
dmiller
2012-08-17 20:14:46 +00:00
parent d59f85371c
commit f8335fc3f0
1 changed files with 84 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
scripts/ssl-enum-ciphers.nse
View File

@@ -63,6 +63,55 @@ and therefore is quite noisy.
-- | Compressors (1) -- | Compressors (1)
-- | uncompressed -- | uncompressed
-- |_ Least strength = unknown strength -- |_ Least strength = unknown strength
--
-- @xmloutput
-- <table key="SSLv3">
-- <table key="ciphers">
-- <table>
-- <elem key="strength">strong</elem>
-- <elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
-- </table>
-- <table>
-- <elem key="strength">weak</elem>
-- <elem key="name">TLS_RSA_WITH_DES_CBC_SHA</elem>
-- </table>
-- <table>
-- <elem key="strength">strong</elem>
-- <elem key="name">TLS_RSA_WITH_RC4_128_MD5</elem>
-- </table>
-- <table>
-- <elem key="strength">strong</elem>
-- <elem key="name">TLS_RSA_WITH_RC4_128_SHA</elem>
-- </table>
-- </table>
-- <table key="compressors">
-- <elem>NULL</elem>
-- </table>
-- </table>
-- <table key="TLSv1.0">
-- <table key="ciphers">
-- <table>
-- <elem key="strength">strong</elem>
-- <elem key="name">TLS_RSA_WITH_3DES_EDE_CBC_SHA</elem>
-- </table>
-- <table>
-- <elem key="strength">weak</elem>
-- <elem key="name">TLS_RSA_WITH_DES_CBC_SHA</elem>
-- </table>
-- <table>
-- <elem key="strength">strong</elem>
-- <elem key="name">TLS_RSA_WITH_RC4_128_MD5</elem>
-- </table>
-- <table>
-- <elem key="strength">strong</elem>
-- <elem key="name">TLS_RSA_WITH_RC4_128_SHA</elem>
-- </table>
-- </table>
-- <table key="compressors">
-- <elem>NULL</elem>
-- </table>
-- </table>
-- <elem key="least strength">weak</elem>
author = "Mak Kolybabi <mak@kolybabi.com>, Gabriel Lawrence" author = "Mak Kolybabi <mak@kolybabi.com>, Gabriel Lawrence"
@@ -540,7 +589,7 @@ cipherstrength = {
} }
local rankedciphers={} local rankedciphers={}
local mincipherstrength=2 local mincipherstrength=3
local rankedciphersfilename=false local rankedciphersfilename=false
local policy=true local policy=true
@@ -906,7 +955,7 @@ local function try_protocol(host, port, protocol, upresults)
local ciphers, compressors, results local ciphers, compressors, results
local condvar = nmap.condvar(upresults) local condvar = nmap.condvar(upresults)
results = {} results = stdnse.output_table()
-- Find all valid ciphers. -- Find all valid ciphers.
ciphers = find_ciphers(host, port, protocol) ciphers = find_ciphers(host, port, protocol)
@@ -930,23 +979,22 @@ local function try_protocol(host, port, protocol, upresults)
stdnse.print_debug(2, "Downgrading min cipher strength to %d.",cipherstrength[cipherstr]) stdnse.print_debug(2, "Downgrading min cipher strength to %d.",cipherstrength[cipherstr])
mincipherstrength=cipherstrength[cipherstr] mincipherstrength=cipherstrength[cipherstr]
end end
ciphers[i]=name.." - "..cipherstr local outcipher = {name=name, strength=cipherstr}
setmetatable(outcipher,{
__tostring=function(t) return string.format("%s - %s", t.name, t.strength) end
})
ciphers[i]=outcipher
end end
-- Format the cipher table. -- Format the cipher table.
table.sort(ciphers) table.sort(ciphers, function(a, b) return a["name"] < b["name"] end)
ciphers["name"] = "Ciphers (" .. #ciphers .. ")" results["ciphers"] = ciphers
table.insert(results, ciphers)
-- Format the compressor table. -- Format the compressor table.
table.sort(compressors) table.sort(compressors)
compressors["name"] = "Compressors (" .. #compressors .. ")" results["compressors"] = compressors
table.insert(results, compressors)
if #results > 0 then upresults[protocol] = results
results["name"] = protocol
table.insert(upresults, results)
end
condvar "signal" condvar "signal"
return nil return nil
end end
@@ -988,6 +1036,27 @@ end
portrule = shortport.ssl portrule = shortport.ssl
--- Return a table that yields elements sorted by key when iterated over with pairs()
-- Should probably put this in a formatting library later.
-- Depends on keys() function defined above.
--@param t The table whose data should be used
--@return out A table that can be passed to pairs() to get sorted results
function sorted_by_key(t)
local out = {}
setmetatable(out, {
__pairs = function(_)
local order = keys(t)
table.sort(order)
return coroutine.wrap(function()
for i,k in ipairs(order) do
coroutine.yield(k, t[k])
end
end)
end
})
return out
end
action = function(host, port) action = function(host, port)
local name, result, results local name, result, results
@@ -1020,15 +1089,14 @@ action = function(host, port)
end end
until next(threads) == nil until next(threads) == nil
-- Sort protocol results by name.
table.sort(results, function(a, b) return a["name"] < b["name"] end)
if rankedciphersfilename then if rankedciphersfilename then
for k, v in pairs(cipherstrength) do for k, v in pairs(cipherstrength) do
if v == mincipherstrength then if v == mincipherstrength then
table.insert(results, "Least strength = " .. k) -- Should sort before or after SSLv3, TLSv*
results["least strength"] = k
end end
end end
end end
return stdnse.format_output(true, results) return sorted_by_key(results)
end end