PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-30 19:39:07 +00:00
Code Issues Projects Releases Wiki Activity

Add TLS-compatible version probe for services (like MS RDP) that silently drop SSLv3 handshakes

Browse Source
This commit is contained in:
dmiller
2015-04-02 04:40:27 +00:00
parent dab7b10ebe
commit f93cab84eb
1 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
nmap-service-probes
View File

@@ -11263,7 +11263,7 @@ match xmpp-transport m|^\x05\xff$| p/Spectrum XMPP file transfer/
# TLSv1-only servers, based on a failed handshake alert.
Probe TCP SSLSessionReq q|\x16\x03\0\0S\x01\0\0O\x03\0?G\xd7\xf7\xba,\xee\xea\xb2`~\xf3\0\xfd\x82{\xb9\xd5\x96\xc8w\x9b\xe6\xc4\xdb<=\xdbo\xef\x10n\0\0(\0\x16\0\x13\0\x0a\0f\0\x05\0\x04\0e\0d\0c\0b\0a\0`\0\x15\0\x12\0\x09\0\x14\0\x11\0\x08\0\x06\0\x03\x01\0|
rarity 1
ports 443,444,548,636,993,1241,1311,2000,4444,5550,7210,7272,8009,8181,8194,8443,9001
ports 443,444,465,548,636,989,990,992,993,994,995,1241,1311,2000,4444,5061,5550,7210,7272,8009,8181,8194,8443,9001
fallback GetRequest
match adabas m|^,\0,\0\x03\x02\0\0G\xd7\xf7\xbaO\x03\0\?\x05\0\0\0\0\x02\x18\0\xfd\x0b\0\0<=\xdbo\xef\x10n \xd5\x96\xc8w\x9b\xe6\xc4\xdb$| p/ADABAS database/
@@ -11431,6 +11431,21 @@ match storagecraft-image m|^\x15\x01\0\0\x08\0\0\0\0\x80\t\x03\x08\.NET\x01\0\x0
match xamarin m|^ERROR: Another instance is running\n| p/Xamarin MonoTouch/
##############################NEXT PROBE##############################
# TLSv1.2 ClientHello probe. TLS implementations may choose to ignore (close
# silently) incompatible ClientHello messages like the one in SSLSessionReq.
# This one should be widely compatible, and if we avoid adding non-ssl service
# matches here, we can continue to upgrade it (bytes 10 and 11 and the ranges
# in the match lines)
Probe TCP TLSSessionReq q|\x16\x03\0\x00g\x01\0\x001\x03\x03U\x1c\xa7\xe4random1random2random3random4\0\x00\x0a\0/\0\x0a\0\x13\x009\0\x04\x01\0\0\x30\0\x0d\0,\0*\0\x01\0\x03\0\x02\x06\x01\x06\x03\x06\x02\x02\x01\x02\x03\x02\x02\x03\x01\x03\x03\x03\x02\x04\x01\x04\x03\x04\x02\x01\x01\x01\x03\x01\x02\x05\x01\x05\x03\x05\x02|
rarity 2
ports 443,444,465,636,989,990,992,993,994,995,1241,1311,3389,4444,5061,6679,6697,8443,9001
# SSLv3 - TLSv1.2 ServerHello
match ssl m|^\x16\x03[\0-\x03]..\x02\0\0.\x03[\0-\x03]|s
# SSLv3 - TLSv1.2 Alert
match ssl m|^\x15\x03[\0-\x03]\0\x02[\x01\x02].$|s
##############################NEXT PROBE##############################
# SSLv2-compatible ClientHello, 39 ciphers offered.
# Will elicit a ServerHello from most SSL implementations, apart from those