PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
10,888 Commits 2 Branches 0 Tags
6f8ec39063a6499aa62f8eae70fbf9f8073a5637
Commit Graph

86 Commits

Author SHA1 Message Date
dmiller
6f8ec39063 Don't consider protocol mismatch for alerts other than protocol_version to be a protocol rejection. http://serverfault.com/q/832207/112426 2017-02-24 15:47:48 +00:00
dmiller
1790c9476c Note recommendation to use -sV with ssl-enum-ciphers 2017-02-01 14:03:19 +00:00
robert
8cc713e534 Resolved an "attempt to index a nil value (local 'certs')" error in find_ciphers_group that caused false negatives in script output. 2017-01-20 19:06:50 +00:00
dmiller
e4717fa068 Add tls.servername script-arg. Closes #540 2016-12-05 17:44:32 +00:00
dmiller
1bbd6c8e90 Fix a bug: forgot to pass in the protocol version 2016-08-31 02:32:25 +00:00
dmiller
8779c1e376 Fix a crash in ssl-enum-ciphers when parsing unsupported cert types 2016-08-30 16:07:08 +00:00
dmiller
d4ed90381f Update @output for ssl-enum-ciphers to reflect 3DES changes 2016-08-24 16:12:40 +00:00
dmiller
9a21104bd6 Clarify kex weakness warning with actual kex info 2016-08-24 16:07:58 +00:00
dmiller
fc948c437b Add warning for SWEET32 on CBC with block size <= 64 bits 2016-08-24 16:07:57 +00:00
nnposter
fb2fc62a0b Penalizes 3DES for SWEET32 attack (CVE-2016-2183) 2016-08-24 14:56:25 +00:00
dmiller
66fb5fba22 Avoid an error thrown in ssl-enum-ciphers with connect problems 2016-08-20 00:07:58 +00:00
nnposter
aaa4508ceb Updated @output and @xmloutput documentation sections in script ssl-enum-cpihers to be consistent. Fixes #475 2016-08-11 23:56:18 +00:00
nnposter
f3ee542683 Changed weak cipher strength threshold from 128 to 112 bits in script ssl-enum-ciphers. Fixes #474 2016-08-11 23:47:31 +00:00
dmiller
cb4b46bd53 Canonicalize authors as tables instead of comma-separated strings 2016-06-09 22:46:42 +00:00
dmiller
39018e3e91 Check for RSA exponent of 1, resulting in F score 2016-06-09 04:36:09 +00:00
dmiller
fb6d2a5567 Deprecate SHA-1 certs in ssl-enum-ciphers. Closes #370 2016-05-02 13:55:17 +00:00
dmiller
b341915722 Deprecate RC4 ciphersuites 2016-05-02 13:55:16 +00:00
dmiller
53d41055c7 Port r35354 changes to ssl-enum-ciphers internal probe 2015-12-07 17:45:55 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
bbee119188 Support fragmented TLS records. Closes #194 2015-10-29 22:18:32 +00:00
dmiller
e2bbf289d4 Display EC curve name in ssl-enum-ciphers 
Closes #173. See http://seclists.org/nmap-dev/2015/q3/254
 2015-09-17 13:00:23 +00:00
gyani
a59056e29e Fixed a spelling mistake. 2015-07-10 17:06:28 +00:00
gyani
29f57ea556 Gracefully handles case of openssl being missing. Cipherscores 
of those ciphers that require openssl are marked unkown.
Closes #115.
 2015-07-04 07:34:14 +00:00
dmiller
2e74e48a2b Work around long handshake intolerance in ssl-enum-ciphers 
https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
 2015-06-23 21:20:23 +00:00
dmiller
a881712e6b Add valid TLS1.2 probe and move checks to rule in ssl-enum-ciphers (#168) 2015-06-19 12:02:31 +00:00
dmiller
06e6062dba Prevent ssl-enum-ciphers from running on detected-non-ssl services 2015-06-18 23:32:35 +00:00
dmiller
d93945ea5c Let ssl-enum-ciphers run on any port when selected by name (#168) 2015-06-18 21:27:39 +00:00
dmiller
04fee3d14c Move TLSv1.2 signature_algorithms extension defaults into tls.lua 2015-03-25 02:29:25 +00:00
dmiller
ed86473b0c Send supported signature algorithms for TLSv1.2 2015-03-24 23:22:19 +00:00
dmiller
4d106cbe23 Remove unneeded requires 2015-02-28 12:43:59 +00:00
dmiller
ee4b2dfe5d A TODO note for ssl-enum-ciphers 
We recently became dependent on OpenSSL for some of ssl-enum-ciphers's
functionality (parsing certificates). We should have a decent fallback
(e.g. don't parse the certificate, issue a warning, and use a dummy
score).

[ci skip] This tells Travis to skip the CI build when this commit is
pushed, useful for documentation changes that don't affect the build.
 2015-01-01 21:09:05 +00:00
dmiller
c85bb0b54f Correct logic on checking for SHA1 certificate in ssl-enum-ciphers 2014-11-10 16:16:29 +00:00
dmiller
4e3baad093 Relax ssl-enum-ciphers' timeout to allow time for server processing 2014-11-10 16:16:27 +00:00
dmiller
e3024a6463 Documentation for new ssl-enum-ciphers rating system 2014-11-07 21:52:49 +00:00
dmiller
8f414cfc3a Correct conversion of DH key size to RSA bit strength equivalent 2014-11-07 21:41:38 +00:00
dmiller
222b2a009d Use internal cipher/handshake scoring system instead of static datafile 2014-11-07 16:39:26 +00:00
dmiller
e11a8609a7 Remove unnecessary vars and redistribute declarations 2014-11-07 16:39:24 +00:00
dmiller
b73dc0e762 Restructure try_params to return all recieved records 
No functional change to the script, but this allows callers to check for
various alerts or other handshake messages (certificate,
server_key_params, client_certificate_request, etc).
 2014-11-05 14:41:50 +00:00
dmiller
a1d984a66b Fix a couple off-by-one errors in parsing multiple TLS records 
Reported by Kent Fritz: http://seclists.org/nmap-dev/2014/q4/104
 2014-10-26 16:22:21 +00:00
dmiller
c4ad3ff4d6 Fix some error handling in ssl scripts 2014-10-25 18:58:18 +00:00
dmiller
917842059b Check TLS body protocol for compatibility in ssl-enum-ciphers 
Haven't seen this, and it shouldn't happen, but it's possible for a
server to send the same protocol version in the record, but a different
one in the body. This wouldn't be valid, so we should reject it.
 2014-10-16 04:07:07 +00:00
dmiller
cdd61aa874 Fix a bug in ssl-enum-ciphers 
If the last chunk of ciphers was rejected, then all results were
discarded.
 2014-10-15 21:52:36 +00:00
dmiller
b6e59efb4b Add stdnse.keys() for extracting keys from a table 2014-09-05 13:08:09 +00:00
dmiller
b8d37a32da Update documentation 2014-08-12 02:38:20 +00:00
dmiller
5395676f2e Handle weird behavior rejecting handshakes with multiple compressors offered 2014-08-12 02:38:19 +00:00
dmiller
1622edabc2 Unify logging with protocol prefix 2014-08-12 02:38:17 +00:00
dmiller
29b614ccca Increase default timeout, but allow discovered timeouts, too. 2014-08-12 02:38:16 +00:00
dmiller
31de5b9b9b Offer ciphers and compressors in the same order every time 2014-08-12 02:38:15 +00:00
dmiller
aadd8d864c Documentation for the cipher ordering feature 2014-08-12 02:38:13 +00:00
dmiller
a61755699f Handle servers which offer ciphers we didn't request 
Code from David.
 2014-08-12 02:38:12 +00:00