PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity
10,109 Commits 2 Branches 0 Tags
dd503ae2e568896eebedf9f9991ee4a78912d86d
Commit Graph

69 Commits

Author SHA1 Message Date
dmiller
53d41055c7 Port r35354 changes to ssl-enum-ciphers internal probe 2015-12-07 17:45:55 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
dmiller
bbee119188 Support fragmented TLS records. Closes #194 2015-10-29 22:18:32 +00:00
dmiller
e2bbf289d4 Display EC curve name in ssl-enum-ciphers 
Closes #173. See http://seclists.org/nmap-dev/2015/q3/254
 2015-09-17 13:00:23 +00:00
gyani
a59056e29e Fixed a spelling mistake. 2015-07-10 17:06:28 +00:00
gyani
29f57ea556 Gracefully handles case of openssl being missing. Cipherscores 
of those ciphers that require openssl are marked unkown.
Closes #115.
 2015-07-04 07:34:14 +00:00
dmiller
2e74e48a2b Work around long handshake intolerance in ssl-enum-ciphers 
https://github.com/ssllabs/research/wiki/Long-Handshake-Intolerance
 2015-06-23 21:20:23 +00:00
dmiller
a881712e6b Add valid TLS1.2 probe and move checks to rule in ssl-enum-ciphers (#168) 2015-06-19 12:02:31 +00:00
dmiller
06e6062dba Prevent ssl-enum-ciphers from running on detected-non-ssl services 2015-06-18 23:32:35 +00:00
dmiller
d93945ea5c Let ssl-enum-ciphers run on any port when selected by name (#168) 2015-06-18 21:27:39 +00:00
dmiller
04fee3d14c Move TLSv1.2 signature_algorithms extension defaults into tls.lua 2015-03-25 02:29:25 +00:00
dmiller
ed86473b0c Send supported signature algorithms for TLSv1.2 2015-03-24 23:22:19 +00:00
dmiller
4d106cbe23 Remove unneeded requires 2015-02-28 12:43:59 +00:00
dmiller
ee4b2dfe5d A TODO note for ssl-enum-ciphers 
We recently became dependent on OpenSSL for some of ssl-enum-ciphers's
functionality (parsing certificates). We should have a decent fallback
(e.g. don't parse the certificate, issue a warning, and use a dummy
score).

[ci skip] This tells Travis to skip the CI build when this commit is
pushed, useful for documentation changes that don't affect the build.
 2015-01-01 21:09:05 +00:00
dmiller
c85bb0b54f Correct logic on checking for SHA1 certificate in ssl-enum-ciphers 2014-11-10 16:16:29 +00:00
dmiller
4e3baad093 Relax ssl-enum-ciphers' timeout to allow time for server processing 2014-11-10 16:16:27 +00:00
dmiller
e3024a6463 Documentation for new ssl-enum-ciphers rating system 2014-11-07 21:52:49 +00:00
dmiller
8f414cfc3a Correct conversion of DH key size to RSA bit strength equivalent 2014-11-07 21:41:38 +00:00
dmiller
222b2a009d Use internal cipher/handshake scoring system instead of static datafile 2014-11-07 16:39:26 +00:00
dmiller
e11a8609a7 Remove unnecessary vars and redistribute declarations 2014-11-07 16:39:24 +00:00
dmiller
b73dc0e762 Restructure try_params to return all recieved records 
No functional change to the script, but this allows callers to check for
various alerts or other handshake messages (certificate,
server_key_params, client_certificate_request, etc).
 2014-11-05 14:41:50 +00:00
dmiller
a1d984a66b Fix a couple off-by-one errors in parsing multiple TLS records 
Reported by Kent Fritz: http://seclists.org/nmap-dev/2014/q4/104
 2014-10-26 16:22:21 +00:00
dmiller
c4ad3ff4d6 Fix some error handling in ssl scripts 2014-10-25 18:58:18 +00:00
dmiller
917842059b Check TLS body protocol for compatibility in ssl-enum-ciphers 
Haven't seen this, and it shouldn't happen, but it's possible for a
server to send the same protocol version in the record, but a different
one in the body. This wouldn't be valid, so we should reject it.
 2014-10-16 04:07:07 +00:00
dmiller
cdd61aa874 Fix a bug in ssl-enum-ciphers 
If the last chunk of ciphers was rejected, then all results were
discarded.
 2014-10-15 21:52:36 +00:00
dmiller
b6e59efb4b Add stdnse.keys() for extracting keys from a table 2014-09-05 13:08:09 +00:00
dmiller
b8d37a32da Update documentation 2014-08-12 02:38:20 +00:00
dmiller
5395676f2e Handle weird behavior rejecting handshakes with multiple compressors offered 2014-08-12 02:38:19 +00:00
dmiller
1622edabc2 Unify logging with protocol prefix 2014-08-12 02:38:17 +00:00
dmiller
29b614ccca Increase default timeout, but allow discovered timeouts, too. 2014-08-12 02:38:16 +00:00
dmiller
31de5b9b9b Offer ciphers and compressors in the same order every time 2014-08-12 02:38:15 +00:00
dmiller
aadd8d864c Documentation for the cipher ordering feature 2014-08-12 02:38:13 +00:00
dmiller
a61755699f Handle servers which offer ciphers we didn't request 
Code from David.
 2014-08-12 02:38:12 +00:00
dmiller
d538cc81cd Sort ciphers according to server preference, when available 
David's code, adapted to current script.
 2014-08-12 02:38:10 +00:00
dmiller
2df9a5f678 Factor out cipher selection for chunks 
It will be handy later to have a find_ciphers_group function that
doesn't know anything about chunking.
 2014-08-12 02:38:09 +00:00
dmiller
38ab5861d5 Report server's cipher ordering algorithm 
Old code from David, modified to fit the current script.
 2014-08-12 02:38:07 +00:00
batrick
810f7d4803 more stdnse.print_debug -> stdnse.debug 
This is a catchall pattern with a few exclusions.

$ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *\(.*\))/stdnse.debug\1(\2)/' *.nse
$ sed -i 's/stdnse.print_debug(\(.*\))/stdnse.debug1(\1)/' *.nse

Excluded:
$ svn revert db2-das-info.nse
$ svn revert flume-master-info.nse
$ svn revert http-headers.nse
$ svn revert http-methods.nse
$ svn revert http-unsafe-output-escaping.nse
$ svn revert http-userdir-enum.nse
$ svn revert http-vuln-cve2011-3192.nse
$ svn revert http-vuln-wnr1000-creds.nse
$ svn revert http-wordpress-plugins.nse
$ svn revert telnet-brute.nse
 2014-08-02 02:46:16 +00:00
dmiller
233b1fca71 STARTTLS support for ssl-enum-ciphers 2014-04-09 18:02:01 +00:00
dmiller
64ef503f5b Remove debug leftover from ssl-enum-ciphers 2014-03-31 14:35:50 +00:00
dmiller
4eaa21e7cb Integrate David's ssl-enum-ciphers improvements 
From this thread: http://seclists.org/nmap-dev/2014/q1/105

* Extensions now better supported in tls.lua
* ssl-enum-ciphers sends all EC options to ensure servers reply with
  supported EC suites
* tls.lua supports multiple messages of a single type within 1 record
* tls.record_buffer will read an entire TLS record into a buffer
* ssl-date and tls-nextprotoneg updated to use tls.record_buffer
 2014-01-30 18:12:14 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
dmiller
35148980ef Update ssl-enum-ciphers to use tls.lua 2014-01-16 18:09:59 +00:00
henri
0b2a445ddd Use strjoin() instead of '..' to concatenate strings. 
This significantly decreases CPU usage, that could reach
100% on large scans.
 2014-01-13 08:35:00 +00:00
david
98bbff8b69 Remove unused local. 2013-12-05 23:41:21 +00:00
david
aa15467a3f Fix the off-by-one in ssl-enum-ciphers that I reintroduced. 2013-12-03 17:12:15 +00:00
david
126d424dec Simplify the chunk calculation. 2013-12-02 22:47:20 +00:00
david
6832c98454 Try only 64 ciphers at a time in ssl-enum-ciphers. 
An off-by-one error meant that we tried 65 at a time. The number 64 came
up in a discussion of limitations of running against IIS.
http://seclists.org/nmap-dev/2012/q3/167
 2013-12-02 22:47:09 +00:00
david
8ab92b3214 Tabs to spaces in ssl-enum-ciphers. 2013-11-27 04:59:48 +00:00
dmiller
83e0ee1e70 Add ChaCha20-Poly1305 TLS cipher suites to ssl-ciphers 2013-11-14 20:41:09 +00:00
dmiller
f97c8db5e8 Correct output for ssl-enum-ciphers against non-ssl 
ssl-enum-ciphers was producing output against non-ssl services, listing
"least strength: strong" when there was no cipher matched. Fixed to
return nil in this case, and to clearly indicate when a protocol is
supported but does not support any of our ciphers (a very unlikely
situation! Had to artificially reduce attempted ciphers to test.)
 2012-09-14 21:06:46 +00:00