PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity
Files
40744ef1baecf7149bf1ff8b49c1e85bae974afc
nmap/scripts/ssl-google-cert-catalog.nse
batrick 7f5ec526fe Merge branch 'nse-lua53' 
Lua 5.3 adds several awesome features of particular interest to nmap including
bitwise operators and integers, a utf8 library, and standard binary pack/unpack
functions.

In addition to adding Lua 5.3, this branch changes:

o Complete removal of the NSE bit library (in C), It has been replaced with
  a new Lua library wrapping Lua 5.3's bit-wise operators.

o Complete removal of the NSE bin library (in C). It has been replaced with a
  new Lua library wrapping Lua 5.3's string.pack|unpack functions.

o The bin.pack "B" format specifier (which has never worked correctly) is
  unimplemented.  All scripts/libraries which use it have been updated. Most
  usage of this option was to allow string based bit-wise operations which are no
  longer necessary now that Lua 5.3 provides integers and bit-wise operators.

o The base32/base64 libraries have been reimplemented using Lua 5.3's new
  bitwise operators. (This library was the main user of the bin.pack "B" format
  specifier.)

o A new "bits" library has been added for common bit hacks. Currently only has
  a reverse function.

Thanks to David Fifield, Daniel Miller, Jacek Wielemborek, and  Paulino
Calderon for testing this branch.
2016-07-02 17:02:27 +00:00

72 lines
2.0 KiB
Lua
Raw Blame History

local dns = require "dns"
local math = require "math"
local os = require "os"
local shortport = require "shortport"
local sslcert = require "sslcert"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
description = [[
Queries Google's Certificate Catalog for the SSL certificates retrieved from
target hosts.
The Certificate Catalog provides information about how recently and for how long
Google has seen the given certificate. If a certificate doesn't appear in the
database, despite being correctly signed by a well-known CA and having a
matching domain name, it may be suspicious.
]]
---
-- @usage
-- nmap -p 443 --script ssl-cert,ssl-google-cert-catalog <host>
--
-- @output
-- PORT STATE SERVICE
---443/tcp open https
---| ssl-google-cert-catalog:
---| First/last date seen: 19 Aug 2011 / 10 Sep 2011
---|_ Days in between: 20
author = "Vasiliy Kulikov"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = { "safe", "discovery", "external" }
--dependencies = { "ssl-cert" }
local format_date = function(day_num)
return os.date("%d %b %Y", 60 * 60 * 24 * math.tointeger(day_num))
end
portrule = shortport.ssl
action = function(host, port)
local lines, sha1, query
local status, cert = sslcert.getCertificate(host, port)
if not status then
return nil
end
sha1 = stdnse.tohex(cert.digest(cert, "sha1"))
query = sha1 .. ".certs.googlednstest.com"
stdnse.debug1("%s", query)
local status, decoded_response = dns.query(query, { dtype = "TXT" })
lines = {}
if status then
local raw_start, raw_stop, delta = string.match(decoded_response, "(%d+) (%d+) (%d+)")
local date_start, date_stop = format_date(raw_start), format_date(raw_stop)
table.insert(lines, "First/last date seen: " .. date_start .. " / " .. date_stop)
table.insert(lines, "Days in between: " .. tonumber(delta))
else
table.insert(lines, "No DB entry")
end
return stdnse.format_output(true, lines)
end
Reference in New Issue View Git Blame Copy Permalink