Last active
August 29, 2015 13:58
-
-
Save b4ldr/10120972 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| local coroutine = require "coroutine" | |
| local io = require "io" | |
| local nmap = require "nmap" | |
| local shortport = require "shortport" | |
| local stdnse = require "stdnse" | |
| local string = require "string" | |
| local table = require "table" | |
| local tls = require "tls" | |
| description = [[ | |
| ]] | |
| --- | |
| -- @usage | |
| -- nmap --script ssl-enum-extension -p 443 <host> | |
| -- | |
| -- @args ssl-enum-extension.rankedcipherlist A path to a file of cipher names and strength ratings | |
| -- | |
| -- @output | |
| -- PORT STATE SERVICE REASON | |
| -- 443/tcp open https syn-ack | |
| -- | ssl-enum-extension: | |
| -- | |
| -- @xmloutput | |
| -- <table key="SSLv3"> | |
| -- <table key="ciphers"> | |
| -- <table> | |
| -- </table> | |
| author = "John Bond <[email protected]>" | |
| license = "BSD Simplified 2 clause--See http://nmap.org/book/man-legal.html" | |
| categories = {"discovery", "intrusive"} | |
| local function try_params(host, port, t) | |
| local buffer, err, i, record, req, resp, sock, status | |
| -- Create socket. | |
| sock = nmap.new_socket() | |
| sock:set_timeout(5000) | |
| status, err = sock:connect(host, port, "tcp") | |
| if not status then | |
| stdnse.print_debug(1, "Can't connect: %s", err) | |
| sock:close() | |
| return nil | |
| end | |
| -- Send request. | |
| req = tls.client_hello(t) | |
| status, err = sock:send(req) | |
| if not status then | |
| stdnse.print_debug(1, "Can't send: %s", err) | |
| sock:close() | |
| return nil | |
| end | |
| -- Read response. | |
| buffer = "" | |
| record = nil | |
| while true do | |
| local status | |
| status, buffer, err = tls.record_buffer(sock, buffer, 1) | |
| if not status then | |
| stdnse.print_debug(1, "Couldn't read a TLS record: %s", err) | |
| local nsedebug = require "nsedebug" | |
| nsedebug.print_hex(req) | |
| return nil | |
| end | |
| -- Parse response. | |
| i, record = tls.record_read(buffer, 1) | |
| if record and record.type == "alert" and record.body[1].level == "warning" then | |
| stdnse.print_debug(1, "Ignoring warning: %s", record.body[1].description) | |
| -- Try again. | |
| elseif record then | |
| sock:close() | |
| return record | |
| end | |
| buffer = buffer:sub(i+1) | |
| end | |
| end | |
| local function keys(t) | |
| local ret = {} | |
| for k, _ in pairs(t) do | |
| ret[#ret+1] = k | |
| end | |
| return ret | |
| end | |
| portrule = shortport.ssl | |
| action = function(host, port) | |
| local name, result, results | |
| -- lets just check one protocol for now | |
| protocol = 'TLSv1.0' | |
| -- Support all ciphers | |
| ciphers = keys(tls.CIPHERS) | |
| local t = { | |
| ["protocol"] = protocol, | |
| ["ciphers"] = ciphers, | |
| ["extensions"] = { | |
| -- Claim to support every elliptic curve | |
| ["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](keys(tls.ELLIPTIC_CURVES)), | |
| -- Claim to support every EC point format | |
| ["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](keys(tls.EC_POINT_FORMATS)), | |
| }, | |
| } | |
| if host.targetname then | |
| t["extensions"]["server_name"] = tls.EXTENSION_HELPERS["server_name"](host.targetname) | |
| end | |
| results = {} | |
| record = try_params(host, port, t) | |
| for name, value in pairs(record.body[1].extensions) do | |
| stdnse.print_debug(1, "extension: %s", name) | |
| end | |
| -- for name, value in pairs(record.body) do | |
| -- stdnse.print_debug(1, "%s: %s", name, value) | |
| -- for name_b, value_b in pairs(value) do | |
| -- stdnse.print_debug(1, "%s: %s", name_b, value_b) | |
| -- end | |
| -- end | |
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- updated tls.lua | |
| EXTENSIONS = { | |
| ["server_name"] = 0, -- RFC 6066 | |
| ["max_fragment_length"] = 1, -- RFC 6066 | |
| ["client_certificate_url"] = 2, -- RFC 6066 | |
| ["trusted_ca_keys"] = 3, -- RFC 6066 | |
| ["truncated_hmac"] = 4, -- RFC 6066 | |
| ["status_request"] = 5, -- RFC 6066 | |
| ["user_mapping"] = 6, -- RFC 4681 | |
| ["client_authz"] = 7, -- RFC 5878 | |
| ["server_authz"] = 8, -- RFC 5878 | |
| ["cert_type"] = 9, -- RFC 6091 | |
| ["elliptic_curves"] = 10, -- RFC 4492 | |
| ["ec_point_formats"] = 11, -- RFC 4492 | |
| ["srp"] = 12, -- RFC 5054 | |
| ["signature_algorithms"] = 13, -- RFC 5246 | |
| ["use_srtp"] = 14, -- RFC 5764 | |
| ["heartbeat"] = 15, -- RFC 6520 | |
| ["application_layer_protocol_negotiation"] = 16, -- draft-friedl-tls-applayerprotoneg | |
| ["status_request_v2"] = 17, -- RFC 6961 | |
| ["signed_certificate_timestamp"] = 18, -- RFC 6962 | |
| ["client_certificate_type"] = 19, -- RFC-ietf-tls-oob-pubkey-11] | |
| ["server_certificate_type"] = 20, -- RFC-ietf-tls-oob-pubkey-11] | |
| ["padding"] = 21, -- draft-agl-tls-padding (TEMPORARY - expires 2015-03-12) | |
| ["SessionTicket_TLS"] = 35, -- RFC 4570 | |
| ["renegotiation_info"] = 65281, -- RFC 5746 | |
| ["next_protocol_negotiation"] = 13172, | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment