Nmap Development mailing list archives
Re: ssl-cert.nse
From: Alan Jones <asjones987 () gmail com>
Date: Thu, 6 Aug 2009 20:27:13 -0500
I like it, but was thinking the last time I did some checking there was some other item from the SSL cert I wanted but can't remember. I think it would be a good candidate for inclusion in the Nmap and run as default script if finds the site has SSL running. On Thu, Aug 6, 2009 at 2:01 PM, David Fifield <david () bamsoftware com> wrote:
Hi, There has been at least one request to have Ncat print out server SSL certificate expiration dates. http://seclists.org/nmap-dev/2009/q3/0318.html I resisted this because it would be better in an NSE script. I think it's a great idea though, so I wrote a script. The script by default prints out the subject name and the beginning and end dates of the validity period. With more verbosity you get more information, up to the entire PEM-encoded contents of the vertificate at -vvv. $ nmap --script=safe www.paypal.com -p 443 443/tcp open https | ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc./stateOrProvinceName=California/countryName=US | Not valid before: 2009-05-28 00:00:00 |_ Not valid after: 2010-05-01 23:59:59 $ nmap --script=safe www.paypal.com -p 443 -vvv 443/tcp open https | ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, Inc./stateOrProvinceName=California/countryName=US/serialNumber=3014267/1.3.6.1.4.1.311.60.2.1.3=US/streetAddress=2211 N 1st St/1.3.6.1.4.1.311.60.2.1.2=Delaware/postalCode=95131-2021/localityName=San Jose/organizationalUnitName=Information Systems/2.5.4.15=V1.0, Clause 5.(b) | Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA/organizationName=VeriSign, Inc./countryName=US/organizationalUnitName=Terms of use at https://www.verisign.com/rpa (c)06 | Not valid before: 2009-05-28 00:00:00 | Not valid after: 2010-05-01 23:59:59 | -----BEGIN CERTIFICATE----- | MIIFxzCCBK+gAwIBAgIQX02QuADDB7CVjZdooVge+zANBgkqhkiG9w0BAQUFADCB ... Is this script useful to anyone? Is there more information that should be included? The script depends on some changes to nse_nsock.cc to add the nmap.get_ssl_certificate function that turns the peer SSL certificate into a Lua table. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- ssl-cert.nse David Fifield (Aug 06)
- Re: ssl-cert.nse Alan Jones (Aug 06)
- Re: ssl-cert.nse David Fifield (Aug 07)
- Re: ssl-cert.nse Sven Klemm (Aug 07)
- Re: ssl-cert.nse David Fifield (Aug 13)
- Re: ssl-cert.nse Alan Jones (Aug 06)