Nmap Development mailing list archives
Re: [NSE] SSL Fingerprint Matching
From: Fyodor <fyodor () insecure org>
Date: Thu, 6 Jan 2011 22:05:27 -0800
On Thu, Jan 06, 2011 at 11:00:05PM +0200, Toni Ruottu wrote:
So the options are 1) send the file with nmap and have it work out of box, 2) provide the file separately, and 3) provide a bigger nmap deluxe release that has the file in it. What do you think is the way to go?
I think the Debian SSL blacklist DB is too large to include with Nmap, but an "external" category script could query an external DB service to see if a given key is on the list. Of course the script would not convey the IP address, certificate common name, or other details beyond the key hash to the checker webapp. It would be nice for the script to be able to use a local file instead if the user has downloaded it. The NSEDoc could explain where to get the local file. We could include all other interesting SSL keys with the script unless we encounter another large class of them. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Jan 06)
- RE: [NSE] SSL Fingerprint Matching Rob Nicholls (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Jan 06)
- RE: [NSE] SSL Fingerprint Matching Rob Nicholls (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Fyodor (Jan 06)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Jan 06)
- <Possible follow-ups>
- Re: [NSE] SSL Fingerprint Matching David Fifield (Feb 22)
- Re: [NSE] SSL Fingerprint Matching Fyodor (Feb 23)
- Re: [NSE] SSL Fingerprint Matching Toni Ruottu (Mar 17)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Mar 18)
- Re: [NSE] SSL Fingerprint Matching Fyodor (Feb 23)
- Re: [NSE] SSL Fingerprint Matching Mak Kolybabi (Mar 20)
- Re: [NSE] SSL Fingerprint Matching David Fifield (Mar 22)