Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] SSL Fingerprint Matching

From: Fyodor <fyodor () insecure org>
Date: Thu, 6 Jan 2011 22:05:27 -0800
On Thu, Jan 06, 2011 at 11:00:05PM +0200, Toni Ruottu wrote:

So the options are 1) send the file with nmap and have it work out of
box, 2) provide the file separately, and 3) provide a bigger nmap
deluxe release that has the file in it. What do you think is the way
to go?


I think the Debian SSL blacklist DB is too large to include with Nmap,
but an "external" category script could query an external DB service
to see if a given key is on the list.  Of course the script would not
convey the IP address, certificate common name, or other details
beyond the key hash to the checker webapp.  It would be nice for the
script to be able to use a local file instead if the user has
downloaded it.  The NSEDoc could explain where to get the local file.

We could include all other interesting SSL keys with the script unless
we encounter another large class of them.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: