Nmap Development mailing list archives

Re: [NSE] XMPP support for ssl-cert.nse

From: David Fifield <david () bamsoftware com>
Date: Tue, 9 Aug 2011 12:35:51 -0700

On Tue, Aug 09, 2011 at 01:28:08PM +0400, Vasiliy Kulikov wrote:

Hi,

This is a little extention for ssl-cert.  With xmpp.lua it is trivial :)


Index: scripts/ssl-cert.nse
===================================================================
--- scripts/ssl-cert.nse      (revision 25647)
+++ scripts/ssl-cert.nse      (working copy)
@@ -68,6 +68,7 @@
 require("nsedebug")
 require("shortport")
 require("stdnse")
+require("xmpp")
 
 local stringify_name
 local date_to_string
@@ -138,8 +139,29 @@
     return "Connected"
 end 
 
+function xmpp_starttls(host, port)
+    local ls = xmpp.XMPP:new(host, port, { starttls = true } )
+    ls.socket = s
+    ls.socket:set_timeout(ls.options.timeout * 1000)
+
+    local status, err = ls.socket:connect(host, port)
+    if not status then
+        return nil
+    end
+
+    status, err = ls:connect()
+    if status then
+        return "Connected"
+    end
+end
+
 -- A table mapping port numbers to specialized SSL negotiation functions.
-local SPECIALIZED_FUNCS = { [25] = smtp_starttls, [587] = smtp_starttls }
+local SPECIALIZED_FUNCS = {
+    [25] = smtp_starttls,
+    [587] = smtp_starttls,
+    [5222] = xmpp_starttls,
+    [5269] = xmpp_starttls
+}
 
 portrule = function(host, port)
     return shortport.ssl(host, port) or SPECIALIZED_FUNCS[port.number]
Index: nselib/xmpp.lua
===================================================================
--- nselib/xmpp.lua   (revision 25647)
+++ nselib/xmpp.lua   (working copy)
@@ -206,13 +206,14 @@
                      return false, "ERROR: Only version 1.0 is supported"
              end
              
-             if ( start_tls == "required" ) then
+             if ( start_tls == "required" or self.options.starttls) then
                      status, err = self:send("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>")
                      if ( not(status) ) then return false, "ERROR: Failed to initiate STARTTLS" end
                      local status, tag = self:receive_tag()
                      if ( not(status) ) then return false, "ERROR: Failed to recevice from server" end
                      if ( tag.name == "proceed" ) then
                              status, err = self.socket:reconnect_ssl()
+                             self.options.starttls = false
                              return self:connect()
                      end
              end


Can you explain the self.options.starttls changes? I would have expected
you to set that option before calling ls:connect.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] XMPP support for ssl-cert.nse Vasiliy Kulikov (Aug 09)
- Re: [NSE] XMPP support for ssl-cert.nse David Fifield (Aug 09)
  - Re: [NSE] XMPP support for ssl-cert.nse Vasiliy Kulikov (Aug 09)