Nmap Development mailing list archives
Getting the common name from the cert on SSL sites..
From: Haroon Meer <haroon () sensepost com>
Date: Wed, 23 Mar 2005 08:57:51 +0200
Hi guys..We used the following tiny patch to rip the CN from the certs of sites running SSL.. (arb'ly usefull for us on a mass -sV -p443 scan..)
Just throwing it here in-case anyone else ever needs it.. /mh -snip-its a tiny mode to nsock_core.c (and should probably be done elsewhere instead)
copy the attached file to $SRC_DIR/nsock/src/ then run: patch < mh.patch then go back to $SRC_DIR and do a ./configure && make && make install After that u should have : [root@intercrastic]# nmap -sV site.running.ssl.com -p443 -P0 Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-23 01:36 MH:SSL_Certificate_Common_Name:hackrack.co.za Interesting ports on site.running.ssl.com (1.2.3.4): PORT STATE SERVICE VERSION 443/tcp open ssl/http Apache httpd 1.3.27 ((Unix) AuthMySQL/2.20) Nmap finished: 1 IP address (1 host up) scanned in 10.792 seconds -snip-If it actually is of any use to anyone else, you would probably want to move the result to the per-service result line (and possibly only report if debug > x)
/mh ====================================================================== Haroon Meer MH SensePost Information Security +27 83786 6637 PGP : http://www.sensepost.com/pgp/haroon.txt haroon () sensepost com ======================================================================
--- nsock/src/nsock_core.orig 2005-03-23 01:28:44.999356384 +0200 +++ nsock/src/nsock_core.c 2005-03-23 01:30:52.343997056 +0200 @@ -213,6 +213,10 @@ char buf[1024]; msiod *iod = nse->iod; #if HAVE_OPENSSL +//<MH-DBG> + X509 *peer; + char peer_CN[256]; +//</MH-DBG> struct NsockSSLInfo *sslnfo; int sslerr; int sslconnect_inprogress = nse->type == NSE_TYPE_CONNECT_SSL && iod->ssl; @@ -327,6 +331,11 @@ rc = SSL_connect(iod->ssl); /* printf("DBG: SSL_connect()=%d", rc); */ if (rc == 1) { + //<MH-DBG> + peer=SSL_get_peer_certificate(iod->ssl); + X509_NAME_get_text_by_NID ( X509_get_subject_name (peer), NID_commonName, peer_CN, 255); + printf("MH:SSL_Certificate_Common_Name:%s\n",peer_CN); + //</MH-DBG> /* Woop! Connect is done! */ nse->event_done = 1; nse->status = NSE_STATUS_SUCCESS;
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Getting the common name from the cert on SSL sites.. Haroon Meer (Mar 22)
- Re: Getting the common name from the cert on SSL sites.. Arturo 'Buanzo' Busleiman (Mar 23)
- <Possible follow-ups>
- Re: Getting the common name from the cert on SSL sites.. Alan Jones (Mar 26)