Nmap Development mailing list archives
[RFC] Lua bindings for OpenSSL md5 and sha1 hash functions
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Wed, 5 Dec 2007 11:39:51 -0600
Hello, So, I was working on another NSE script recently, and needed the ability to calculate SHA1 hashes. I did a Google search, and found Lua bindings against the OpenSSL library for MD5 and SHA1 hashes[1]. Using that code as a starting point, I created a new NSE library called openssl, which includes two functions, digest_md5() and digest_sha1(). These two functions take a string as the primary argument, and an optional boolean value for a second. By default, they return the hex representation of MD5 or SHA1 digest calculated from the string. If the second boolean argument is true, they return the raw 16 or 20 digit digests. Attached is a small archive which contains the code for the NSE library, and a small test script that demonstrates usage. I've also attached a patch to Makefile.in to compile the library. Example output from included test script: Host script results: | Hash test: MD5 and SHA1 hashes of IP address 192.168.128.1 | MD5: bb22aeb2bcb0e41c3a8b0468abf14bbc | SHA1: 3c7207e8da6aad45263a0263c78bb0ec36e9e188 | MD5 raw: ."......:..h..K. |_ SHA1 raw: <r...j.E&:.c....6... Quick instructions for testing the patch: cd to nmap source tree (svn checkout or nmap-4.23RC3) $ tar jxf /path/to/lua-openssl.tar.bz2 $ patch -p1 < /path/to/lua-openssl-Makefile.patch $ ./configure --with-openssl (other config args) .. make, etc. This library requires HAVE_OPENSSL to be defined. I haven't tested it on Windows at all, but my understanding is that the Windows build system doesn't currently build against OpenSSL. Does anyone have any pointers for compiling under Windows with OpenSSL? Since Nmap is currently in feature freeze, I'm certainly not suggesting this be included at the moment, but I thought I'd put it out there to see if there was any interest, and to get feedback and comments. I'm not too familiar with the OpenSSL library, or Lua bindings, but if there's interest in exposing other functions to Lua/NSE, I'd be happy to look into it. Thanks, Thomas by the way, I found a convenient way to calculate md5 [2] and sha1 [3] hash values online. [1] http://www.tecgraf.puc-rio.br/~lhf/ftp/lua/ [2] http://people.eku.edu/styere/Encrypt/JS-MD5.html [3] http://people.eku.edu/styere/Encrypt/JS-SHA1.html
Attachment:
lua-openssl.tar.bz2
Description: lua-openssl.tar.bz2
Attachment:
lua-openssl-Makefile.patch
Description: lua-openssl-Makefile.patch
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Lua bindings for OpenSSL md5 and sha1 hash functions Thomas Buchanan (Dec 05)
- RE: [RFC] Lua bindings for OpenSSL md5 and sha1 hash functions Matthew Boyle (Dec 06)
- Re: [RFC] Lua bindings for OpenSSL md5 and sha1 hash functions Brandon Enright (Dec 06)
- Re: [RFC] Lua bindings for OpenSSL md5 and sha1 hash functions Thomas Buchanan (Dec 07)
- RE: [RFC] Lua bindings for OpenSSL md5 and sha1 hash functions Matthew Boyle (Dec 06)