Nmap Development mailing list archives
Re: [RFC] OpenSSL and Windows
From: Thomas Buchanan <tbuchanan () thecompassgrp net>
Date: Mon, 07 Jan 2008 15:30:16 -0600
jah wrote:
What's the current state of play with OpenSSL and nmap for mswin32? Does it work? Is it in use? How can I check? Is there anything that doesn't work if nmap is not compiled with it? Regards, jah
Hello, Here are some rough instructions that I came up with over the weekend for enabling OpenSSL in Nmap on Windows. Hope they help. First, my development environment is Windows XP SP2, Visual C++ 2005 Express Edition, with Microsoft Platform SDK for Windows Server 2003 SP1 installed. This setup compiles the nmap-4.52 source with no modifications. Here are the steps I took to enable OpenSSL: 1. Download Win32 OpenSSL devel kit from http://www.slproweb.com/products/Win32OpenSSL.html I got the 6MB file indicated for software developers. 2. Install the Win32 OpenSSL devel kit, and take note of the installation directory. I changed the default directory to "C:\Dev\OpenSSL" The remainder of these directions will reference that directory. 3. Download and extract latest Nmap source. I extracted mine to "C:\Dev\nmap-4.52" 4. Open .sln in Visual C++ 2005 Express Edition 5. Edit nmap_winconfig.h, and add the following line: #define HAVE_OPENSSL 1 Just for reference, I added this after line 112, but I don't think it matters too much. 6. Edit nsock\src\nsock.h, and add the following line: #define HAVE_OPENSSL 1 Again for reference, I added this after line 63. 7. Edit the nmap project properties in VC++ as follows: * Under Configuration Properties -> C/C++ -> General, add "C:\Dev\OpenSSL\include" to Additional Include Directories * Under Configuration Properties -> Linker -> General, add "C:\Dev\OpenSSL\lib\VC" to Additional Library Directories * Under Configuration Properties -> Linker -> Input, add "libeay32MT.lib" and "ssleay32MT.lib" to Additional Dependencies 8. Edit the nsock sub-project properties as follows: * Under Configuration Properties -> C/C++ -> General, add "C:\Dev\OpenSSL\include" to Additional Include Directories 9. Add the following files to the nsock sub-project * Add Existing Item -> nsock\src\nsock_ssl.h to Header Files * Add Existing Item -> nsock\src\nsock_ssl.c to Source Files 10. Build solution. Hopefully, if everything has gone correctly, you will have a binary with OpenSSL support. Now, to run this binary on other machines, you have a couple of options: 1. Install the OpenSSL runtime files from http://www.slproweb.com/products/Win32OpenSSL.html Current version is Win32 OpenSSL v0.9.8g Light (about 1MB download) or 2. Install the following files: libeay32.dll, ssleay32.dll from openssl-0.9.8e_WIN32.zip (http://www.deanlee.cn/programming/openssl-for-windows/) These files can either be placed in the same directory as nmap.exe, or in the Windows system32 directory. Here's the output of a slightly patched nmap-4.52, as you can see with OpenSSL support: $ NMAPDIR=. ./nmap -d -sSV -p 443 --script=md5test.nse,showHTMLTitle.nse 192.168.XXX.yyy Winpcap present, dynamic linked to: WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5 Starting Nmap 4.52 ( http://insecure.org ) at 2008-01-07 14:53 Central Standard Time Nmap linked against PCRE library 7.4 2007-09-21 Nmap linked against Lua 5.1 Nmap compiled against OpenSSL 0.9.8g 19 Oct 2007 Nmap linked against OpenSSL 0.9.8g 19 Oct 2007 <snip> SCRIPT ENGINE: Script scanning completed. Host cobalt (192.168.xxx.yyy) appears to be up ... good. Interesting ports on cobalt (192.168.xxx.yyy): PORT STATE SERVICE REASON VERSION 443/tcp open ssl/http syn-ack Microsoft IIS webserver 6.0 |_ HTML title: Welcome to Windows Small Business Server 2003 Service Info: OS: Windows Host script results: | Hash test: MD5 and SHA1 hashes of IP address 192.168.xxx.yyy | MD5: 7787d3bd2027cfd13134682bbdf29bb6 | SHA1: 9f799b960c8d40f303bbef0c0d3fca608aec8130 | MD5 raw: w... '..14h+.... | SHA1 raw: .y....@..... |_ ?.`...0 Final times for host: srtt: 2000 rttvar: 7750 to: 100000 Read from .: nmap-mac-prefixes nmap-rpc nmap-service-probes nmap-services. Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ . Nmap done: 1 IP address (1 host up) scanned in 21.250 seconds Raw packets sent: 2 (86B) | Rcvd: 2 (88B) The hash script is a test for my NSE / OpenSSL patches posted here: http://seclists.org/nmap-dev/2007/q4/0472.html After a little work, I was able to successfully build that patch on Windows too, but I'm not too convinced that I got the build system quite right. Anyway, let me know if you have any questions or comments. Thanks, Thomas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] OpenSSL and Windows Thomas Buchanan (Jan 07)
- RE: [RFC] OpenSSL and Windows Rob Nicholls (Jan 07)
- RE: [RFC] OpenSSL and Windows Thomas Buchanan (Jan 07)
- Re: [RFC] OpenSSL and Windows DePriest, Jason R. (Feb 04)
- RE: [RFC] OpenSSL and Windows Thomas Buchanan (Feb 05)
- Re: [RFC] OpenSSL and Windows Fyodor (Feb 05)
- Re: [RFC] OpenSSL and Windows DePriest, Jason R. (Feb 05)
- Re: [RFC] OpenSSL and Windows DePriest, Jason R. (Feb 05)
- Re: [RFC] OpenSSL and Windows Fyodor (Feb 05)
- RE: [RFC] OpenSSL and Windows Thomas Buchanan (Feb 05)
- RE: [RFC] OpenSSL and Windows Thomas Buchanan (Feb 05)
- RE: [RFC] OpenSSL and Windows Thomas Buchanan (Feb 05)
- RE: [RFC] OpenSSL and Windows Rob Nicholls (Jan 07)