Nmap Development mailing list archives

Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script

From: Mak Kolybabi <mak () kolybabi com>
Date: Mon, 22 Feb 2010 22:00:14 -0600

On 2010-02-19 13:58, David Fifield wrote:

I think the bind here is a no-op:
        sock = nmap.new_socket()
        sock:set_timeout(5000)
        sock:bind()


I have removed the bind, and you seem to be right.

You need to put some limit on the read loop, or else parse it
incrementally or something, because you can DOS the script with
"ncat -l --ssl -k -v 443 > /dev/null < /dev/zero".


I now do incremental parsing, and that command line produces results as
expected. As an aside, I often segfault ncat with:

% ./src/nmap/nmap --script scripts/ssl-enum -PN -p5061 -d2 127.0.0.1

and

% ./src/nmap/ncat/ncat -l --ssl -k -v 5061 > /dev/null < /dev/zero
Ncat: Version 5.21 ( http://nmap.org/ncat )
Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one.
Ncat: SHA-1 fingerprint: 4C57 23D2 66A3 050D FC84 8613 6E85 BC33 3EEA 7419
Ncat: Listening on 0.0.0.0:5061
Ncat: Connection from 127.0.0.1.
...
Ncat: Connection from 127.0.0.1.
zsh: segmentation fault  ./src/nmap/ncat/ncat -l --ssl -k -v 5061 > /dev/null < /dev/zero

I agree that the name should be changed. Maybe ssl-enum-ciphers.


I dislike that name on the basis that it also enumerates compression algorithms.
Perhaps ssl-enum-algorithms?

What happens when you run it against an SSLv2 server, like
"openssl s_server -ssl2"?


SSLv2 seems to be entirely incompatible, so no results are produced.

You should switch the order of the first two paragraphs in the
description. The first paragraph is shown as the summary in NSEDoc, and
what you have now as the second paragraph is more descriptive of what
the script does.


I've rewritten the description to reflect that I now use a better algorithm that
was suggested to me, which is *way* faster.

Please let me know if there are any other concerns or suggestions.

--
Matthew Anthony Kolybabi (Mak)
<mak () kolybabi com>

() ASCII Ribbon Campaign | Against HTML e-mail
/\  www.asciiribbon.org  | Against proprietary extensions

Attachment: ssl-enum-algorithms.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 16)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 17)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 19)
  - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 20)
  - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 22)
    - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 22)
    - Ncat segfault with -l --ssl < /dev/zero David Fifield (Feb 23)
    - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 23)
    - Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 24)