Nmap Development mailing list archives
Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script
From: Mak Kolybabi <mak () kolybabi com>
Date: Mon, 22 Feb 2010 22:00:14 -0600
On 2010-02-19 13:58, David Fifield wrote:
I think the bind here is a no-op: sock = nmap.new_socket() sock:set_timeout(5000) sock:bind()
I have removed the bind, and you seem to be right.
You need to put some limit on the read loop, or else parse it incrementally or something, because you can DOS the script with "ncat -l --ssl -k -v 443 > /dev/null < /dev/zero".
I now do incremental parsing, and that command line produces results as expected. As an aside, I often segfault ncat with: % ./src/nmap/nmap --script scripts/ssl-enum -PN -p5061 -d2 127.0.0.1 and % ./src/nmap/ncat/ncat -l --ssl -k -v 5061 > /dev/null < /dev/zero Ncat: Version 5.21 ( http://nmap.org/ncat ) Ncat: Generating a temporary 1024-bit RSA key. Use --ssl-key and --ssl-cert to use a permanent one. Ncat: SHA-1 fingerprint: 4C57 23D2 66A3 050D FC84 8613 6E85 BC33 3EEA 7419 Ncat: Listening on 0.0.0.0:5061 Ncat: Connection from 127.0.0.1. ... Ncat: Connection from 127.0.0.1. zsh: segmentation fault ./src/nmap/ncat/ncat -l --ssl -k -v 5061 > /dev/null < /dev/zero
I agree that the name should be changed. Maybe ssl-enum-ciphers.
I dislike that name on the basis that it also enumerates compression algorithms. Perhaps ssl-enum-algorithms?
What happens when you run it against an SSLv2 server, like "openssl s_server -ssl2"?
SSLv2 seems to be entirely incompatible, so no results are produced.
You should switch the order of the first two paragraphs in the description. The first paragraph is shown as the summary in NSEDoc, and what you have now as the second paragraph is more descriptive of what the script does.
I've rewritten the description to reflect that I now use a better algorithm that was suggested to me, which is *way* faster. Please let me know if there are any other concerns or suggestions. -- Matthew Anthony Kolybabi (Mak) <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions
Attachment:
ssl-enum-algorithms.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 16)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 17)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 19)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Rob Nicholls (Feb 20)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Mak Kolybabi (Feb 22)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 22)
- Ncat segfault with -l --ssl < /dev/zero David Fifield (Feb 23)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script David Fifield (Feb 23)
- Re: [NSE] SSLv3/TLSv1 cipher and compression algorithm enumeration script Fyodor (Feb 24)