Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] ssl-enum-ciphers idea

From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Sat, 28 Jul 2012 23:59:32 +0200
Well, it could benefit, since there's already code that creates
client_hello packet , to which you can add
your npn data, and it already has response parsing code, which would
probably need to be expanded.
Of course, converting this into a library would require some
reengineering to make it more friendly
for other purposes , but I think it's a waste that all the effort that
was put into ssl-enum-ciphers
sciprt is wasted and not used by other scripts.

For now, I'll write my script by duplicating the code tho, until this is
decided.
I can easily remove the unneeded code when and if this gets turned into
a lib.

Aleksandar

On 7/28/2012 11:04 PM, Toni Ruottu wrote:

Would tls-nextprotoneg script (
http://nmap.org/nsedoc/scripts/tls-nextprotoneg.html ) benefit from
such library?

On Sat, Jul 28, 2012 at 4:42 PM, Daniel Miller <bonsaiviking () gmail com> wrote:

On Sat, Jul 28, 2012 at 6:02 AM, Aleksandar Nikolic
<nikolic.alek () gmail com> wrote:

Hi all,

I've started working on ssl-date script which gets time from the server
which we get in reply for ClientHello.

I took a look at ssl-enum-ciphers which is a greedy little script.
It has quite a lot of ssl protocol in it which it keeps for its self.

It is a really quite complete script.
What do you think, would it be a good idea to break this script
into a sort of ssl library and make it's functions, constants and enums
available
to other, future, scripts ?

I can see it getting quite useful for some scripts that would check for ssl
vulnerabilities and other stuff.

As far as I know, currently, there is no way of "speaking ssl" on that
level from NSE
save for building packets by hand, which ssl-enum-ciphers already does.

Aleksandar
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Aleksandar,

I think this is a great idea. Collecting the SSL/TLS protocol stuff
into a library would make it simpler to see what scripts like
ssl-enum-ciphers are doing, as well as enabling some things I was
thinking of tackling eventually: Diffie-Hellman prime length, DTLS,
etc.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: