New NSE script for POODLE vulnerability discovery

[Daniel Miller <bonsaiviking () gmail com>]

Hey list,

I just pushed a new script, stripped down from ssl-enum-ciphers,
called ssl-poodle [1]. People have been recommending ssl-enum-ciphers
for detecting POODLE, since it affects all implementations of SSLv3
that allow CBC ciphersuites, but between enumerating *all*
ciphersuites for 4 different SSL/TLS versions and sorting those by
server preference, ssl-enum-ciphers needs to send at least 24 and
usually many more requests to finish.

ssl-poodle, on the other hand, needs only 4 requests maximum (and only
1 in the majority of vulnerable cases). It also uses the vulns library
[2] to display vulnerability output.

In addition to advertising this script, I wanted to ask some questions
of the devs who have been using and developing the vulns library:

1. Is there a reason why check_results and extra_info are not
displayed when the state is NOT_VULN? I wanted to distinguish "No CBC
ciphersuites found" vs "SSLv3 not supported" when reporting
not-vulnerable hosts with vulns.showall.

2. Can we unify the handling of whitespace within the description
field? The script author shouldn't have to worry about formatting,
word wrapping, indent level, etc. We can probably collapse all
whitespace other than double-newline and then word-wrap appropriately
for screen output (and not at all for XML output).

Thanks, and happy scanning!
Dan

[1] http://nmap.org/nsedoc/scripts/ssl-poodle.html
[2] http://nmap.org/nsedoc/lib/vulns.html
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/