Nmap Development mailing list archives

ssl-cert.nse

From: David Fifield <david () bamsoftware com>
Date: Thu, 6 Aug 2009 13:01:10 -0600

Hi,

There has been at least one request to have Ncat print out server SSL
certificate expiration dates.

http://seclists.org/nmap-dev/2009/q3/0318.html

I resisted this because it would be better in an NSE script. I think
it's a great idea though, so I wrote a script.

The script by default prints out the subject name and the beginning and
end dates of the validity period. With more verbosity you get more
information, up to the entire PEM-encoded contents of the vertificate at
-vvv.

$ nmap --script=safe www.paypal.com -p 443
443/tcp open  https
|  ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, 
Inc./stateOrProvinceName=California/countryName=US
|  Not valid before: 2009-05-28 00:00:00
|_ Not valid after:  2010-05-01 23:59:59

$ nmap --script=safe www.paypal.com -p 443 -vvv
443/tcp open  https
|  ssl-cert: Subject: commonName=www.paypal.com/organizationName=PayPal, 
Inc./stateOrProvinceName=California/countryName=US/serialNumber=3014267/1.3.6.1.4.1.311.60.2.1.3=US/streetAddress=2211 
N 1st St/1.3.6.1.4.1.311.60.2.1.2=Delaware/postalCode=95131-2021/localityName=San 
Jose/organizationalUnitName=Information Systems/2.5.4.15=V1.0, Clause 5.(b)
|  Issuer: commonName=VeriSign Class 3 Extended Validation SSL CA/organizationName=VeriSign, 
Inc./countryName=US/organizationalUnitName=Terms of use at https://www.verisign.com/rpa (c)06
|  Not valid before: 2009-05-28 00:00:00
|  Not valid after:  2010-05-01 23:59:59
|  -----BEGIN CERTIFICATE-----
|  MIIFxzCCBK+gAwIBAgIQX02QuADDB7CVjZdooVge+zANBgkqhkiG9w0BAQUFADCB
...

Is this script useful to anyone? Is there more information that should
be included?

The script depends on some changes to nse_nsock.cc to add the
nmap.get_ssl_certificate function that turns the peer SSL certificate
into a Lua table.

David Fifield

Attachment: ssl-cert.nse
Description:

Attachment: get_ssl_certificate.diff
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

ssl-cert.nse David Fifield (Aug 06)
- Re: ssl-cert.nse Alan Jones (Aug 06)
  - Re: ssl-cert.nse David Fifield (Aug 07)
- Re: ssl-cert.nse Sven Klemm (Aug 07)
  - Re: ssl-cert.nse David Fifield (Aug 13)