Re: [NSE] SSL Fingerprint Matching

[Mak Kolybabi <mak () kolybabi com>]

On 2011-02-22 13:24, David Fifield wrote:
> To save space, how about storing hashes in the database without colons
> separating bytes? They can continue to be shown in output.

The script now has a function that adds the colons back in when the file is read
in.

> The output looks like this:
>
>       |_ssl-known-key: 00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96 is in the database with reason 
> Little Black Box 0.1.
>
> Please change it to be
>
>       |_ssl-known-key: Found in Little Black Box 0.1 - http://code.google.com/p/littleblackbox/ (certificate hash: 
> 00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96)
>
> This will give users a little more context if they don't know what the
> script is for.

The script output has been flipped around to match the second format.

> Related to that, it would be nice if the description string didn't have to be
> repeated for hashes with the same description. Could the data file be reworked
> into something like this:
>
> [Little Black Box 0.1 - http://code.google.com/p/littleblackbox/]
> 00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96
> 00:3A:E5:45:D6:9C:47:FB:1C:C2:53:59:AA:D7:54:62:D6:D7:89:90
> 00:3C:F1:AB:48:B4:6C:41:5E:48:15:10:3F:F8:28:AC:7C:60:D5:51

The script has been changed to accept sections in square brackets. Any
fingerprint before the first section is ignored and a warning is printed.

Sorry it took so long for me to respond to this.

--
Mak Kolybabi
<mak () kolybabi com>

() ASCII Ribbon Campaign | Against HTML e-mail
/\  www.asciiribbon.org  | Against proprietary extensions

Attachment: ssl-known-key.nse
Description:

Attachment: ssl-fingerprints
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/