Nmap Development mailing list archives

[NSE] XMPP support for ssl-cert.nse

From: Vasiliy Kulikov <segooon () gmail com>
Date: Tue, 9 Aug 2011 13:28:08 +0400

Hi,

This is a little extention for ssl-cert.  With xmpp.lua it is trivial :)


Index: scripts/ssl-cert.nse
===================================================================
--- scripts/ssl-cert.nse        (revision 25647)
+++ scripts/ssl-cert.nse        (working copy)
@@ -68,6 +68,7 @@
 require("nsedebug")
 require("shortport")
 require("stdnse")
+require("xmpp")
 
 local stringify_name
 local date_to_string
@@ -138,8 +139,29 @@
     return "Connected"
 end 
 
+function xmpp_starttls(host, port)
+    local ls = xmpp.XMPP:new(host, port, { starttls = true } )
+    ls.socket = s
+    ls.socket:set_timeout(ls.options.timeout * 1000)
+
+    local status, err = ls.socket:connect(host, port)
+    if not status then
+        return nil
+    end
+
+    status, err = ls:connect()
+    if status then
+        return "Connected"
+    end
+end
+
 -- A table mapping port numbers to specialized SSL negotiation functions.
-local SPECIALIZED_FUNCS = { [25] = smtp_starttls, [587] = smtp_starttls }
+local SPECIALIZED_FUNCS = {
+    [25] = smtp_starttls,
+    [587] = smtp_starttls,
+    [5222] = xmpp_starttls,
+    [5269] = xmpp_starttls
+}
 
 portrule = function(host, port)
     return shortport.ssl(host, port) or SPECIALIZED_FUNCS[port.number]
Index: nselib/xmpp.lua
===================================================================
--- nselib/xmpp.lua     (revision 25647)
+++ nselib/xmpp.lua     (working copy)
@@ -206,13 +206,14 @@
                        return false, "ERROR: Only version 1.0 is supported"
                end
                
-               if ( start_tls == "required" ) then
+               if ( start_tls == "required" or self.options.starttls) then
                        status, err = self:send("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>")
                        if ( not(status) ) then return false, "ERROR: Failed to initiate STARTTLS" end
                        local status, tag = self:receive_tag()
                        if ( not(status) ) then return false, "ERROR: Failed to recevice from server" end
                        if ( tag.name == "proceed" ) then
                                status, err = self.socket:reconnect_ssl()
+                               self.options.starttls = false
                                return self:connect()
                        end
                end
---
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] XMPP support for ssl-cert.nse Vasiliy Kulikov (Aug 09)
- Re: [NSE] XMPP support for ssl-cert.nse David Fifield (Aug 09)
  - Re: [NSE] XMPP support for ssl-cert.nse Vasiliy Kulikov (Aug 09)