Nmap Development mailing list archives
New NSE script for POODLE vulnerability discovery
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 21 Oct 2014 11:47:03 -0500
Hey list, I just pushed a new script, stripped down from ssl-enum-ciphers, called ssl-poodle [1]. People have been recommending ssl-enum-ciphers for detecting POODLE, since it affects all implementations of SSLv3 that allow CBC ciphersuites, but between enumerating *all* ciphersuites for 4 different SSL/TLS versions and sorting those by server preference, ssl-enum-ciphers needs to send at least 24 and usually many more requests to finish. ssl-poodle, on the other hand, needs only 4 requests maximum (and only 1 in the majority of vulnerable cases). It also uses the vulns library [2] to display vulnerability output. In addition to advertising this script, I wanted to ask some questions of the devs who have been using and developing the vulns library: 1. Is there a reason why check_results and extra_info are not displayed when the state is NOT_VULN? I wanted to distinguish "No CBC ciphersuites found" vs "SSLv3 not supported" when reporting not-vulnerable hosts with vulns.showall. 2. Can we unify the handling of whitespace within the description field? The script author shouldn't have to worry about formatting, word wrapping, indent level, etc. We can probably collapse all whitespace other than double-newline and then word-wrap appropriately for screen output (and not at all for XML output). Thanks, and happy scanning! Dan [1] http://nmap.org/nsedoc/scripts/ssl-poodle.html [2] http://nmap.org/nsedoc/lib/vulns.html _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New NSE script for POODLE vulnerability discovery Daniel Miller (Oct 21)
- Re: New NSE script for POODLE vulnerability discovery Henri Doreau (Oct 23)