Home page logo
nmap-dev logo
Nmap Development Mailing List

Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects. Subscribe here.

List Archives


Latest Posts

Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 26)

Thanks for bearing with me on this. I looked over the packet capture
you sent, and I think I identified the problem: an off-by-one error in
reading TLS records! Here's a 1-line patch to possibly fix the
problem; let me know if this works for you (you may have to manually
make the change depending on line numbers, but the code surrounding it
should not have changed much):

diff --git a/scripts/ssl-enum-ciphers.nse...

Re: ssl-enum-ciphers with just hostname fails Kent Fritz (Oct 25)
I couldn't get top-of-tree to build in my environment, and the latest script
wouldn't run on 6.47, but the patch did apply on the 6.47 version. But
it didn't fix the problem. I'll send you the capture I mentioned off-list.

Re: Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm Daniel Miller (Oct 25)

This looks great, too! This is an important piece of info that we
should be checking for. Feel free to commit it.

By the way, my current wishlist regarding SSL/TLS parameter detection is:

1. DH parameter strength
2. More vulnerability checks (BEAST, CRIME, Lucky13)
3. Unified scoring system probably based on Qualys's excellent SSL
Server Rating Guide.
3. DV, OV, and EV certs (requires checking for a ton of different OIDs
depending on...

Re: [NSE] nselib / sslcert.lua - breaking when used w/ version detection Tom Sellers (Oct 25)
Thanks for the review and response. Committed


Re: [NSE] nselib / sslcert.lua - breaking when used w/ version detection Daniel Miller (Oct 25)

This looks good. I got halfway through reading your description, saw
the problem, and committed the same thing, except that I forgot the
API and checked port.service_tunnel (nonexistent!). I've rolled that
back, so you can commit this one if you like. If you need me to commit
it, I can do that, too.


[NSE] ssl-enum-ciphers / ssl-poodle - incomplete debug msg Tom Sellers (Oct 25)
I am tossing this at the list instead of committing it directly since Dan
is working with this code quite a bit. 'ssl-enum-ciphers' and 'ssl-poodle'
have a few issues that result in incomplete debug messages when there
are problems negotiating SSL/TLS. In my case this was when trying use STARTTLS
against services already wrapped in TLS.

NSE: [ssl-enum-ciphers W:1dc6af0 xx.xx.xx.xx:465] (TLSv1.1) Can't connect:...

Fwd: Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm Tom Sellers (Oct 25)

Could you take a look at the updated patch for this? Having this
functionality included would greatly help with some surveys I am

Thanks much,

Tom Sellers

-------- Original Message --------
Subject: Re: [NSE] ssl-cert.nse - Add x509 certificate Signature Algorithm
Date: Sat, 11 Oct 2014 19:10:20 -0500
From: Tom Sellers <nmap () fadedcode net>
To: Nmap-dev <dev () nmap org>

The standard SHA1 looks like...

[NSE] nselib / sslcert.lua - breaking when used w/ version detection Tom Sellers (Oct 25)
There is a problem with ssl-enum-ciphers.nse when run with version detection
against certain services. The root cause is in sslcert.lua where functions
'getPrepareTLSWithoutReconnect' and 'isPortSupported' perform a lookup against
a port or service name to determine if STARTTLS should be used against a
given port to negotiate SSL/TLS. No issues occur if provided a port number.

The problem arises when version detection is...

New VA Modules: MSF: 1, Nessus: 25 New VA Module Alert Service (Oct 25)
This report describes any new scripts/modules/exploits added to Nmap,
Metasploit, Nessus, and OpenVAS since yesterday.

== Metasploit modules (1) ==

MS14-060 Microsoft Windows OLE Package Manager Code Execution

== Nessus plugins (25) ==

78680 macosx_adobe_digital_editions_apsb14-25.nasl...

Nmap GSoC 2014 Success Report Fyodor (Oct 25)
Hi Folks. I'm pleased to report the successful completion of our 10th
Google Summer of Code! Four of our six students passed, and they
accomplished many wonderful things. Much of their work has already been
integrated into Nmap 6.47, and we're still working to integrate the
remainder. Let's look at their accomplishments individually:

*Jay Bosamiya* was a feature creeper, working on a wide variety of Nmap
tasks under the expert...

Mailman and SecLists archive handing of rich text messages Fyodor (Oct 25)
Hi folks! I'm sorry to send a test message, but I want to see how our
archiving system handles *bold text*, and maybe even *underlined text*.
I'm not going to push my luck with italics, but I do want to try an
itemized list:

*Reasons that Nmap is Better than a Chicken Sandwich:*

- Nmap has zero calories--totally not fattening
- No animals were harmed in the making of Nmap
- Nmap appears in more movies <...

Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 25)

Would you mind trying the attached patch to see if it works for you?
It checks for a fatal unrecognized_name alert and retries after
removing the SNI extension entirely.


diff --git a/scripts/ssl-enum-ciphers.nse b/scripts/ssl-enum-ciphers.nse
index e8b8592..5554503 100644
--- a/scripts/ssl-enum-ciphers.nse
+++ b/scripts/ssl-enum-ciphers.nse
@@ -340,8 +340,8 @@ local function find_ciphers_group(host, port, protocol, group)...

Re: ssl-enum-ciphers with just hostname fails Daniel Miller (Oct 24)

Thanks for noticing the problem. It makes sense that we're not
handling this properly: we try to do the server name extension with
the best info we have, but don't try to fall back to just IP (no SNI
extension) if there's a failure. It would certainly help to have your
pcap file, though I'd guess I could replicate it by setting a bogus
/etc/hosts entry for a server that supports SNI and scanning with that


ssl-enum-ciphers with just hostname fails Kent Fritz (Oct 24)
I was scanning some servers on my network, and found that ssl-enum-ciphers
seems to skip TLSv1 and above if you just use the hostname rather than
the FQDN or IP address. The first TLS record from the server is a warning
about the name, and it appears the code tries to handle it, but it just
doesn't work.

I have -d output and a pcap I can send off-list if anyone wants to look.



Re: New WordPress NSE script (http-wordpress-info) Robin Wood (Oct 24)
On 24 Oct 2014 21:23, "peter () hackertarget com" <peter () hackertarget com>

WordPress installations. This is my first attempt at lua scripting so let
me know if there are any glaring issues.

the version, if this fails it will attempt to find the version in
/readme.html a default file in all WordPress builds.

matching the path /wp-content/theme/ in the source of the page.

/wp-content/plugins/. This will not find...

More Lists

Dozens of other network security lists are archived at SecLists.Org.

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]