Nmap Development: Re: Getting the common name from the cert on SSL sites..

[Alan Jones <asj () ipa net>]

Any chance we could see this patch + any other SSL improvments added to 
next versoin of Nmap?




> Subject:
> Getting the common name from the cert on SSL sites..
> From:
> Haroon Meer <haroon () sensepost com>
> Date:
> Wed, 23 Mar 2005 08:57:51 +0200
> To:
> nmap-dev () insecure org
>
> To:
> nmap-dev () insecure org
>
>
> Hi guys..
>
> We used the following tiny patch to rip the CN from the certs of sites 
> running SSL.. (arb'ly usefull for us on a mass -sV -p443 scan..)
> Just throwing it here in-case anyone else ever needs it..
>
> /mh
>
> -snip-
> its a tiny mode to nsock_core.c (and should probably be done elsewhere 
> instead)
> copy the attached file to $SRC_DIR/nsock/src/
> then run: patch < mh.patch
>
> then go back to $SRC_DIR and do a ./configure && make && make install
>
> After that u should have :
>
> [root () intercrastic]# nmap -sV site.running.ssl.com -p443 -P0
>
> Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-03-23 01:36
> MH:SSL_Certificate_Common_Name:hackrack.co.za
>
> Interesting ports on site.running.ssl.com (1.2.3.4):
>
> PORT    STATE SERVICE  VERSION
> 443/tcp open  ssl/http Apache httpd 1.3.27 ((Unix) AuthMySQL/2.20)
>
> Nmap finished: 1 IP address (1 host up) scanned in 10.792 seconds
> -snip-
>
> If it actually is of any use to anyone else, you would probably want 
> to move the result to the per-service result line (and possibly only 
> report if debug > x)
> /mh

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List archive: http://seclists.org