Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] SSL Fingerprint Matching
From: David Fifield <david () bamsoftware com>
Date: Tue, 22 Mar 2011 12:47:01 -0700

On Sun, Mar 20, 2011 at 10:13:40PM -0500, Mak Kolybabi wrote:
On 2011-02-22 13:24, David Fifield wrote:
To save space, how about storing hashes in the database without colons
separating bytes? They can continue to be shown in output.

The script now has a function that adds the colons back in when the file is read
in.

The output looks like this:

    |_ssl-known-key: 00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96 is in the database with reason 
Little Black Box 0.1.

Please change it to be

    |_ssl-known-key: Found in Little Black Box 0.1 - http://code.google.com/p/littleblackbox/ (certificate hash: 
00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96)

This will give users a little more context if they don't know what the
script is for.

The script output has been flipped around to match the second format.

Related to that, it would be nice if the description string didn't have to be
repeated for hashes with the same description. Could the data file be reworked
into something like this:

[Little Black Box 0.1 - http://code.google.com/p/littleblackbox/]
00:28:E7:D4:9C:FA:4A:A5:98:4F:E4:97:EB:73:48:56:07:87:E4:96
00:3A:E5:45:D6:9C:47:FB:1C:C2:53:59:AA:D7:54:62:D6:D7:89:90
00:3C:F1:AB:48:B4:6C:41:5E:48:15:10:3F:F8:28:AC:7C:60:D5:51

The script has been changed to accept sections in square brackets. Any
fingerprint before the first section is ignored and a warning is printed.

Thanks for finishing this and for writing the script in the first place.
It's always a pleasure to work with your code. I've just committed it.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]