Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ssl-enum-ciphers on 6.47 (windows/zenmap)

From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 18 Nov 2014 13:57:06 -0600
Ryan,

The NSEDoc portal is auto-generated from the development version of Nmap.
As of r33786 (November 7, 2014), the ssl-enum-ciphers script depends on
changes to the C code within the Nmap Scripting Engine, so no amount of
changing Lua files will make it work. This was required to avoid building a
fully-featured X.509 certificate parser in Lua.

Your best option, if you want to try the new ssl-enum-ciphers script with
the new handshake scoring system, is to check out the development version
of Nmap from subversion. You can find instructions to do this here:
http://nmap.org/book/install.html#inst-svn

Dan

P.S. Off the top of my head, here is a list of the new features since 6.47
that ssl-enum-ciphers uses:
* stdnse.debug1 function, which depends on a change to nse_main.lua to get
the ID of currently running script
* stdnse.keys function, which is the same as the one that used to be
duplicated in ssl-enum-ciphers and several other scripts
* sslcert.parse_ssl_certificate, a wrapper around a call to a C function
that did this, but was not accessible from Lua
* Many changes to tls.lua, including parsing the ServerCertificate and
ServerKeyExchange messages and parsing TLS ciphersuite names

On Tue, Nov 18, 2014 at 12:11 PM, Ryan Alban <ralban () gmail com> wrote:


Hi-
I'm trying to get the new ssl-enum-ciphers (posted here:
http://nmap.org/nsedoc/scripts/ssl-enum-ciphers.html) running on 6.47
(windows/zenmap). I've read a few threads where this script is not yet
compatible with 6.47, and various patches have been offered to work-around
this and/or fix other bugs.  I've tried implementing these changes, each
leads to errors in the required libraries. I've attempted replacing the
libraries packaged with 6.47 with those posted on the ssl-enum-ciphers
page, but many of the links to the required libraries link back to the
ssl-enum-ciphers page itself.

Can some please summarize or point me to the steps necessary to get
ssl-enum-ciphers running on 6.47 (i.e., necessary libraries and code
changes)?
Best regards,
Ryan


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: