mirror of https://github.com/daffainfo/nuclei.git
feat: allow cipher enumeration in SSL protocol (#4297)
* feat: allow cipher enumeration in SSL protocol * cipher enum improvements --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>dev
parent
775c7f762b
commit
ecae94d0cf
|
@ -76,6 +76,22 @@ type Request struct {
|
|||
// - "auto"
|
||||
// - "openssl" # reverts to "auto" is openssl is not installed
|
||||
ScanMode string `yaml:"scan_mode,omitempty" json:"scan_mode,omitempty" jsonschema:"title=Scan Mode,description=Scan Mode - auto if not specified.,enum=ctls,enum=ztls,enum=auto"`
|
||||
// description: |
|
||||
// TLS Versions Enum - false if not specified
|
||||
// Enumerates supported TLS versions
|
||||
TLSVersionsEnum bool `yaml:"tls_versions_enum,omitempty" json:"tls_versions_enum,omitempty" jsonschema:"title=Enumerate Versions,description=Enumerate Version - false if not specified"`
|
||||
// description: |
|
||||
// TLS Ciphers Enum - false if not specified
|
||||
// Enumerates supported TLS ciphers
|
||||
TLSCiphersEnum bool `yaml:"tls_ciphers_enum,omitempty" json:"tls_ciphers_enum,omitempty" jsonschema:"title=Enumerate Ciphers,description=Enumerate Ciphers - false if not specified"`
|
||||
// description: |
|
||||
// TLS Cipher types to enumerate
|
||||
// values:
|
||||
// - "insecure" (default)
|
||||
// - "weak"
|
||||
// - "secure"
|
||||
// - "all"
|
||||
TLSCipherTypes []string `yaml:"tls_cipher_types,omitempty" json:"tls_cipher_types,omitempty" jsonschema:"title=TLS Cipher Types,description=TLS Cipher Types to enumerate,enum=weak,enum=secure,enum=insecure,enum=all"`
|
||||
|
||||
// cache any variables that may be needed for operation.
|
||||
dialer *fastdialer.Dialer
|
||||
|
@ -115,6 +131,14 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error {
|
|||
// if openssl is not installed instead of failing "auto" scanmode is used
|
||||
request.ScanMode = "auto"
|
||||
}
|
||||
if request.TLSCiphersEnum {
|
||||
// cipher enumeration requires tls version enumeration first
|
||||
request.TLSVersionsEnum = true
|
||||
}
|
||||
if request.TLSCiphersEnum && len(request.TLSCipherTypes) == 0 {
|
||||
// by default only look for insecure ciphers
|
||||
request.TLSCipherTypes = []string{"insecure"}
|
||||
}
|
||||
|
||||
tlsxOptions := &clients.Options{
|
||||
AllCiphers: true,
|
||||
|
@ -133,6 +157,9 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error {
|
|||
ClientHello: true,
|
||||
ServerHello: true,
|
||||
DisplayDns: true,
|
||||
TlsVersionsEnum: request.TLSVersionsEnum,
|
||||
TlsCiphersEnum: request.TLSCiphersEnum,
|
||||
TLsCipherLevel: request.TLSCipherTypes,
|
||||
}
|
||||
|
||||
tlsxService, err := tlsx.New(tlsxOptions)
|
||||
|
|
Loading…
Reference in New Issue