metasploit-framework/modules/auxiliary/scanner/http/wmap_ssl.rb

91 lines
2.3 KiB
Ruby
Raw Normal View History

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'rex/socket/ssl_tcp'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Auxiliary::WMAPScanServer
include Msf::Auxiliary::Scanner
include Rex::Socket::Comm
def initialize
super(
'Name' => 'HTTP SSL Certificate tester',
'Version' => '$Revision$',
'Description' => 'Display vhost associated to server using SSL certificate and check for signature algorithm',
'Author' => 'et',
'License' => MSF_LICENSE
)
end
# Fingerprint a single host
def run_host(ip)
if !datastore['SSL']
print_error("SSL set to false")
return
end
begin
ssock = Rex::Socket::SslTcp.create(
'PeerHost' => wmap_target_host,
'PeerPort' => wmap_target_port,
'Proxies' => datastore['PROXIES']
)
cert = OpenSSL::X509::Certificate.new(ssock.peer_cert)
ssock.close
if cert
print_status("[#{ip}:#{datastore['RPORT']}] Subject: #{cert.subject} Signature Alg: #{cert.signature_algorithm}")
alg = cert.signature_algorithm
if alg.downcase.include? "md5"
print_status("[#{ip}:#{datastore['RPORT']}] WARNING: Signature algorithm using MD5 (#{alg})")
end
sub = cert.subject.to_a
vhostn = 'EMPTY'
sub.each do |n|
#print_line "#{n[0]}"
if n[0] == 'CN'
#print_line "> #{n[1]}"
vhostn = n[1]
end
end
if vhostn
print_status("[#{ip}:#{datastore['RPORT']}] is host #{vhostn}")
rep_id = wmap_base_report_id(
wmap_target_host,
wmap_target_port,
wmap_target_ssl
)
wmap_report(rep_id,'VHOST','NAME',"#{vhostn}","Vhost #{vhostn} found.")
wmap_report(rep_id,'X509','SUBJECT',"#{cert.subject}",nil)
wmap_report(rep_id,'X509','SIGN_ALGORITHM',"#{cert.signature_algorithm}","Signature algorithm")
end
else
print_status("[#{ip}:#{datastore['RPORT']}] No certificate subject or CN found")
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end