infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated the report format to match new syntax 

git-svn-id: file:///home/svn/framework3/trunk@8566 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2010-02-20 05:50:05 +00:00
parent 0a8696436e
commit 0ba3d18032
1 changed files with 51 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
modules/auxiliary/scanner/http/ssl.rb
View File

@ -1,6 +1,6 @@
##
# This file is part of the Metasploit Framework and may be subject to
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
@ -8,91 +8,95 @@
require 'msf/core'
require 'rex/socket/ssl_tcp'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::Tcp
include Msf::Auxiliary::WMAPScanServer
include Msf::Auxiliary::Scanner
include Msf::Auxiliary::Report
include Rex::Socket::Comm
def initialize
super(
'Name' => 'HTTP SSL Certificate tester',
'Name' => 'HTTP SSL Certificate Information',
'Version' => '$Revision$',
'Description' => 'Display vhost associated to server using SSL certificate and check for signature algorithm',
'Description' => 'Parse the server SSL certificate to obtain the common name and signature algorithm',
'Author' => 'et',
'License' => MSF_LICENSE
)
register_options([
Opt::RPORT(443)
], self.class)
end
# Fingerprint a single host
def run_host(ip)
if !datastore['SSL']
print_error("SSL set to false")
return
end
begin
ssock = Rex::Socket::SslTcp.create(
'PeerHost' => wmap_target_host,
'PeerPort' => wmap_target_port,
'Proxies' => datastore['PROXIES']
)
cert = OpenSSL::X509::Certificate.new(ssock.peer_cert)
connect
cert = OpenSSL::X509::Certificate.new(sock.peer_cert)
disconnect
ssock.close
if cert
print_status("[#{ip}:#{datastore['RPORT']}] Subject: #{cert.subject} Signature Alg: #{cert.signature_algorithm}")
print_status("#{ip}:#{rport} Subject: #{cert.subject} Signature Alg: #{cert.signature_algorithm}")
alg = cert.signature_algorithm
if alg.downcase.include? "md5"
print_status("[#{ip}:#{datastore['RPORT']}] WARNING: Signature algorithm using MD5 (#{alg})")
print_status("#{ip}:#{rport} WARNING: Signature algorithm using MD5 (#{alg})")
end
sub = cert.subject.to_a
vhostn = 'EMPTY'
sub.each do |n|
#print_line "#{n[0]}"
if n[0] == 'CN'
#print_line "> #{n[1]}"
vhostn = n[1]
end
vhostn = nil
cert.subject.to_a.each do |n|
vhostn = n[1] if n[0] == 'CN'
end
if vhostn
print_status("[#{ip}:#{datastore['RPORT']}] is host #{vhostn}")
print_status("#{ip}:#{rport} has common name #{vhostn}")
# Store the virtual hostname for HTTP
report_note(
:host => ip,
:proto => 'HTTP',
:port => rport,
:type => 'VHOST',
:data => "#{vhostn}"
:proto => 'tcp',
:type => 'http.vhost',
:data => {:name => vhostn}
)
# Store the SSL certificate itself
report_note(
:host => ip,
:proto => 'HTTP',
:proto => 'tcp',
:port => rport,
:type => 'X509',
:data => "Subject: #{cert.subject} Algorithm: #{cert.signature_algorithm}"
:type => 'ssl.certificate',
:data => {
:cn => vhostn,
:subject => cert.subject.to_a,
:algorithm => alg
}
)
# Update the server hostname if necessary
if vhostn !~ /localhost|snakeoil/i
report_host(
:host => ip,
:name => vhostn
)
end
end
else
print_status("[#{ip}:#{datastore['RPORT']}] No certificate subject or CN found")
end
print_status("#{ip}:#{rport}] No certificate subject or common name found")
end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE
end
end
end
end