diff --git a/modules/auxiliary/scanner/http/ssl.rb b/modules/auxiliary/scanner/http/ssl.rb index a9d83972b3..2ac6033fb3 100644 --- a/modules/auxiliary/scanner/http/ssl.rb +++ b/modules/auxiliary/scanner/http/ssl.rb @@ -38,56 +38,65 @@ class MetasploitModule < Msf::Auxiliary connect(true, {"SSL" => true}) #Force SSL - cert = OpenSSL::X509::Certificate.new(sock.peer_cert) + if sock.respond_to? :peer_cert + cert = OpenSSL::X509::Certificate.new(sock.peer_cert) + end disconnect if cert - print_status("#{ip}:#{rport} Subject: #{cert.subject}") - print_status("#{ip}:#{rport} Issuer: #{cert.issuer}") - print_status("#{ip}:#{rport} Signature Alg: #{cert.signature_algorithm}") - public_key_size = cert.public_key.n.num_bytes * 8 - print_status("#{ip}:#{rport} Public Key Size: #{public_key_size} bits") - print_status("#{ip}:#{rport} Not Valid Before: #{cert.not_before}") - print_status("#{ip}:#{rport} Not Valid After: #{cert.not_after}") + print_status("Subject: #{cert.subject}") + print_status("Issuer: #{cert.issuer}") + print_status("Signature Alg: #{cert.signature_algorithm}") + + # If we use ECDSA rather than RSA, our metrics for key size are different + public_key_size = 0 + if cert.public_key.respond_to? :n + public_key_size = cert.public_key.n.num_bytes * 8 + print_status("Public Key Size: #{public_key_size} bits") + end + print_status("Not Valid Before: #{cert.not_before}") + print_status("Not Valid After: #{cert.not_after}") # Checks for common properties of self signed certificates caissuer = (/CA Issuers - URI:(.*?),/i).match(cert.extensions.to_s) if caissuer.to_s.empty? - print_good("#{ip}:#{rport} Certificate contains no CA Issuers extension... possible self signed certificate") + print_good("Certificate contains no CA Issuers extension... possible self signed certificate") else - print_status("#{ip}:#{rport} " +caissuer.to_s[0..-2]) + print_status(caissuer.to_s[0..-2]) end if cert.issuer.to_s == cert.subject.to_s - print_good("#{ip}:#{rport} Certificate Subject and Issuer match... possible self signed certificate") + print_good("Certificate Subject and Issuer match... possible self signed certificate") end alg = cert.signature_algorithm if alg.downcase.include? "md5" - print_status("#{ip}:#{rport} WARNING: Signature algorithm using MD5 (#{alg})") + print_status("WARNING: Signature algorithm using MD5 (#{alg})") end vhostn = nil cert.subject.to_a.each do |n| vhostn = n[1] if n[0] == 'CN' end - if public_key_size == 1024 - print_status("#{ip}:#{rport} WARNING: Public Key only 1024 bits") - elsif public_key_size < 1024 - print_status("#{ip}:#{rport} WARNING: Weak Public Key: #{public_key_size} bits") + if public_key_size > 0 + if public_key_size == 1024 + print_status("WARNING: Public Key only 1024 bits") + elsif public_key_size < 1024 + print_status("WARNING: Weak Public Key: #{public_key_size} bits") + end end if cert.not_after < Time.now - print_status("#{ip}:#{rport} WARNING: Certificate not valid anymore") + print_status("WARNING: Certificate not valid anymore") end if cert.not_before > Time.now - print_status("#{ip}:#{rport} WARNING: Certificate not valid yet") + print_status("WARNING: Certificate not valid yet") end if vhostn - print_status("#{ip}:#{rport} has common name #{vhostn}") + print_status("Has common name #{vhostn}") # Store the virtual hostname for HTTP report_note( @@ -125,7 +134,7 @@ class MetasploitModule < Msf::Auxiliary end else - print_status("#{ip}:#{rport}] No certificate subject or common name found") + print_status("No certificate subject or common name found") end rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout rescue ::Timeout::Error, ::Errno::EPIPE