infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Land #6720, SSL scanner fixes

bug/bundler_fix
William Vu 2016-04-04 23:37:52 -05:00
parent 1256a5bc88 af7eef231c
commit dcb6da306c
No known key found for this signature in database
GPG Key ID: 68BD00CE25866743
1 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
modules/auxiliary/scanner/http/ssl.rb
View File

@ -38,56 +38,65 @@ class MetasploitModule < Msf::Auxiliary
connect(true, {"SSL" => true}) #Force SSL connect(true, {"SSL" => true}) #Force SSL
cert = OpenSSL::X509::Certificate.new(sock.peer_cert) if sock.respond_to? :peer_cert
cert = OpenSSL::X509::Certificate.new(sock.peer_cert)
end
disconnect disconnect
if cert if cert
print_status("#{ip}:#{rport} Subject: #{cert.subject}") print_status("Subject: #{cert.subject}")
print_status("#{ip}:#{rport} Issuer: #{cert.issuer}") print_status("Issuer: #{cert.issuer}")
print_status("#{ip}:#{rport} Signature Alg: #{cert.signature_algorithm}") print_status("Signature Alg: #{cert.signature_algorithm}")
public_key_size = cert.public_key.n.num_bytes * 8
print_status("#{ip}:#{rport} Public Key Size: #{public_key_size} bits") # If we use ECDSA rather than RSA, our metrics for key size are different
print_status("#{ip}:#{rport} Not Valid Before: #{cert.not_before}") public_key_size = 0
print_status("#{ip}:#{rport} Not Valid After: #{cert.not_after}") if cert.public_key.respond_to? :n
public_key_size = cert.public_key.n.num_bytes * 8
print_status("Public Key Size: #{public_key_size} bits")
end
print_status("Not Valid Before: #{cert.not_before}")
print_status("Not Valid After: #{cert.not_after}")
# Checks for common properties of self signed certificates # Checks for common properties of self signed certificates
caissuer = (/CA Issuers - URI:(.*?),/i).match(cert.extensions.to_s) caissuer = (/CA Issuers - URI:(.*?),/i).match(cert.extensions.to_s)
if caissuer.to_s.empty? if caissuer.to_s.empty?
print_good("#{ip}:#{rport} Certificate contains no CA Issuers extension... possible self signed certificate") print_good("Certificate contains no CA Issuers extension... possible self signed certificate")
else else
print_status("#{ip}:#{rport} " +caissuer.to_s[0..-2]) print_status(caissuer.to_s[0..-2])
end end
if cert.issuer.to_s == cert.subject.to_s if cert.issuer.to_s == cert.subject.to_s
print_good("#{ip}:#{rport} Certificate Subject and Issuer match... possible self signed certificate") print_good("Certificate Subject and Issuer match... possible self signed certificate")
end end
alg = cert.signature_algorithm alg = cert.signature_algorithm
if alg.downcase.include? "md5" if alg.downcase.include? "md5"
print_status("#{ip}:#{rport} WARNING: Signature algorithm using MD5 (#{alg})") print_status("WARNING: Signature algorithm using MD5 (#{alg})")
end end
vhostn = nil vhostn = nil
cert.subject.to_a.each do |n| cert.subject.to_a.each do |n|
vhostn = n[1] if n[0] == 'CN' vhostn = n[1] if n[0] == 'CN'
end end
if public_key_size == 1024 if public_key_size > 0
print_status("#{ip}:#{rport} WARNING: Public Key only 1024 bits") if public_key_size == 1024
elsif public_key_size < 1024 print_status("WARNING: Public Key only 1024 bits")
print_status("#{ip}:#{rport} WARNING: Weak Public Key: #{public_key_size} bits") elsif public_key_size < 1024
print_status("WARNING: Weak Public Key: #{public_key_size} bits")
end
end end
if cert.not_after < Time.now if cert.not_after < Time.now
print_status("#{ip}:#{rport} WARNING: Certificate not valid anymore") print_status("WARNING: Certificate not valid anymore")
end end
if cert.not_before > Time.now if cert.not_before > Time.now
print_status("#{ip}:#{rport} WARNING: Certificate not valid yet") print_status("WARNING: Certificate not valid yet")
end end
if vhostn if vhostn
print_status("#{ip}:#{rport} has common name #{vhostn}") print_status("Has common name #{vhostn}")
# Store the virtual hostname for HTTP # Store the virtual hostname for HTTP
report_note( report_note(
@ -125,7 +134,7 @@ class MetasploitModule < Msf::Auxiliary
end end
else else
print_status("#{ip}:#{rport}] No certificate subject or common name found") print_status("No certificate subject or common name found")
end end
rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout rescue ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout
rescue ::Timeout::Error, ::Errno::EPIPE rescue ::Timeout::Error, ::Errno::EPIPE