sslcert NSE Library — Nmap Scripting Engine documentation (original) (raw)
A library providing functions for collecting SSL certificates and storing them in the host-based registry.
The library is largely based on code (copy-pasted) from David Fifields ssl-cert script in an effort to allow certs to be cached and shared among other scripts.
STARTTLS functions are included for several protocols:
- FTP
- IMAP
- LDAP
- NNTP
- MySQL
- POP3
- PostgreSQL
- SMTP
- TDS (MS SQL Server)
- VNC (TLS and VeNCrypt auth types)
- XMPP
Author:
Source: https://svn.nmap.org/nmap/nselib/sslcert.lua
Functions
getCertificate (host, port)
Gets a certificate for the given host and port The function will attempt to START-TLS for the ports known to require it.
getPrepareTLSWithoutReconnect (port)
Get a specialized SSL connection function without starting SSL
isPortSupported (port)
Get a specialized SSL connection function to create an SSL socket
parse_ssl_certificate (der)
Parse an X.509 certificate from DER-encoded string
Functions
getCertificate (host, port)
Gets a certificate for the given host and port The function will attempt to START-TLS for the ports known to require it.
Parameters
host
table as received by the script action function
port
table as received by the script action function
Return values:
- status true on success, false on failure
- cert userdata containing the SSL certificate, or error message on failure.
getPrepareTLSWithoutReconnect (port)
Get a specialized SSL connection function without starting SSL
For protocols that require some sort of START-TLS setup, this function will return a function that can be used to produce a socket that is ready for SSL messages.
Parameters
port
A port table with 'number' and 'service' keys
Return value:
A STARTTLS function or nil
isPortSupported (port)
Get a specialized SSL connection function to create an SSL socket
For protocols that require some sort of START-TLS setup, this function will return a function that can be used to produce an SSL-connected socket.
Parameters
port
A port table with 'number' and 'service' keys
Return value:
A STARTTLS function or nil
parse_ssl_certificate (der)
Parse an X.509 certificate from DER-encoded string
This uses OpenSSL's X.509 parsing routines, so if OpenSSL support is not included, only the pem key of the returned table will be present.
Parameters
der
DER-encoded certificate
Return values:
- table containing decoded certificate or nil on failure
- error string if parsing failed