j4s0nh4ck
- 浏览: 288013 次
-
文章分类
- 全部博客 (276)
- burp+hydra暴力破解 (1)
- kali linux工具集 (6)
- kali (59)
- linux (54)
- password (14)
- web (63)
- 渗透测试 (50)
- windows (40)
- metasploit (9)
- 信息收集 (32)
- burp suit (4)
- 安全审计 (9)
- https://github.com/secretsquirrel/the-backdoor-factory (0)
- nmap (4)
- arachni (2)
- 工具 (5)
- sql (3)
- 网络 (2)
- 后渗透测试 (10)
- 内网 (5)
- 无线 (2)
- C (3)
- bios (1)
- RoR (12)
- mongodb (1)
- linxu (1)
- gdb (1)
- linux,虚拟化 (1)
- python (4)
最新评论
1. wget http://nmap.org/svn/scripts/ssl-heartbleed.nse
2. wget http://nmap.org/svn/nselib/tls.lua
3. cp ssl-heartbleed.nse /usr/bin/../share/nmap/scripts/
4. cp tls.lua /usr/bin/../share/nmap/nselib/
5. 因为这两个脚本里面有错误,使用nmap -d -p 443 -vv -ff --script=ssl-heartbleed target会发现有debug1等函数未定义。这时把debug1替换成print_debug函数,print_debug函数的第一个参数根据print_debug第二个参数格式化字符的个数来决定。
6. 然后可以使用nmap -d -p 443 -vv -ff --script=ssl-heartbleed target
>>root@kali:~# nmap -d -p 443 -vv -ff --script=ssl-heartbleed target
Starting Nmap 6.40 ( http://nmap.org ) at 2014-08-12 15:59 UTC
...
NSE: we're done!
NSE: Server does not support TLS Heartbeat Requests.
NSE: Protocol version mismatch
7. 原代码来自:http://nmap.org/svn/scripts/ssl-heartbleed.nse
: http://nmap.org/svn/nselib/tls.lua
root@kali:~# cat /usr/bin/../share/nmap/nselib/tls.lua
---
-- A library providing functions for doing TLS/SSL communications
--
-- These functions will build strings and process buffers. Socket communication
-- is left to the script to implement.
--
-- @author "Daniel Miller <bonsaiviking@gmail.com>"
local stdnse = require "stdnse"
local bin = require "bin"
local os = require "os"
local table = require "table"
_ENV = stdnse.module("tls", stdnse.seeall)
-- Most of the values in the tables below are from:
-- http://www.iana.org/assignments/tls-parameters/
PROTOCOLS = {
["SSLv3"] = 0x0300,
["TLSv1.0"] = 0x0301,
["TLSv1.1"] = 0x0302,
["TLSv1.2"] = 0x0303
}
--
-- TLS Record Types
--
TLS_RECORD_HEADER_LENGTH = 5
TLS_CONTENTTYPE_REGISTRY = {
["change_cipher_spec"] = 20,
["alert"] = 21,
["handshake"] = 22,
["application_data"] = 23,
["heartbeat"] = 24
}
--
-- TLS Alert Levels
--
TLS_ALERT_LEVELS = {
["warning"] = 1,
["fatal"] = 2,
}
--
-- TLS Alert Record Types
--
TLS_ALERT_REGISTRY = {
["close_notify"] = 0,
["unexpected_message"] = 10,
["bad_record_mac"] = 20,
["decryption_failed"] = 21,
["record_overflow"] = 22,
["decompression_failure"] = 30,
["handshake_failure"] = 40,
["no_certificate"] = 41,
["bad_certificate"] = 42,
["unsupported_certificate"] = 43,
["certificate_revoked"] = 44,
["certificate_expired"] = 45,
["certificate_unknown"] = 46,
["illegal_parameter"] = 47,
["unknown_ca"] = 48,
["access_denied"] = 49,
["decode_error"] = 50,
["decrypt_error"] = 51,
["export_restriction"] = 60,
["protocol_version"] = 70,
["insufficient_security"] = 71,
["internal_error"] = 80,
["user_canceled"] = 90,
["no_renegotiation"] = 100,
["unsupported_extension"] = 110,
["certificate_unobtainable"] = 111,
["unrecognized_name"] = 112,
["bad_certificate_status_response"] = 113,
["bad_certificate_hash_value"] = 114,
["unknown_psk_identity"] = 115
}
--
-- TLS Handshake Record Types
--
TLS_HANDSHAKETYPE_REGISTRY = {
["hello_request"] = 0,
["client_hello"] = 1,
["server_hello"] = 2,
["hello_verify_request"] = 3,
["NewSessionTicket"] = 4,
["certificate"] = 11,
["server_key_exchange"] = 12,
["certificate_request"] = 13,
["server_hello_done"] = 14,
["certificate_verify"] = 15,
["client_key_exchange"] = 16,
["finished"] = 20,
["certificate_url"] = 21,
["certificate_status"] = 22,
["supplemental_data"] = 23,
["next_protocol"] = 67,
}
--
-- Compression Algorithms
-- http://www.iana.org/assignments/comp-meth-ids
--
COMPRESSORS = {
["NULL"] = 0,
["DEFLATE"] = 1,
["LZS"] = 64
}
---
-- RFC 4492 section 5.1.1 "Supported Elliptic Curves Extension".
ELLIPTIC_CURVES = {
sect163k1 = 1,
sect163r1 = 2,
sect163r2 = 3,
sect193r1 = 4,
sect193r2 = 5,
sect233k1 = 6,
sect233r1 = 7,
sect239k1 = 8,
sect283k1 = 9,
sect283r1 = 10,
sect409k1 = 11,
sect409r1 = 12,
sect571k1 = 13,
sect571r1 = 14,
secp160k1 = 15,
secp160r1 = 16,
secp160r2 = 17,
secp192k1 = 18,
secp192r1 = 19,
secp224k1 = 20,
secp224r1 = 21,
secp256k1 = 22,
secp256r1 = 23,
secp384r1 = 24,
secp521r1 = 25,
arbitrary_explicit_prime_curves = 0xFF01,
arbitrary_explicit_char2_curves = 0xFF02,
}
---
-- RFC 4492 section 5.1.2 "Supported Point Formats Extension".
EC_POINT_FORMATS = {
uncompressed = 0,
ansiX962_compressed_prime = 1,
ansiX962_compressed_char2 = 2,
}
---
-- Extensions
-- RFC 6066, draft-agl-tls-nextprotoneg-03
-- https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
--
EXTENSIONS = {
["server_name"] = 0,
["max_fragment_length"] = 1,
["client_certificate_url"] = 2,
["trusted_ca_keys"] = 3,
["truncated_hmac"] = 4,
["status_request"] = 5,
["user_mapping"] = 6,
["client_authz"] = 7,
["server_authz"] = 8,
["cert_type"] = 9,
["elliptic_curves"] = 10,
["ec_point_formats"] = 11,
["srp"] = 12,
["signature_algorithms"] = 13,
["use_srtp"] = 14,
["heartbeat"] = 15,
["application_layer_protocol_negotiation"] = 16,
["status_request_v2"] = 17,
["signed_certificate_timestamp"] = 18,
["client_certificate_type"] = 19,
["server_certificate_type"] = 20,
["padding"] = 21, -- Temporary, expires 2015-03-12
["SessionTicket TLS"] = 35,
["next_protocol_negotiation"] = 13172,
["renegotiation_info"] = 65281,
}
---
-- Builds data for each extension
-- Defaults to tostring (i.e. pass in the packed data you want directly)
EXTENSION_HELPERS = {
["server_name"] = function (server_name)
-- Only supports host_name type (0), as per RFC
-- Support for other types could be added later
return bin.pack(">P", bin.pack(">CP", 0, server_name))
end,
["max_fragment_length"] = tostring,
["client_certificate_url"] = tostring,
["trusted_ca_keys"] = tostring,
["truncated_hmac"] = tostring,
["status_request"] = tostring,
["elliptic_curves"] = function (elliptic_curves)
local list = {}
for _, name in ipairs(elliptic_curves) do
list[#list+1] = bin.pack(">S", ELLIPTIC_CURVES[name])
end
return bin.pack(">P", table.concat(list))
end,
["ec_point_formats"] = function (ec_point_formats)
local list = {}
for _, format in ipairs(ec_point_formats) do
list[#list+1] = bin.pack(">C", EC_POINT_FORMATS[format])
end
return bin.pack(">p", table.concat(list))
end,
["next_protocol_negotiation"] = tostring,
}
--
-- Encryption Algorithms
--
CIPHERS = {
["TLS_NULL_WITH_NULL_NULL"] = 0x0000,
["TLS_RSA_WITH_NULL_MD5"] = 0x0001,
["TLS_RSA_WITH_NULL_SHA"] = 0x0002,
["TLS_RSA_EXPORT_WITH_RC4_40_MD5"] = 0x0003,
["TLS_RSA_WITH_RC4_128_MD5"] = 0x0004,
["TLS_RSA_WITH_RC4_128_SHA"] = 0x0005,
["TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x0006,
["TLS_RSA_WITH_IDEA_CBC_SHA"] = 0x0007,
["TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0008,
["TLS_RSA_WITH_DES_CBC_SHA"] = 0x0009,
["TLS_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x000A,
["TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x000B,
["TLS_DH_DSS_WITH_DES_CBC_SHA"] = 0x000C,
["TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x000D,
["TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x000E,
["TLS_DH_RSA_WITH_DES_CBC_SHA"] = 0x000F,
["TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0010,
["TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x0011,
["TLS_DHE_DSS_WITH_DES_CBC_SHA"] = 0x0012,
["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x0013,
["TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0014,
["TLS_DHE_RSA_WITH_DES_CBC_SHA"] = 0x0015,
["TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0016,
["TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"] = 0x0017,
["TLS_DH_anon_WITH_RC4_128_MD5"] = 0x0018,
["TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"] = 0x0019,
["TLS_DH_anon_WITH_DES_CBC_SHA"] = 0x001A,
["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"] = 0x001B,
["SSL_FORTEZZA_KEA_WITH_NULL_SHA"] = 0x001C,
["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"] = 0x001D,
["TLS_KRB5_WITH_DES_CBC_SHA-or-SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"] = 0x001E, --TLS vs SSLv3
["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"] = 0x001F,
["TLS_KRB5_WITH_RC4_128_SHA"] = 0x0020,
["TLS_KRB5_WITH_IDEA_CBC_SHA"] = 0x0021,
["TLS_KRB5_WITH_DES_CBC_MD5"] = 0x0022,
["TLS_KRB5_WITH_3DES_EDE_CBC_MD5"] = 0x0023,
["TLS_KRB5_WITH_RC4_128_MD5"] = 0x0024,
["TLS_KRB5_WITH_IDEA_CBC_MD5"] = 0x0025,
["TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"] = 0x0026,
["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"] = 0x0027,
["TLS_KRB5_EXPORT_WITH_RC4_40_SHA"] = 0x0028,
["TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"] = 0x0029,
["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x002A,
["TLS_KRB5_EXPORT_WITH_RC4_40_MD5"] = 0x002B,
["TLS_PSK_WITH_NULL_SHA"] = 0x002C,
["TLS_DHE_PSK_WITH_NULL_SHA"] = 0x002D,
["TLS_RSA_PSK_WITH_NULL_SHA"] = 0x002E,
["TLS_RSA_WITH_AES_128_CBC_SHA"] = 0x002F,
["TLS_DH_DSS_WITH_AES_128_CBC_SHA"] = 0x0030,
["TLS_DH_RSA_WITH_AES_128_CBC_SHA"] = 0x0031,
["TLS_DHE_DSS_WITH_AES_128_CBC_SHA"] = 0x0032,
["TLS_DHE_RSA_WITH_AES_128_CBC_SHA"] = 0x0033,
["TLS_DH_anon_WITH_AES_128_CBC_SHA"] = 0x0034,
["TLS_RSA_WITH_AES_256_CBC_SHA"] = 0x0035,
["TLS_DH_DSS_WITH_AES_256_CBC_SHA"] = 0x0036,
["TLS_DH_RSA_WITH_AES_256_CBC_SHA"] = 0x0037,
["TLS_DHE_DSS_WITH_AES_256_CBC_SHA"] = 0x0038,
["TLS_DHE_RSA_WITH_AES_256_CBC_SHA"] = 0x0039,
["TLS_DH_anon_WITH_AES_256_CBC_SHA"] = 0x003A,
["TLS_RSA_WITH_NULL_SHA256"] = 0x003B,
["TLS_RSA_WITH_AES_128_CBC_SHA256"] = 0x003C,
["TLS_RSA_WITH_AES_256_CBC_SHA256"] = 0x003D,
["TLS_DH_DSS_WITH_AES_128_CBC_SHA256"] = 0x003E,
["TLS_DH_RSA_WITH_AES_128_CBC_SHA256"] = 0x003F,
["TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"] = 0x0040,
["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0041,
["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0042,
["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0043,
["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0044,
["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0045,
["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"] = 0x0046,
["TLS_ECDH_ECDSA_WITH_NULL_SHA-draft"] = 0x0047, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0048, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0049, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004A, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA-draft"] = 0x004B, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA-draft"] = 0x004C, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x004D, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004E, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_NULL_SHA-draft"] = 0x004F, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0050, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0051, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0052, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_NULL_SHA-draft"] = 0x0053, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_WITH_RC4_128_SHA-draft"] = 0x0054, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x0055, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0056, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_NULL_WITH_SHA-draft"] = 0x0057, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_WITH_RC4_128_SHA-draft"] = 0x0058, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_WITH_DES_CBC_SHA-draft"] = 0x0059, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA-draft"] = 0x005A, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA-draft"] = 0x005B, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA-draft"] = 0x005C, --draft-ietf-tls-ecc-00
["TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"] = 0x0060,
["TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"] = 0x0061,
["TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0062,
["TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0063,
["TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"] = 0x0064,
["TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"] = 0x0065,
["TLS_DHE_DSS_WITH_RC4_128_SHA"] = 0x0066,
["TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"] = 0x0067,
["TLS_DH_DSS_WITH_AES_256_CBC_SHA256"] = 0x0068,
["TLS_DH_RSA_WITH_AES_256_CBC_SHA256"] = 0x0069,
["TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"] = 0x006A,
["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"] = 0x006B,
["TLS_DH_anon_WITH_AES_128_CBC_SHA256"] = 0x006C,
["TLS_DH_anon_WITH_AES_256_CBC_SHA256"] = 0x006D,
["TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD"] = 0x0072, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_DSS_WITH_AES_128_CBC_RMD"] = 0x0073, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_DSS_WITH_AES_256_CBC_RMD"] = 0x0074, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x0077, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_RSA_WITH_AES_128_CBC_RMD"] = 0x0078, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_RSA_WITH_AES_256_CBC_RMD"] = 0x0079, --draft-ietf-tls-openpgp-keys-05
["TLS_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x007C, --draft-ietf-tls-openpgp-keys-05
["TLS_RSA_WITH_AES_128_CBC_RMD"] = 0x007D, --draft-ietf-tls-openpgp-keys-05
["TLS_RSA_WITH_AES_256_CBC_RMD"] = 0x007E, --draft-ietf-tls-openpgp-keys-05
["TLS_GOSTR341094_WITH_28147_CNT_IMIT"] = 0x0080, --draft-chudov-cryptopro-cptls-04
["TLS_GOSTR341001_WITH_28147_CNT_IMIT"] = 0x0081, --draft-chudov-cryptopro-cptls-04
["TLS_GOSTR341094_WITH_NULL_GOSTR3411"] = 0x0082, --draft-chudov-cryptopro-cptls-04
["TLS_GOSTR341001_WITH_NULL_GOSTR3411"] = 0x0083, --draft-chudov-cryptopro-cptls-04
["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0084,
["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0085,
["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0086,
["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0087,
["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0088,
["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"] = 0x0089,
["TLS_PSK_WITH_RC4_128_SHA"] = 0x008A,
["TLS_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008B,
["TLS_PSK_WITH_AES_128_CBC_SHA"] = 0x008C,
["TLS_PSK_WITH_AES_256_CBC_SHA"] = 0x008D,
["TLS_DHE_PSK_WITH_RC4_128_SHA"] = 0x008E,
["TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008F,
["TLS_DHE_PSK_WITH_AES_128_CBC_SHA"] = 0x0090,
["TLS_DHE_PSK_WITH_AES_256_CBC_SHA"] = 0x0091,
["TLS_RSA_PSK_WITH_RC4_128_SHA"] = 0x0092,
["TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x0093,
["TLS_RSA_PSK_WITH_AES_128_CBC_SHA"] = 0x0094,
["TLS_RSA_PSK_WITH_AES_256_CBC_SHA"] = 0x0095,
["TLS_RSA_WITH_SEED_CBC_SHA"] = 0x0096,
["TLS_DH_DSS_WITH_SEED_CBC_SHA"] = 0x0097,
["TLS_DH_RSA_WITH_SEED_CBC_SHA"] = 0x0098,
["TLS_DHE_DSS_WITH_SEED_CBC_SHA"] = 0x0099,
["TLS_DHE_RSA_WITH_SEED_CBC_SHA"] = 0x009A,
["TLS_DH_anon_WITH_SEED_CBC_SHA"] = 0x009B,
["TLS_RSA_WITH_AES_128_GCM_SHA256"] = 0x009C,
["TLS_RSA_WITH_AES_256_GCM_SHA384"] = 0x009D,
["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"] = 0x009E,
["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"] = 0x009F,
["TLS_DH_RSA_WITH_AES_128_GCM_SHA256"] = 0x00A0,
["TLS_DH_RSA_WITH_AES_256_GCM_SHA384"] = 0x00A1,
["TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A2,
["TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A3,
["TLS_DH_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A4,
["TLS_DH_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A5,
["TLS_DH_anon_WITH_AES_128_GCM_SHA256"] = 0x00A6,
["TLS_DH_anon_WITH_AES_256_GCM_SHA384"] = 0x00A7,
["TLS_PSK_WITH_AES_128_GCM_SHA256"] = 0x00A8,
["TLS_PSK_WITH_AES_256_GCM_SHA384"] = 0x00A9,
["TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AA,
["TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AB,
["TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AC,
["TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AD,
["TLS_PSK_WITH_AES_128_CBC_SHA256"] = 0x00AE,
["TLS_PSK_WITH_AES_256_CBC_SHA384"] = 0x00AF,
["TLS_PSK_WITH_NULL_SHA256"] = 0x00B0,
["TLS_PSK_WITH_NULL_SHA384"] = 0x00B1,
["TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B2,
["TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B3,
["TLS_DHE_PSK_WITH_NULL_SHA256"] = 0x00B4,
["TLS_DHE_PSK_WITH_NULL_SHA384"] = 0x00B5,
["TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B6,
["TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B7,
["TLS_RSA_PSK_WITH_NULL_SHA256"] = 0x00B8,
["TLS_RSA_PSK_WITH_NULL_SHA384"] = 0x00B9,
["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BA,
["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BB,
["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BC,
["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BD,
["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BE,
["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BF,
["TLS_EMPTY_RENEGOTIATION_INFO_SCSV"] = 0x00FF,
["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C0,
["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C1,
["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C2,
["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C3,
["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C4,
["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C5,
["TLS_ECDH_ECDSA_WITH_NULL_SHA"] = 0xC001,
["TLS_ECDH_ECDSA_WITH_RC4_128_SHA"] = 0xC002,
["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC003,
["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC004,
["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC005,
["TLS_ECDHE_ECDSA_WITH_NULL_SHA"] = 0xC006,
["TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"] = 0xC007,
["TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC008,
["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC009,
["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC00A,
["TLS_ECDH_RSA_WITH_NULL_SHA"] = 0xC00B,
["TLS_ECDH_RSA_WITH_RC4_128_SHA"] = 0xC00C,
["TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC00D,
["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"] = 0xC00E,
["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"] = 0xC00F,
["TLS_ECDHE_RSA_WITH_NULL_SHA"] = 0xC010,
["TLS_ECDHE_RSA_WITH_RC4_128_SHA"] = 0xC011,
["TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC012,
["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"] = 0xC013,
["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"] = 0xC014,
["TLS_ECDH_anon_WITH_NULL_SHA"] = 0xC015,
["TLS_ECDH_anon_WITH_RC4_128_SHA"] = 0xC016,
["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"] = 0xC017,
["TLS_ECDH_anon_WITH_AES_128_CBC_SHA"] = 0xC018,
["TLS_ECDH_anon_WITH_AES_256_CBC_SHA"] = 0xC019,
["TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"] = 0xC01A,
["TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC01B,
["TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"] = 0xC01C,
["TLS_SRP_SHA_WITH_AES_128_CBC_SHA"] = 0xC01D,
["TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"] = 0xC01E,
["TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"] = 0xC01F,
["TLS_SRP_SHA_WITH_AES_256_CBC_SHA"] = 0xC020,
["TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"] = 0xC021,
["TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"] = 0xC022,
["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC023,
["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC024,
["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC025,
["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC026,
["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"] = 0xC027,
["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"] = 0xC028,
["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"] = 0xC029,
["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"] = 0xC02A,
["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02B,
["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02C,
["TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02D,
["TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02E,
["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"] = 0xC02F,
["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"] = 0xC030,
["TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"] = 0xC031,
["TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"] = 0xC032,
["TLS_ECDHE_PSK_WITH_RC4_128_SHA"] = 0xC033,
["TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0xC034,
["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"] = 0xC035,
["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"] = 0xC036,
["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"] = 0xC037,
["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"] = 0xC038,
["TLS_ECDHE_PSK_WITH_NULL_SHA"] = 0xC039,
["TLS_ECDHE_PSK_WITH_NULL_SHA256"] = 0xC03A,
["TLS_ECDHE_PSK_WITH_NULL_SHA384"] = 0xC03B,
["TLS_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC03C,
["TLS_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC03D,
["TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC03E,
["TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC03F,
["TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC040,
["TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC041,
["TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC042,
["TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC043,
["TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC044,
["TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC045,
["TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"] = 0xC046,
["TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"] = 0xC047,
["TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC048,
["TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC049,
["TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04A,
["TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04B,
["TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04C,
["TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04D,
["TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04E,
["TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04F,
["TLS_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC050,
["TLS_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC051,
["TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC052,
["TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC053,
["TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC054,
["TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC055,
["TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC056,
["TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC057,
["TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC058,
["TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC059,
["TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"] = 0xC05A,
["TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"] = 0xC05B,
["TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05C,
["TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05D,
["TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05E,
["TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05F,
["TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC060,
["TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC061,
["TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC062,
["TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC063,
["TLS_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC064,
["TLS_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC065,
["TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC066,
["TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC067,
["TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC068,
["TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC069,
["TLS_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06A,
["TLS_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06B,
["TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06C,
["TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06D,
["TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06E,
["TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06F,
["TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC070,
["TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC071,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC072,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC073,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC074,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC075,
["TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC076,
["TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC077,
["TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC078,
["TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC079,
["TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07A,
["TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07B,
["TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07C,
["TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07D,
["TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07E,
["TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07F,
["TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC080,
["TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC081,
["TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC082,
["TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC083,
["TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC084,
["TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC085,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC086,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC087,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC088,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC089,
["TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08A,
["TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08B,
["TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08C,
["TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08D,
["TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08E,
["TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08F,
["TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC090,
["TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC091,
["TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC092,
["TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC093,
["TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC094,
["TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC095,
["TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC096,
["TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC097,
["TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC098,
["TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC099,
["TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC09A,
["TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC09B,
["TLS_RSA_WITH_AES_128_CCM"] = 0xC09C,
["TLS_RSA_WITH_AES_256_CCM"] = 0xC09D,
["TLS_DHE_RSA_WITH_AES_128_CCM"] = 0xC09E,
["TLS_DHE_RSA_WITH_AES_256_CCM"] = 0xC09F,
["TLS_RSA_WITH_AES_128_CCM_8"] = 0xC0A0,
["TLS_RSA_WITH_AES_256_CCM_8"] = 0xC0A1,
["TLS_DHE_RSA_WITH_AES_128_CCM_8"] = 0xC0A2,
["TLS_DHE_RSA_WITH_AES_256_CCM_8"] = 0xC0A3,
["TLS_PSK_WITH_AES_128_CCM"] = 0xC0A4,
["TLS_PSK_WITH_AES_256_CCM"] = 0xC0A5,
["TLS_DHE_PSK_WITH_AES_128_CCM"] = 0xC0A6,
["TLS_DHE_PSK_WITH_AES_256_CCM"] = 0xC0A7,
["TLS_PSK_WITH_AES_128_CCM_8"] = 0xC0A8,
["TLS_PSK_WITH_AES_256_CCM_8"] = 0xC0A9,
["TLS_PSK_DHE_WITH_AES_128_CCM_8"] = 0xC0AA,
["TLS_PSK_DHE_WITH_AES_256_CCM_8"] = 0xC0AB,
["TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC13,
["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC14,
["TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC15,
["SSL_RSA_FIPS_WITH_DES_CBC_SHA"] = 0xFEFE,
["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"] = 0xFEFF,
}
local function find_key(t, value)
local k, v
for k, v in pairs(t) do
if v == value then
return k
end
end
return nil
end
---
-- Read a SSL/TLS record
-- @param buffer The read buffer
-- @param i The position in the buffer to start reading
-- @return The current position in the buffer
-- @return The record that was read, as a table
function record_read(buffer, i)
local b, h, len
------------
-- Header --
------------
-- Ensure we have enough data for the header.
if #buffer - i < TLS_RECORD_HEADER_LENGTH then
return i, nil
end
-- Parse header.
h = {}
local j, typ, proto = bin.unpack(">CS", buffer, i)
local name = find_key(TLS_CONTENTTYPE_REGISTRY, typ)
if name == nil then
stdnse.print_debug(1,"Unknown TLS ContentType: %d", typ)
return j, nil
end
h["type"] = name
name = find_key(PROTOCOLS, proto)
if name == nil then
stdnse.print_debug(1, "Unknown TLS Protocol: 0x%x", typ)
return j, nil
end
h["protocol"] = name
j, h["length"] = bin.unpack(">S", buffer, j)
-- Ensure we have enough data for the body.
len = j + h["length"] - 1
if #buffer < len then
return i, nil
end
-- Convert to human-readable form.
----------
-- Body --
----------
h["body"] = {}
while j < len do
-- RFC 2246, 6.2.1 "multiple client messages of the same ContentType may
-- be coalesced into a single TLSPlaintext record"
-- TODO: implement reading of fragmented records
b = {}
table.insert(h["body"], b)
if h["type"] == "alert" then
-- Parse body.
j, b["level"] = bin.unpack("C", buffer, j)
j, b["description"] = bin.unpack("C", buffer, j)
-- Convert to human-readable form.
b["level"] = find_key(TLS_ALERT_LEVELS, b["level"])
b["description"] = find_key(TLS_ALERT_REGISTRY, b["description"])
elseif h["type"] == "handshake" then
-- Parse body.
j, b["type"] = bin.unpack("C", buffer, j)
local blen, blen_upper
j, blen_upper, blen = bin.unpack("C>S", buffer, j)
blen = blen + blen_upper * 0x10000
local msg_end = j + blen
-- Convert to human-readable form.
b["type"] = find_key(TLS_HANDSHAKETYPE_REGISTRY, b["type"])
if b["type"] == "server_hello" then
-- Parse body.
j, b["protocol"] = bin.unpack(">S", buffer, j)
j, b["time"] = bin.unpack(">I", buffer, j)
j, b["random"] = bin.unpack("A28", buffer, j)
j, b["session_id_length"] = bin.unpack("C", buffer, j)
j, b["session_id"] = bin.unpack("A" .. b["session_id_length"], buffer, j)
j, b["cipher"] = bin.unpack(">S", buffer, j)
j, b["compressor"] = bin.unpack("C", buffer, j)
-- Optional extensions for TLS only
if j < msg_end and h["protocol"] ~= "SSLv3" then
local num_exts
b["extensions"] = {}
j, num_exts = bin.unpack(">S", buffer, j)
for e = 0, num_exts do
if j >= msg_end then break end
local extcode, datalen
j, extcode = bin.unpack(">S", buffer, j)
extcode = find_key(EXTENSIONS, extcode) or extcode
j, b["extensions"][extcode] = bin.unpack(">P", buffer, j)
end
end
-- Convert to human-readable form.
b["protocol"] = find_key(PROTOCOLS, b["protocol"])
b["cipher"] = find_key(CIPHERS, b["cipher"])
b["compressor"] = find_key(COMPRESSORS, b["compressor"])
else
-- TODO: implement other handshake message types
stdnse.print_debug(1, "Unknown handshake message type: %s", b["type"])
j = msg_end
end
elseif h["type"] == "heartbeat" then
j, b["type"], b["payload_length"] = bin.unpack("C>S", buffer, j)
j, b["payload"], b["padding"] = bin.unpack("PP", buffer, j)
else
stdnse.print_debug(1, "Unknown message type: %s", h["type"])
end
end
-- Ignore unparsed bytes.
j = len+1
return j, h
end
---
-- Build a SSL/TLS record
-- @param type The type of record ("handshake", "change_cipher_spec", etc.)
-- @param protocol The protocol and version ("SSLv3", "TLSv1.0", etc.)
-- @param b The record body
-- @return The SSL/TLS record as a string
function record_write(type, protocol, b)
return table.concat({
-- Set the header as a handshake.
bin.pack("C", TLS_CONTENTTYPE_REGISTRY[type]),
-- Set the protocol.
bin.pack(">S", PROTOCOLS[protocol]),
-- Set the length of the header body.
bin.pack(">S", #b),
b
})
end
---
-- Build a client_hello message
--
-- The options table has the following keys:
-- * <code>"protocol"</code> - The TLS protocol version string
-- * <code>"ciphers"</code> - a table containing the cipher suite names. Defaults to the NULL cipher
-- * <code>"compressors"</code> - a table containing the compressor names. Default: NULL
-- * <code>"extensions"</code> - a table containing the extension names. Default: no extensions
-- @param t Table of options
-- @return The client_hello record as a string
function client_hello(t)
local b, ciphers, compressor, compressors, h, len
----------
-- Body --
----------
b = {}
-- Set the protocol.
table.insert(b, bin.pack(">S", PROTOCOLS[t["protocol"]]))
-- Set the random data.
table.insert(b, bin.pack(">I", os.time()))
-- Set the random data.
table.insert(b, stdnse.generate_random_string(28))
-- Set the session ID.
table.insert(b, bin.pack("C", 0))
-- Cipher suites.
ciphers = {}
if t["ciphers"] ~= nil then
-- Add specified ciphers.
for _, cipher in pairs(t["ciphers"]) do
table.insert(ciphers, bin.pack(">S", CIPHERS[cipher]))
end
else
-- Use NULL cipher
table.insert(ciphers, bin.pack(">S", CIPHERS["TLS_NULL_WITH_NULL_NULL"]))
end
table.insert(b, bin.pack(">P", table.concat(ciphers)))
-- Compression methods.
compressors = {}
if t["compressors"] ~= nil then
-- Add specified compressors.
for _, compressor in pairs(t["compressors"]) do
if compressor ~= "NULL" then
table.insert(compressors, bin.pack("C", COMPRESSORS[compressor]))
end
end
end
-- Always include NULL as last choice
table.insert(compressors, bin.pack("C", COMPRESSORS["NULL"]))
table.insert(b, bin.pack(">p", table.concat(compressors)))
-- TLS extensions
if PROTOCOLS[t["protocol"]] and
PROTOCOLS[t["protocol"]] ~= PROTOCOLS["SSLv3"] then
local extensions = {}
if t["extensions"] ~= nil then
-- Add specified extensions.
for extension, data in pairs(t["extensions"]) do
if type(extension) == "number" then
table.insert(extensions, bin.pack(">S", extension))
else
table.insert(extensions, bin.pack(">S", EXTENSIONS[extension]))
end
table.insert(extensions, bin.pack(">P", data))
end
end
-- Extensions are optional
if #extensions ~= 0 then
table.insert(b, bin.pack(">P", table.concat(extensions)))
end
end
------------
-- Header --
------------
b = table.concat(b)
h = {}
-- Set type to ClientHello.
table.insert(h, bin.pack("C", TLS_HANDSHAKETYPE_REGISTRY["client_hello"]))
-- Set the length of the body.
len = bin.pack(">I", #b)
-- body length is 24 bits big-endian, so the 3 LSB of len
table.insert(h, len:sub(2,4))
table.insert(h, b)
return record_write("handshake", t["protocol"], table.concat(h))
end
local function read_atleast(s, n)
local buf = {}
local count = 0
while count < n do
local status, data = s:receive_bytes(n - count)
if not status then
return status, data, table.concat(buf)
end
buf[#buf+1] = data
count = count + #data
end
return true, table.concat(buf)
end
--- Get an entire record into a buffer
--
-- Caller is responsible for closing the socket if necessary.
-- @param sock The socket to read additional data from
-- @param buffer The string buffer holding any previously-read data
-- (default: "")
-- @param i The position in the buffer where the record should start
-- (default: 1)
-- @return status Socket status
-- @return Buffer containing at least 1 record if status is true
-- @return Error text if there was an error
function record_buffer(sock, buffer, i)
buffer = buffer or ""
i = i or 1
local count = #buffer:sub(i)
local status, resp, rem
if count < TLS_RECORD_HEADER_LENGTH then
status, resp, rem = read_atleast(sock, TLS_RECORD_HEADER_LENGTH - count)
if not status then
return false, buffer .. rem, resp
end
buffer = buffer .. resp
count = count + #resp
end
-- ContentType, ProtocolVersion, length
local _, _, _, len = bin.unpack(">CSS", buffer, i)
if count < TLS_RECORD_HEADER_LENGTH + len then
status, resp = read_atleast(sock, TLS_RECORD_HEADER_LENGTH + len - count)
if not status then
return false, buffer, resp
end
buffer = buffer .. resp
end
return true, buffer
end
return _ENV;
====================================================================
root@kali:~# cat /usr/bin/../share/nmap/scripts/ssl-heartbleed.nse
local bin = require('bin')
local match = require('match')
local nmap = require('nmap')
local shortport = require('shortport')
local sslcert = require('sslcert')
local stdnse = require('stdnse')
local string = require('string')
local table = require('table')
local vulns = require('vulns')
local have_tls, tls = pcall(require,'tls')
assert(have_tls, "This script requires the tls.lua library from http://nmap.org/nsedoc/lib/tls.html")
description = [[
Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160).
The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)
]]
---
-- @usage
-- nmap -p 443 --script ssl-heartbleed <target>
--
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | ssl-heartbleed:
-- | VULNERABLE:
-- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
-- | State: VULNERABLE
-- | Risk factor: High
-- | Description:
-- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
-- |
-- | References:
-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
-- | http://www.openssl.org/news/secadv_20140407.txt
-- |_ http://cvedetails.com/cve/2014-0160/
--
--
-- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2
--
author = "Patrik Karlsson <patrik@cqure.net>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = { "vuln", "safe" }
local arg_protocols = stdnse.get_script_args(SCRIPT_NAME .. ".protocols") or {'TLSv1.0', 'TLSv1.1', 'TLSv1.2'}
portrule = function(host, port)
return shortport.ssl(host, port) or sslcert.isPortSupported(port)
end
local function recvhdr(s)
local status, hdr = s:receive_buf(match.numbytes(5), true)
if not status then
stdnse.print_debug('Unexpected EOF receiving record header - server closed connection')
return
end
local pos, typ, ver, ln = bin.unpack('>CSS', hdr)
return status, typ, ver, ln
end
local function recvmsg(s, len)
local status, pay = s:receive_buf(match.numbytes(len), true)
if not status then
stdnse.print_debug('Unexpected EOF receiving record payload - server closed connection')
return
end
return true, pay
end
local function keys(t)
local ret = {}
for k, _ in pairs(t) do
ret[#ret+1] = k
end
return ret
end
local function testversion(host, port, version)
local hello = tls.client_hello({
["protocol"] = version,
-- Claim to support every cipher
-- Doesn't work with IIS, but IIS isn't vulnerable
["ciphers"] = keys(tls.CIPHERS),
["compressors"] = {"NULL"},
["extensions"] = {
-- Claim to support every elliptic curve
["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](keys(tls.ELLIPTIC_CURVES)),
-- Claim to support every EC point format
["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](keys(tls.EC_POINT_FORMATS)),
["heartbeat"] = "\x01", -- peer_not_allowed_to_send
},
})
local payload = "Nmap ssl-heartbleed"
local hb = tls.record_write("heartbeat", version, bin.pack("C>SA",
1, -- HeartbeatMessageType heartbeat_request
0x4000, -- payload length (falsified)
-- payload length is based on 4096 - 16 bytes padding - 8 bytes packet
-- header + 1 to overflow
payload -- less than payload length.
)
)
local s
local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
if specialized then
local status
status, s = specialized(host, port)
if not status then
stdnse.print_debug("Connection to server failed")
return
end
else
s = nmap.new_socket()
local status = s:connect(host, port)
if not status then
stdnse.print_debug("Connection to server failed")
return
end
end
s:set_timeout(5000)
-- Send Client Hello to the target server
local status, err = s:send(hello)
if not status then
stdnse.print_debug(1,"Couldn't send Client Hello: %s", err)
s:close()
return nil
end
-- Read response
local done = false
local supported = false
local i = 1
local response
repeat
status, response, err = tls.record_buffer(s, response, i)
if err == "TIMEOUT" then
-- Timed out while waiting for server_hello_done
-- Could be client certificate required or other message required
-- Let's just drop out and try sending the heartbeat anyway.
done = true
break
elseif not status then
stdnse.print_debug(1,"Couldn't receive: %s", err)
s:close()
return nil
end
local record
i, record = tls.record_read(response, i)
if record == nil then
stdnse.print_debug("Unknown response from server")
s:close()
return nil
elseif record.protocol ~= version then
stdnse.print_debug("Protocol version mismatch")
s:close()
return nil
end
if record.type == "handshake" then
for _, body in ipairs(record.body) do
if body.type == "server_hello" then
if body.extensions and body.extensions["heartbeat"] == "\x01" then
supported = true
end
elseif body.type == "server_hello_done" then
stdnse.print_debug("we're done!")
done = true
end
end
end
until done
if not supported then
stdnse.print_debug("Server does not support TLS Heartbeat Requests.")
s:close()
return nil
end
status, err = s:send(hb)
if not status then
stdnse.print_debug(1,"Couldn't send heartbeat request: %s", err)
s:close()
return nil
end
while(true) do
local status, typ, ver, len = recvhdr(s)
if not status then
stdnse.print_debug('No heartbeat response received, server likely not vulnerable')
break
end
if typ == 24 then
local pay
status, pay = recvmsg(s, 0x0fe9)
s:close()
if #pay > 3 then
return true
else
stdnse.print_debug('Server processed malformed heartbeat, but did not return any extra data.')
break
end
elseif typ == 21 then
stdnse.print_debug('Server returned error, likely not vulnerable')
break
end
end
end
action = function(host, port)
local vuln_table = {
title = "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.",
state = vulns.STATE.NOT_VULN,
risk_factor = "High",
description = [[
OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
]],
references = {
'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160',
'http://www.openssl.org/news/secadv_20140407.txt ',
'http://cvedetails.com/cve/2014-0160/'
}
}
local report = vulns.Report:new(SCRIPT_NAME, host, port)
local test_vers = arg_protocols
if type(test_vers) == 'string' then
test_vers = { test_vers }
end
for _, ver in ipairs(test_vers) do
if nil == tls.PROTOCOLS[ver] then
return "\n Unsupported protocol version: " .. ver
end
local status = testversion(host, port, ver)
if ( status ) then
vuln_table.state = vulns.STATE.VULN
break
end
end
return report:make_output(vuln_table)
end
2. wget http://nmap.org/svn/nselib/tls.lua
3. cp ssl-heartbleed.nse /usr/bin/../share/nmap/scripts/
4. cp tls.lua /usr/bin/../share/nmap/nselib/
5. 因为这两个脚本里面有错误,使用nmap -d -p 443 -vv -ff --script=ssl-heartbleed target会发现有debug1等函数未定义。这时把debug1替换成print_debug函数,print_debug函数的第一个参数根据print_debug第二个参数格式化字符的个数来决定。
6. 然后可以使用nmap -d -p 443 -vv -ff --script=ssl-heartbleed target
>>root@kali:~# nmap -d -p 443 -vv -ff --script=ssl-heartbleed target
Starting Nmap 6.40 ( http://nmap.org ) at 2014-08-12 15:59 UTC
...
NSE: we're done!
NSE: Server does not support TLS Heartbeat Requests.
NSE: Protocol version mismatch
7. 原代码来自:http://nmap.org/svn/scripts/ssl-heartbleed.nse
: http://nmap.org/svn/nselib/tls.lua
root@kali:~# cat /usr/bin/../share/nmap/nselib/tls.lua
---
-- A library providing functions for doing TLS/SSL communications
--
-- These functions will build strings and process buffers. Socket communication
-- is left to the script to implement.
--
-- @author "Daniel Miller <bonsaiviking@gmail.com>"
local stdnse = require "stdnse"
local bin = require "bin"
local os = require "os"
local table = require "table"
_ENV = stdnse.module("tls", stdnse.seeall)
-- Most of the values in the tables below are from:
-- http://www.iana.org/assignments/tls-parameters/
PROTOCOLS = {
["SSLv3"] = 0x0300,
["TLSv1.0"] = 0x0301,
["TLSv1.1"] = 0x0302,
["TLSv1.2"] = 0x0303
}
--
-- TLS Record Types
--
TLS_RECORD_HEADER_LENGTH = 5
TLS_CONTENTTYPE_REGISTRY = {
["change_cipher_spec"] = 20,
["alert"] = 21,
["handshake"] = 22,
["application_data"] = 23,
["heartbeat"] = 24
}
--
-- TLS Alert Levels
--
TLS_ALERT_LEVELS = {
["warning"] = 1,
["fatal"] = 2,
}
--
-- TLS Alert Record Types
--
TLS_ALERT_REGISTRY = {
["close_notify"] = 0,
["unexpected_message"] = 10,
["bad_record_mac"] = 20,
["decryption_failed"] = 21,
["record_overflow"] = 22,
["decompression_failure"] = 30,
["handshake_failure"] = 40,
["no_certificate"] = 41,
["bad_certificate"] = 42,
["unsupported_certificate"] = 43,
["certificate_revoked"] = 44,
["certificate_expired"] = 45,
["certificate_unknown"] = 46,
["illegal_parameter"] = 47,
["unknown_ca"] = 48,
["access_denied"] = 49,
["decode_error"] = 50,
["decrypt_error"] = 51,
["export_restriction"] = 60,
["protocol_version"] = 70,
["insufficient_security"] = 71,
["internal_error"] = 80,
["user_canceled"] = 90,
["no_renegotiation"] = 100,
["unsupported_extension"] = 110,
["certificate_unobtainable"] = 111,
["unrecognized_name"] = 112,
["bad_certificate_status_response"] = 113,
["bad_certificate_hash_value"] = 114,
["unknown_psk_identity"] = 115
}
--
-- TLS Handshake Record Types
--
TLS_HANDSHAKETYPE_REGISTRY = {
["hello_request"] = 0,
["client_hello"] = 1,
["server_hello"] = 2,
["hello_verify_request"] = 3,
["NewSessionTicket"] = 4,
["certificate"] = 11,
["server_key_exchange"] = 12,
["certificate_request"] = 13,
["server_hello_done"] = 14,
["certificate_verify"] = 15,
["client_key_exchange"] = 16,
["finished"] = 20,
["certificate_url"] = 21,
["certificate_status"] = 22,
["supplemental_data"] = 23,
["next_protocol"] = 67,
}
--
-- Compression Algorithms
-- http://www.iana.org/assignments/comp-meth-ids
--
COMPRESSORS = {
["NULL"] = 0,
["DEFLATE"] = 1,
["LZS"] = 64
}
---
-- RFC 4492 section 5.1.1 "Supported Elliptic Curves Extension".
ELLIPTIC_CURVES = {
sect163k1 = 1,
sect163r1 = 2,
sect163r2 = 3,
sect193r1 = 4,
sect193r2 = 5,
sect233k1 = 6,
sect233r1 = 7,
sect239k1 = 8,
sect283k1 = 9,
sect283r1 = 10,
sect409k1 = 11,
sect409r1 = 12,
sect571k1 = 13,
sect571r1 = 14,
secp160k1 = 15,
secp160r1 = 16,
secp160r2 = 17,
secp192k1 = 18,
secp192r1 = 19,
secp224k1 = 20,
secp224r1 = 21,
secp256k1 = 22,
secp256r1 = 23,
secp384r1 = 24,
secp521r1 = 25,
arbitrary_explicit_prime_curves = 0xFF01,
arbitrary_explicit_char2_curves = 0xFF02,
}
---
-- RFC 4492 section 5.1.2 "Supported Point Formats Extension".
EC_POINT_FORMATS = {
uncompressed = 0,
ansiX962_compressed_prime = 1,
ansiX962_compressed_char2 = 2,
}
---
-- Extensions
-- RFC 6066, draft-agl-tls-nextprotoneg-03
-- https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml
--
EXTENSIONS = {
["server_name"] = 0,
["max_fragment_length"] = 1,
["client_certificate_url"] = 2,
["trusted_ca_keys"] = 3,
["truncated_hmac"] = 4,
["status_request"] = 5,
["user_mapping"] = 6,
["client_authz"] = 7,
["server_authz"] = 8,
["cert_type"] = 9,
["elliptic_curves"] = 10,
["ec_point_formats"] = 11,
["srp"] = 12,
["signature_algorithms"] = 13,
["use_srtp"] = 14,
["heartbeat"] = 15,
["application_layer_protocol_negotiation"] = 16,
["status_request_v2"] = 17,
["signed_certificate_timestamp"] = 18,
["client_certificate_type"] = 19,
["server_certificate_type"] = 20,
["padding"] = 21, -- Temporary, expires 2015-03-12
["SessionTicket TLS"] = 35,
["next_protocol_negotiation"] = 13172,
["renegotiation_info"] = 65281,
}
---
-- Builds data for each extension
-- Defaults to tostring (i.e. pass in the packed data you want directly)
EXTENSION_HELPERS = {
["server_name"] = function (server_name)
-- Only supports host_name type (0), as per RFC
-- Support for other types could be added later
return bin.pack(">P", bin.pack(">CP", 0, server_name))
end,
["max_fragment_length"] = tostring,
["client_certificate_url"] = tostring,
["trusted_ca_keys"] = tostring,
["truncated_hmac"] = tostring,
["status_request"] = tostring,
["elliptic_curves"] = function (elliptic_curves)
local list = {}
for _, name in ipairs(elliptic_curves) do
list[#list+1] = bin.pack(">S", ELLIPTIC_CURVES[name])
end
return bin.pack(">P", table.concat(list))
end,
["ec_point_formats"] = function (ec_point_formats)
local list = {}
for _, format in ipairs(ec_point_formats) do
list[#list+1] = bin.pack(">C", EC_POINT_FORMATS[format])
end
return bin.pack(">p", table.concat(list))
end,
["next_protocol_negotiation"] = tostring,
}
--
-- Encryption Algorithms
--
CIPHERS = {
["TLS_NULL_WITH_NULL_NULL"] = 0x0000,
["TLS_RSA_WITH_NULL_MD5"] = 0x0001,
["TLS_RSA_WITH_NULL_SHA"] = 0x0002,
["TLS_RSA_EXPORT_WITH_RC4_40_MD5"] = 0x0003,
["TLS_RSA_WITH_RC4_128_MD5"] = 0x0004,
["TLS_RSA_WITH_RC4_128_SHA"] = 0x0005,
["TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x0006,
["TLS_RSA_WITH_IDEA_CBC_SHA"] = 0x0007,
["TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0008,
["TLS_RSA_WITH_DES_CBC_SHA"] = 0x0009,
["TLS_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x000A,
["TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x000B,
["TLS_DH_DSS_WITH_DES_CBC_SHA"] = 0x000C,
["TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x000D,
["TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x000E,
["TLS_DH_RSA_WITH_DES_CBC_SHA"] = 0x000F,
["TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0010,
["TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"] = 0x0011,
["TLS_DHE_DSS_WITH_DES_CBC_SHA"] = 0x0012,
["TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"] = 0x0013,
["TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"] = 0x0014,
["TLS_DHE_RSA_WITH_DES_CBC_SHA"] = 0x0015,
["TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0x0016,
["TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"] = 0x0017,
["TLS_DH_anon_WITH_RC4_128_MD5"] = 0x0018,
["TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"] = 0x0019,
["TLS_DH_anon_WITH_DES_CBC_SHA"] = 0x001A,
["TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"] = 0x001B,
["SSL_FORTEZZA_KEA_WITH_NULL_SHA"] = 0x001C,
["SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"] = 0x001D,
["TLS_KRB5_WITH_DES_CBC_SHA-or-SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"] = 0x001E, --TLS vs SSLv3
["TLS_KRB5_WITH_3DES_EDE_CBC_SHA"] = 0x001F,
["TLS_KRB5_WITH_RC4_128_SHA"] = 0x0020,
["TLS_KRB5_WITH_IDEA_CBC_SHA"] = 0x0021,
["TLS_KRB5_WITH_DES_CBC_MD5"] = 0x0022,
["TLS_KRB5_WITH_3DES_EDE_CBC_MD5"] = 0x0023,
["TLS_KRB5_WITH_RC4_128_MD5"] = 0x0024,
["TLS_KRB5_WITH_IDEA_CBC_MD5"] = 0x0025,
["TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"] = 0x0026,
["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"] = 0x0027,
["TLS_KRB5_EXPORT_WITH_RC4_40_SHA"] = 0x0028,
["TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"] = 0x0029,
["TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"] = 0x002A,
["TLS_KRB5_EXPORT_WITH_RC4_40_MD5"] = 0x002B,
["TLS_PSK_WITH_NULL_SHA"] = 0x002C,
["TLS_DHE_PSK_WITH_NULL_SHA"] = 0x002D,
["TLS_RSA_PSK_WITH_NULL_SHA"] = 0x002E,
["TLS_RSA_WITH_AES_128_CBC_SHA"] = 0x002F,
["TLS_DH_DSS_WITH_AES_128_CBC_SHA"] = 0x0030,
["TLS_DH_RSA_WITH_AES_128_CBC_SHA"] = 0x0031,
["TLS_DHE_DSS_WITH_AES_128_CBC_SHA"] = 0x0032,
["TLS_DHE_RSA_WITH_AES_128_CBC_SHA"] = 0x0033,
["TLS_DH_anon_WITH_AES_128_CBC_SHA"] = 0x0034,
["TLS_RSA_WITH_AES_256_CBC_SHA"] = 0x0035,
["TLS_DH_DSS_WITH_AES_256_CBC_SHA"] = 0x0036,
["TLS_DH_RSA_WITH_AES_256_CBC_SHA"] = 0x0037,
["TLS_DHE_DSS_WITH_AES_256_CBC_SHA"] = 0x0038,
["TLS_DHE_RSA_WITH_AES_256_CBC_SHA"] = 0x0039,
["TLS_DH_anon_WITH_AES_256_CBC_SHA"] = 0x003A,
["TLS_RSA_WITH_NULL_SHA256"] = 0x003B,
["TLS_RSA_WITH_AES_128_CBC_SHA256"] = 0x003C,
["TLS_RSA_WITH_AES_256_CBC_SHA256"] = 0x003D,
["TLS_DH_DSS_WITH_AES_128_CBC_SHA256"] = 0x003E,
["TLS_DH_RSA_WITH_AES_128_CBC_SHA256"] = 0x003F,
["TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"] = 0x0040,
["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0041,
["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0042,
["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0043,
["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"] = 0x0044,
["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"] = 0x0045,
["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"] = 0x0046,
["TLS_ECDH_ECDSA_WITH_NULL_SHA-draft"] = 0x0047, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0048, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0049, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004A, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA-draft"] = 0x004B, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA-draft"] = 0x004C, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x004D, --draft-ietf-tls-ecc-00
["TLS_ECDH_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x004E, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_NULL_SHA-draft"] = 0x004F, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_WITH_RC4_128_SHA-draft"] = 0x0050, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_WITH_DES_CBC_SHA-draft"] = 0x0051, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECDSA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0052, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_NULL_SHA-draft"] = 0x0053, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_WITH_RC4_128_SHA-draft"] = 0x0054, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_WITH_DES_CBC_SHA-draft"] = 0x0055, --draft-ietf-tls-ecc-00
["TLS_ECMQV_ECNRA_WITH_3DES_EDE_CBC_SHA-draft"] = 0x0056, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_NULL_WITH_SHA-draft"] = 0x0057, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_WITH_RC4_128_SHA-draft"] = 0x0058, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_WITH_DES_CBC_SHA-draft"] = 0x0059, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA-draft"] = 0x005A, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_EXPORT_WITH_DES40_CBC_SHA-draft"] = 0x005B, --draft-ietf-tls-ecc-00
["TLS_ECDH_anon_EXPORT_WITH_RC4_40_SHA-draft"] = 0x005C, --draft-ietf-tls-ecc-00
["TLS_RSA_EXPORT1024_WITH_RC4_56_MD5"] = 0x0060,
["TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5"] = 0x0061,
["TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0062,
["TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA"] = 0x0063,
["TLS_RSA_EXPORT1024_WITH_RC4_56_SHA"] = 0x0064,
["TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA"] = 0x0065,
["TLS_DHE_DSS_WITH_RC4_128_SHA"] = 0x0066,
["TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"] = 0x0067,
["TLS_DH_DSS_WITH_AES_256_CBC_SHA256"] = 0x0068,
["TLS_DH_RSA_WITH_AES_256_CBC_SHA256"] = 0x0069,
["TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"] = 0x006A,
["TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"] = 0x006B,
["TLS_DH_anon_WITH_AES_128_CBC_SHA256"] = 0x006C,
["TLS_DH_anon_WITH_AES_256_CBC_SHA256"] = 0x006D,
["TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD"] = 0x0072, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_DSS_WITH_AES_128_CBC_RMD"] = 0x0073, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_DSS_WITH_AES_256_CBC_RMD"] = 0x0074, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x0077, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_RSA_WITH_AES_128_CBC_RMD"] = 0x0078, --draft-ietf-tls-openpgp-keys-05
["TLS_DHE_RSA_WITH_AES_256_CBC_RMD"] = 0x0079, --draft-ietf-tls-openpgp-keys-05
["TLS_RSA_WITH_3DES_EDE_CBC_RMD"] = 0x007C, --draft-ietf-tls-openpgp-keys-05
["TLS_RSA_WITH_AES_128_CBC_RMD"] = 0x007D, --draft-ietf-tls-openpgp-keys-05
["TLS_RSA_WITH_AES_256_CBC_RMD"] = 0x007E, --draft-ietf-tls-openpgp-keys-05
["TLS_GOSTR341094_WITH_28147_CNT_IMIT"] = 0x0080, --draft-chudov-cryptopro-cptls-04
["TLS_GOSTR341001_WITH_28147_CNT_IMIT"] = 0x0081, --draft-chudov-cryptopro-cptls-04
["TLS_GOSTR341094_WITH_NULL_GOSTR3411"] = 0x0082, --draft-chudov-cryptopro-cptls-04
["TLS_GOSTR341001_WITH_NULL_GOSTR3411"] = 0x0083, --draft-chudov-cryptopro-cptls-04
["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0084,
["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0085,
["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0086,
["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"] = 0x0087,
["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"] = 0x0088,
["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"] = 0x0089,
["TLS_PSK_WITH_RC4_128_SHA"] = 0x008A,
["TLS_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008B,
["TLS_PSK_WITH_AES_128_CBC_SHA"] = 0x008C,
["TLS_PSK_WITH_AES_256_CBC_SHA"] = 0x008D,
["TLS_DHE_PSK_WITH_RC4_128_SHA"] = 0x008E,
["TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x008F,
["TLS_DHE_PSK_WITH_AES_128_CBC_SHA"] = 0x0090,
["TLS_DHE_PSK_WITH_AES_256_CBC_SHA"] = 0x0091,
["TLS_RSA_PSK_WITH_RC4_128_SHA"] = 0x0092,
["TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"] = 0x0093,
["TLS_RSA_PSK_WITH_AES_128_CBC_SHA"] = 0x0094,
["TLS_RSA_PSK_WITH_AES_256_CBC_SHA"] = 0x0095,
["TLS_RSA_WITH_SEED_CBC_SHA"] = 0x0096,
["TLS_DH_DSS_WITH_SEED_CBC_SHA"] = 0x0097,
["TLS_DH_RSA_WITH_SEED_CBC_SHA"] = 0x0098,
["TLS_DHE_DSS_WITH_SEED_CBC_SHA"] = 0x0099,
["TLS_DHE_RSA_WITH_SEED_CBC_SHA"] = 0x009A,
["TLS_DH_anon_WITH_SEED_CBC_SHA"] = 0x009B,
["TLS_RSA_WITH_AES_128_GCM_SHA256"] = 0x009C,
["TLS_RSA_WITH_AES_256_GCM_SHA384"] = 0x009D,
["TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"] = 0x009E,
["TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"] = 0x009F,
["TLS_DH_RSA_WITH_AES_128_GCM_SHA256"] = 0x00A0,
["TLS_DH_RSA_WITH_AES_256_GCM_SHA384"] = 0x00A1,
["TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A2,
["TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A3,
["TLS_DH_DSS_WITH_AES_128_GCM_SHA256"] = 0x00A4,
["TLS_DH_DSS_WITH_AES_256_GCM_SHA384"] = 0x00A5,
["TLS_DH_anon_WITH_AES_128_GCM_SHA256"] = 0x00A6,
["TLS_DH_anon_WITH_AES_256_GCM_SHA384"] = 0x00A7,
["TLS_PSK_WITH_AES_128_GCM_SHA256"] = 0x00A8,
["TLS_PSK_WITH_AES_256_GCM_SHA384"] = 0x00A9,
["TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AA,
["TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AB,
["TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"] = 0x00AC,
["TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"] = 0x00AD,
["TLS_PSK_WITH_AES_128_CBC_SHA256"] = 0x00AE,
["TLS_PSK_WITH_AES_256_CBC_SHA384"] = 0x00AF,
["TLS_PSK_WITH_NULL_SHA256"] = 0x00B0,
["TLS_PSK_WITH_NULL_SHA384"] = 0x00B1,
["TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B2,
["TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B3,
["TLS_DHE_PSK_WITH_NULL_SHA256"] = 0x00B4,
["TLS_DHE_PSK_WITH_NULL_SHA384"] = 0x00B5,
["TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"] = 0x00B6,
["TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"] = 0x00B7,
["TLS_RSA_PSK_WITH_NULL_SHA256"] = 0x00B8,
["TLS_RSA_PSK_WITH_NULL_SHA384"] = 0x00B9,
["TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BA,
["TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BB,
["TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BC,
["TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BD,
["TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BE,
["TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"] = 0x00BF,
["TLS_EMPTY_RENEGOTIATION_INFO_SCSV"] = 0x00FF,
["TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C0,
["TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C1,
["TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C2,
["TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C3,
["TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C4,
["TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"] = 0x00C5,
["TLS_ECDH_ECDSA_WITH_NULL_SHA"] = 0xC001,
["TLS_ECDH_ECDSA_WITH_RC4_128_SHA"] = 0xC002,
["TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC003,
["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC004,
["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC005,
["TLS_ECDHE_ECDSA_WITH_NULL_SHA"] = 0xC006,
["TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"] = 0xC007,
["TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"] = 0xC008,
["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"] = 0xC009,
["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"] = 0xC00A,
["TLS_ECDH_RSA_WITH_NULL_SHA"] = 0xC00B,
["TLS_ECDH_RSA_WITH_RC4_128_SHA"] = 0xC00C,
["TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC00D,
["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"] = 0xC00E,
["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"] = 0xC00F,
["TLS_ECDHE_RSA_WITH_NULL_SHA"] = 0xC010,
["TLS_ECDHE_RSA_WITH_RC4_128_SHA"] = 0xC011,
["TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC012,
["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"] = 0xC013,
["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"] = 0xC014,
["TLS_ECDH_anon_WITH_NULL_SHA"] = 0xC015,
["TLS_ECDH_anon_WITH_RC4_128_SHA"] = 0xC016,
["TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"] = 0xC017,
["TLS_ECDH_anon_WITH_AES_128_CBC_SHA"] = 0xC018,
["TLS_ECDH_anon_WITH_AES_256_CBC_SHA"] = 0xC019,
["TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"] = 0xC01A,
["TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"] = 0xC01B,
["TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"] = 0xC01C,
["TLS_SRP_SHA_WITH_AES_128_CBC_SHA"] = 0xC01D,
["TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"] = 0xC01E,
["TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"] = 0xC01F,
["TLS_SRP_SHA_WITH_AES_256_CBC_SHA"] = 0xC020,
["TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"] = 0xC021,
["TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"] = 0xC022,
["TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC023,
["TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC024,
["TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"] = 0xC025,
["TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"] = 0xC026,
["TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"] = 0xC027,
["TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"] = 0xC028,
["TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"] = 0xC029,
["TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"] = 0xC02A,
["TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02B,
["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02C,
["TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"] = 0xC02D,
["TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"] = 0xC02E,
["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"] = 0xC02F,
["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"] = 0xC030,
["TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"] = 0xC031,
["TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"] = 0xC032,
["TLS_ECDHE_PSK_WITH_RC4_128_SHA"] = 0xC033,
["TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"] = 0xC034,
["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"] = 0xC035,
["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"] = 0xC036,
["TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"] = 0xC037,
["TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"] = 0xC038,
["TLS_ECDHE_PSK_WITH_NULL_SHA"] = 0xC039,
["TLS_ECDHE_PSK_WITH_NULL_SHA256"] = 0xC03A,
["TLS_ECDHE_PSK_WITH_NULL_SHA384"] = 0xC03B,
["TLS_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC03C,
["TLS_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC03D,
["TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC03E,
["TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC03F,
["TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC040,
["TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC041,
["TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"] = 0xC042,
["TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"] = 0xC043,
["TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC044,
["TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC045,
["TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"] = 0xC046,
["TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"] = 0xC047,
["TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC048,
["TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC049,
["TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04A,
["TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04B,
["TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04C,
["TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04D,
["TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"] = 0xC04E,
["TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"] = 0xC04F,
["TLS_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC050,
["TLS_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC051,
["TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC052,
["TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC053,
["TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC054,
["TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC055,
["TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC056,
["TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC057,
["TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"] = 0xC058,
["TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"] = 0xC059,
["TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"] = 0xC05A,
["TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"] = 0xC05B,
["TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05C,
["TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05D,
["TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"] = 0xC05E,
["TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"] = 0xC05F,
["TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC060,
["TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC061,
["TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"] = 0xC062,
["TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"] = 0xC063,
["TLS_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC064,
["TLS_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC065,
["TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC066,
["TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC067,
["TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC068,
["TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC069,
["TLS_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06A,
["TLS_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06B,
["TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06C,
["TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06D,
["TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"] = 0xC06E,
["TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"] = 0xC06F,
["TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"] = 0xC070,
["TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"] = 0xC071,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC072,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC073,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC074,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC075,
["TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC076,
["TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC077,
["TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC078,
["TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC079,
["TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07A,
["TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07B,
["TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07C,
["TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07D,
["TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC07E,
["TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC07F,
["TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC080,
["TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC081,
["TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC082,
["TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC083,
["TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC084,
["TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC085,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC086,
["TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC087,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC088,
["TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC089,
["TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08A,
["TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08B,
["TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08C,
["TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08D,
["TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC08E,
["TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC08F,
["TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC090,
["TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC091,
["TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"] = 0xC092,
["TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"] = 0xC093,
["TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC094,
["TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC095,
["TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC096,
["TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC097,
["TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC098,
["TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC099,
["TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"] = 0xC09A,
["TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"] = 0xC09B,
["TLS_RSA_WITH_AES_128_CCM"] = 0xC09C,
["TLS_RSA_WITH_AES_256_CCM"] = 0xC09D,
["TLS_DHE_RSA_WITH_AES_128_CCM"] = 0xC09E,
["TLS_DHE_RSA_WITH_AES_256_CCM"] = 0xC09F,
["TLS_RSA_WITH_AES_128_CCM_8"] = 0xC0A0,
["TLS_RSA_WITH_AES_256_CCM_8"] = 0xC0A1,
["TLS_DHE_RSA_WITH_AES_128_CCM_8"] = 0xC0A2,
["TLS_DHE_RSA_WITH_AES_256_CCM_8"] = 0xC0A3,
["TLS_PSK_WITH_AES_128_CCM"] = 0xC0A4,
["TLS_PSK_WITH_AES_256_CCM"] = 0xC0A5,
["TLS_DHE_PSK_WITH_AES_128_CCM"] = 0xC0A6,
["TLS_DHE_PSK_WITH_AES_256_CCM"] = 0xC0A7,
["TLS_PSK_WITH_AES_128_CCM_8"] = 0xC0A8,
["TLS_PSK_WITH_AES_256_CCM_8"] = 0xC0A9,
["TLS_PSK_DHE_WITH_AES_128_CCM_8"] = 0xC0AA,
["TLS_PSK_DHE_WITH_AES_256_CCM_8"] = 0xC0AB,
["TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC13,
["TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC14,
["TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"] = 0xCC15,
["SSL_RSA_FIPS_WITH_DES_CBC_SHA"] = 0xFEFE,
["SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"] = 0xFEFF,
}
local function find_key(t, value)
local k, v
for k, v in pairs(t) do
if v == value then
return k
end
end
return nil
end
---
-- Read a SSL/TLS record
-- @param buffer The read buffer
-- @param i The position in the buffer to start reading
-- @return The current position in the buffer
-- @return The record that was read, as a table
function record_read(buffer, i)
local b, h, len
------------
-- Header --
------------
-- Ensure we have enough data for the header.
if #buffer - i < TLS_RECORD_HEADER_LENGTH then
return i, nil
end
-- Parse header.
h = {}
local j, typ, proto = bin.unpack(">CS", buffer, i)
local name = find_key(TLS_CONTENTTYPE_REGISTRY, typ)
if name == nil then
stdnse.print_debug(1,"Unknown TLS ContentType: %d", typ)
return j, nil
end
h["type"] = name
name = find_key(PROTOCOLS, proto)
if name == nil then
stdnse.print_debug(1, "Unknown TLS Protocol: 0x%x", typ)
return j, nil
end
h["protocol"] = name
j, h["length"] = bin.unpack(">S", buffer, j)
-- Ensure we have enough data for the body.
len = j + h["length"] - 1
if #buffer < len then
return i, nil
end
-- Convert to human-readable form.
----------
-- Body --
----------
h["body"] = {}
while j < len do
-- RFC 2246, 6.2.1 "multiple client messages of the same ContentType may
-- be coalesced into a single TLSPlaintext record"
-- TODO: implement reading of fragmented records
b = {}
table.insert(h["body"], b)
if h["type"] == "alert" then
-- Parse body.
j, b["level"] = bin.unpack("C", buffer, j)
j, b["description"] = bin.unpack("C", buffer, j)
-- Convert to human-readable form.
b["level"] = find_key(TLS_ALERT_LEVELS, b["level"])
b["description"] = find_key(TLS_ALERT_REGISTRY, b["description"])
elseif h["type"] == "handshake" then
-- Parse body.
j, b["type"] = bin.unpack("C", buffer, j)
local blen, blen_upper
j, blen_upper, blen = bin.unpack("C>S", buffer, j)
blen = blen + blen_upper * 0x10000
local msg_end = j + blen
-- Convert to human-readable form.
b["type"] = find_key(TLS_HANDSHAKETYPE_REGISTRY, b["type"])
if b["type"] == "server_hello" then
-- Parse body.
j, b["protocol"] = bin.unpack(">S", buffer, j)
j, b["time"] = bin.unpack(">I", buffer, j)
j, b["random"] = bin.unpack("A28", buffer, j)
j, b["session_id_length"] = bin.unpack("C", buffer, j)
j, b["session_id"] = bin.unpack("A" .. b["session_id_length"], buffer, j)
j, b["cipher"] = bin.unpack(">S", buffer, j)
j, b["compressor"] = bin.unpack("C", buffer, j)
-- Optional extensions for TLS only
if j < msg_end and h["protocol"] ~= "SSLv3" then
local num_exts
b["extensions"] = {}
j, num_exts = bin.unpack(">S", buffer, j)
for e = 0, num_exts do
if j >= msg_end then break end
local extcode, datalen
j, extcode = bin.unpack(">S", buffer, j)
extcode = find_key(EXTENSIONS, extcode) or extcode
j, b["extensions"][extcode] = bin.unpack(">P", buffer, j)
end
end
-- Convert to human-readable form.
b["protocol"] = find_key(PROTOCOLS, b["protocol"])
b["cipher"] = find_key(CIPHERS, b["cipher"])
b["compressor"] = find_key(COMPRESSORS, b["compressor"])
else
-- TODO: implement other handshake message types
stdnse.print_debug(1, "Unknown handshake message type: %s", b["type"])
j = msg_end
end
elseif h["type"] == "heartbeat" then
j, b["type"], b["payload_length"] = bin.unpack("C>S", buffer, j)
j, b["payload"], b["padding"] = bin.unpack("PP", buffer, j)
else
stdnse.print_debug(1, "Unknown message type: %s", h["type"])
end
end
-- Ignore unparsed bytes.
j = len+1
return j, h
end
---
-- Build a SSL/TLS record
-- @param type The type of record ("handshake", "change_cipher_spec", etc.)
-- @param protocol The protocol and version ("SSLv3", "TLSv1.0", etc.)
-- @param b The record body
-- @return The SSL/TLS record as a string
function record_write(type, protocol, b)
return table.concat({
-- Set the header as a handshake.
bin.pack("C", TLS_CONTENTTYPE_REGISTRY[type]),
-- Set the protocol.
bin.pack(">S", PROTOCOLS[protocol]),
-- Set the length of the header body.
bin.pack(">S", #b),
b
})
end
---
-- Build a client_hello message
--
-- The options table has the following keys:
-- * <code>"protocol"</code> - The TLS protocol version string
-- * <code>"ciphers"</code> - a table containing the cipher suite names. Defaults to the NULL cipher
-- * <code>"compressors"</code> - a table containing the compressor names. Default: NULL
-- * <code>"extensions"</code> - a table containing the extension names. Default: no extensions
-- @param t Table of options
-- @return The client_hello record as a string
function client_hello(t)
local b, ciphers, compressor, compressors, h, len
----------
-- Body --
----------
b = {}
-- Set the protocol.
table.insert(b, bin.pack(">S", PROTOCOLS[t["protocol"]]))
-- Set the random data.
table.insert(b, bin.pack(">I", os.time()))
-- Set the random data.
table.insert(b, stdnse.generate_random_string(28))
-- Set the session ID.
table.insert(b, bin.pack("C", 0))
-- Cipher suites.
ciphers = {}
if t["ciphers"] ~= nil then
-- Add specified ciphers.
for _, cipher in pairs(t["ciphers"]) do
table.insert(ciphers, bin.pack(">S", CIPHERS[cipher]))
end
else
-- Use NULL cipher
table.insert(ciphers, bin.pack(">S", CIPHERS["TLS_NULL_WITH_NULL_NULL"]))
end
table.insert(b, bin.pack(">P", table.concat(ciphers)))
-- Compression methods.
compressors = {}
if t["compressors"] ~= nil then
-- Add specified compressors.
for _, compressor in pairs(t["compressors"]) do
if compressor ~= "NULL" then
table.insert(compressors, bin.pack("C", COMPRESSORS[compressor]))
end
end
end
-- Always include NULL as last choice
table.insert(compressors, bin.pack("C", COMPRESSORS["NULL"]))
table.insert(b, bin.pack(">p", table.concat(compressors)))
-- TLS extensions
if PROTOCOLS[t["protocol"]] and
PROTOCOLS[t["protocol"]] ~= PROTOCOLS["SSLv3"] then
local extensions = {}
if t["extensions"] ~= nil then
-- Add specified extensions.
for extension, data in pairs(t["extensions"]) do
if type(extension) == "number" then
table.insert(extensions, bin.pack(">S", extension))
else
table.insert(extensions, bin.pack(">S", EXTENSIONS[extension]))
end
table.insert(extensions, bin.pack(">P", data))
end
end
-- Extensions are optional
if #extensions ~= 0 then
table.insert(b, bin.pack(">P", table.concat(extensions)))
end
end
------------
-- Header --
------------
b = table.concat(b)
h = {}
-- Set type to ClientHello.
table.insert(h, bin.pack("C", TLS_HANDSHAKETYPE_REGISTRY["client_hello"]))
-- Set the length of the body.
len = bin.pack(">I", #b)
-- body length is 24 bits big-endian, so the 3 LSB of len
table.insert(h, len:sub(2,4))
table.insert(h, b)
return record_write("handshake", t["protocol"], table.concat(h))
end
local function read_atleast(s, n)
local buf = {}
local count = 0
while count < n do
local status, data = s:receive_bytes(n - count)
if not status then
return status, data, table.concat(buf)
end
buf[#buf+1] = data
count = count + #data
end
return true, table.concat(buf)
end
--- Get an entire record into a buffer
--
-- Caller is responsible for closing the socket if necessary.
-- @param sock The socket to read additional data from
-- @param buffer The string buffer holding any previously-read data
-- (default: "")
-- @param i The position in the buffer where the record should start
-- (default: 1)
-- @return status Socket status
-- @return Buffer containing at least 1 record if status is true
-- @return Error text if there was an error
function record_buffer(sock, buffer, i)
buffer = buffer or ""
i = i or 1
local count = #buffer:sub(i)
local status, resp, rem
if count < TLS_RECORD_HEADER_LENGTH then
status, resp, rem = read_atleast(sock, TLS_RECORD_HEADER_LENGTH - count)
if not status then
return false, buffer .. rem, resp
end
buffer = buffer .. resp
count = count + #resp
end
-- ContentType, ProtocolVersion, length
local _, _, _, len = bin.unpack(">CSS", buffer, i)
if count < TLS_RECORD_HEADER_LENGTH + len then
status, resp = read_atleast(sock, TLS_RECORD_HEADER_LENGTH + len - count)
if not status then
return false, buffer, resp
end
buffer = buffer .. resp
end
return true, buffer
end
return _ENV;
====================================================================
root@kali:~# cat /usr/bin/../share/nmap/scripts/ssl-heartbleed.nse
local bin = require('bin')
local match = require('match')
local nmap = require('nmap')
local shortport = require('shortport')
local sslcert = require('sslcert')
local stdnse = require('stdnse')
local string = require('string')
local table = require('table')
local vulns = require('vulns')
local have_tls, tls = pcall(require,'tls')
assert(have_tls, "This script requires the tls.lua library from http://nmap.org/nsedoc/lib/tls.html")
description = [[
Detects whether a server is vulnerable to the OpenSSL Heartbleed bug (CVE-2014-0160).
The code is based on the Python script ssltest.py authored by Jared Stafford (jspenguin@jspenguin.org)
]]
---
-- @usage
-- nmap -p 443 --script ssl-heartbleed <target>
--
-- @output
-- PORT STATE SERVICE
-- 443/tcp open https
-- | ssl-heartbleed:
-- | VULNERABLE:
-- | The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.
-- | State: VULNERABLE
-- | Risk factor: High
-- | Description:
-- | OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
-- |
-- | References:
-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
-- | http://www.openssl.org/news/secadv_20140407.txt
-- |_ http://cvedetails.com/cve/2014-0160/
--
--
-- @args ssl-heartbleed.protocols (default tries all) TLS 1.0, TLS 1.1, or TLS 1.2
--
author = "Patrik Karlsson <patrik@cqure.net>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = { "vuln", "safe" }
local arg_protocols = stdnse.get_script_args(SCRIPT_NAME .. ".protocols") or {'TLSv1.0', 'TLSv1.1', 'TLSv1.2'}
portrule = function(host, port)
return shortport.ssl(host, port) or sslcert.isPortSupported(port)
end
local function recvhdr(s)
local status, hdr = s:receive_buf(match.numbytes(5), true)
if not status then
stdnse.print_debug('Unexpected EOF receiving record header - server closed connection')
return
end
local pos, typ, ver, ln = bin.unpack('>CSS', hdr)
return status, typ, ver, ln
end
local function recvmsg(s, len)
local status, pay = s:receive_buf(match.numbytes(len), true)
if not status then
stdnse.print_debug('Unexpected EOF receiving record payload - server closed connection')
return
end
return true, pay
end
local function keys(t)
local ret = {}
for k, _ in pairs(t) do
ret[#ret+1] = k
end
return ret
end
local function testversion(host, port, version)
local hello = tls.client_hello({
["protocol"] = version,
-- Claim to support every cipher
-- Doesn't work with IIS, but IIS isn't vulnerable
["ciphers"] = keys(tls.CIPHERS),
["compressors"] = {"NULL"},
["extensions"] = {
-- Claim to support every elliptic curve
["elliptic_curves"] = tls.EXTENSION_HELPERS["elliptic_curves"](keys(tls.ELLIPTIC_CURVES)),
-- Claim to support every EC point format
["ec_point_formats"] = tls.EXTENSION_HELPERS["ec_point_formats"](keys(tls.EC_POINT_FORMATS)),
["heartbeat"] = "\x01", -- peer_not_allowed_to_send
},
})
local payload = "Nmap ssl-heartbleed"
local hb = tls.record_write("heartbeat", version, bin.pack("C>SA",
1, -- HeartbeatMessageType heartbeat_request
0x4000, -- payload length (falsified)
-- payload length is based on 4096 - 16 bytes padding - 8 bytes packet
-- header + 1 to overflow
payload -- less than payload length.
)
)
local s
local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
if specialized then
local status
status, s = specialized(host, port)
if not status then
stdnse.print_debug("Connection to server failed")
return
end
else
s = nmap.new_socket()
local status = s:connect(host, port)
if not status then
stdnse.print_debug("Connection to server failed")
return
end
end
s:set_timeout(5000)
-- Send Client Hello to the target server
local status, err = s:send(hello)
if not status then
stdnse.print_debug(1,"Couldn't send Client Hello: %s", err)
s:close()
return nil
end
-- Read response
local done = false
local supported = false
local i = 1
local response
repeat
status, response, err = tls.record_buffer(s, response, i)
if err == "TIMEOUT" then
-- Timed out while waiting for server_hello_done
-- Could be client certificate required or other message required
-- Let's just drop out and try sending the heartbeat anyway.
done = true
break
elseif not status then
stdnse.print_debug(1,"Couldn't receive: %s", err)
s:close()
return nil
end
local record
i, record = tls.record_read(response, i)
if record == nil then
stdnse.print_debug("Unknown response from server")
s:close()
return nil
elseif record.protocol ~= version then
stdnse.print_debug("Protocol version mismatch")
s:close()
return nil
end
if record.type == "handshake" then
for _, body in ipairs(record.body) do
if body.type == "server_hello" then
if body.extensions and body.extensions["heartbeat"] == "\x01" then
supported = true
end
elseif body.type == "server_hello_done" then
stdnse.print_debug("we're done!")
done = true
end
end
end
until done
if not supported then
stdnse.print_debug("Server does not support TLS Heartbeat Requests.")
s:close()
return nil
end
status, err = s:send(hb)
if not status then
stdnse.print_debug(1,"Couldn't send heartbeat request: %s", err)
s:close()
return nil
end
while(true) do
local status, typ, ver, len = recvhdr(s)
if not status then
stdnse.print_debug('No heartbeat response received, server likely not vulnerable')
break
end
if typ == 24 then
local pay
status, pay = recvmsg(s, 0x0fe9)
s:close()
if #pay > 3 then
return true
else
stdnse.print_debug('Server processed malformed heartbeat, but did not return any extra data.')
break
end
elseif typ == 21 then
stdnse.print_debug('Server returned error, likely not vulnerable')
break
end
end
end
action = function(host, port)
local vuln_table = {
title = "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.",
state = vulns.STATE.NOT_VULN,
risk_factor = "High",
description = [[
OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.
]],
references = {
'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160',
'http://www.openssl.org/news/secadv_20140407.txt ',
'http://cvedetails.com/cve/2014-0160/'
}
}
local report = vulns.Report:new(SCRIPT_NAME, host, port)
local test_vers = arg_protocols
if type(test_vers) == 'string' then
test_vers = { test_vers }
end
for _, ver in ipairs(test_vers) do
if nil == tls.PROTOCOLS[ver] then
return "\n Unsupported protocol version: " .. ver
end
local status = testversion(host, port, ver)
if ( status ) then
vuln_table.state = vulns.STATE.VULN
break
end
end
return report:make_output(vuln_table)
end
分享到:
发表评论
-
kali 2.0 broadcom wifi connection
2015-12-12 16:28 444引用apt-get install -y linux-head ... -
kali2.0中国源
2015-09-27 01:42 453#中科大kali源 deb http://mirrors.us ... -
wpscan
2015-08-01 10:39 435https://www.digitalocean.com/co ... -
linux dd命令
2015-06-06 14:29 379dd if=/dev/hda of=disk.mbr coun ... -
Wine中使用MinGW
2015-03-17 00:49 654原文:http://null-byte.wonderhowto ... -
linux install firefix&plugin
2015-01-22 20:56 4551. download firefox&plugins ... -
gitrob--github信息收集
2015-01-17 00:36 982原文地址:http://michenriksen.com/bl ... -
合并gif和php文件
2015-01-04 23:07 8331. apt-get install gifsicle ... -
kaili 1.09安装问题解决
2014-12-28 14:10 445本人采用的安装方法是 1. 在VMware中安装1.09 Ka ... -
[译]剪切粘贴二进制文件
2014-12-17 01:20 850原文地址:http://pen-testing.sans.or ... -
kali更新exploit-db
2014-12-12 01:08 1832cd /usr/share/exploitdb wget h ... -
使用Tesseract 识别验证码
2014-12-10 00:48 795参考: http://code.google.com/p/te ... -
使用apt-fast加速Ubuntu软件安装
2014-12-02 01:21 555apt-get是Ubuntu常用的软件安装和更新命令但是它使用 ... -
[译]通过认证的SMB Sessions攫取信息
2014-11-20 02:06 1227原文地址:http://pen-testing.sans.or ... -
[译]命令行连接wifi
2014-11-20 01:34 8295原文地址:http://www.blackmoreops.co ... -
[译]网络渗透测试及其,工具及资源
2014-11-19 02:06 713原文地址:http://pen-testi ... -
kali更新源
2014-11-12 19:37 7021. cat > /etc/apt/sources. ... -
chm文件转换成pdf 文件
2014-11-06 01:02 1408apt-get install chm2pdf chm2pdf ... -
DotDotPwn的https模式
2014-11-05 22:26 891参考: http://www.spentera.com/201 ... -
[译]dotdotpwn使用
2014-11-05 21:26 1652原文地址:https://github.c ...
相关推荐
NMAP使用不同的扫描技术来发现网络中的主机和开放端口,包括ICMP Echo请求、TCP SYN扫描、TCP ACK扫描、UDP扫描和操作系统检测等。NMAP通过发送网络数据包并分析响应时间、数据包大小和其他信息来推断出目标主机的...
操作系统 Unix及类Unix Windows NT/2K/03 Windows 95/98/ME Linux Kernel 2.6.x TTL字段值 255 128 32 64 3.Nmap介绍 nmap是一个网络探测和安全扫描程序,系统管理者和个人可以使用这个软件扫描大型的网络,获取哪...
### Nmap扫描原理与用法 #### Nmap简介 Nmap是一款开源且免费的网络发现(Network Discovery)和安全审计(Security Auditing)工具。它的全称是Network Mapper,由Fyodor于1997年发起开发,并在开源社区的支持下不断...
nmap 扫描器
nmap扫描教程。nmap,也就是Network Mapper,是一款著名的扫描工具,最早是Linux下的网络扫描和嗅探工具包,用来扫描网上电脑开放的网络连接端。确定哪些服务运行在哪些连接端,并且推断计算机运行哪个操作系统(这...
此外,为了不引起不必要的警报,可以调整Nmap的扫描速度和方法,如使用TCP SYN扫描而非完整的TCP连接,或者设置较低的扫描速率。 总的来说,Nmap及其GUI版本为网络管理员、安全研究人员和普通用户提供了一种强大的...
nmap(Network Mapper)是一款广泛使用的开源网络扫描工具,主要用于探测网络主机的状态、开放的端口以及服务识别。它由 Gordon Lyon 创建,自1997年以来,一直是安全专业人员、系统管理员以及黑客们的必备工具。...
网络攻击与防范-Nmap端口扫描实现 本文主要介绍了Nmap端口扫描的...通过本次试验,我生疏了Nmap端口扫描软件的历史和功能,把握了Nmap扫描命令的使用,可以在Windows XP系统下运用Nmap工具软件,测试网站站点的性能!
Nmap(Network Mapper)是一款广泛使用的网络扫描工具,主要用于探测网络主机的状态,识别服务,以及发现安全漏洞。nmap4j库允许程序员在Java应用程序中调用Nmap的功能,执行网络扫描,并处理Nmap的输出结果。 nmap...
nmap扫描教程 nmap是一款功能强大且广泛应用的网络扫描工具,能够帮助系统管理员了解大型网络系统中...例如,使用nmap -sT命令来进行TCP connect()扫描。nmap还提供了一个详细的帮助文档,可以使用nmap -h命令来打开。
**Nmap:网络连接端扫描神器** Nmap,全称为 Network Mapper,是一款强大的网络扫描工具,主要用于探测网络上的设备开放的端口和服务。它能够帮助网络管理员了解网络环境的安全状况,同时也被黑客用于侦查目标系统...
Nmap是一款广泛使用的网络映射器工具,可以对网络进行扫描和嗅探。它的主要功能包括发现主机、端口扫描、服务和操作系统的识别以及提供脚本的使用等。通过掌握Nmap的使用,用户能够评估网络的安全状态。 在安装Nmap...
Nmap可用于扫描仅有两个节点的LAN,直至500个节点以上的网络。Nmap 还允许用户定制扫描技巧。通常,一个简单的使用ICMP协议的ping操 作可以满足一般需求;也可以深入探测UDP或者TCP端口,直至主机所 使用的操作系统...
在本实验中,我们将使用Nmap对目标主机进行扫描,了解Nmap的基本使用方法和扫描结果。 一、Nmap扫描器简介 Nmap是一款开源的网络扫描工具,由Gordon Lyon(也称Fyodor)创建。Nmap可以对目标主机或网络进行扫描,...
在使用图形化的Nmap扫描软件时,应注意遵循合法的网络使用政策,并尊重他人的隐私权。不要未经许可就对其他人的网络或系统进行扫描,以免触犯法律。在企业环境中,确保了解并遵守内部的安全策略和合规性要求。 总的...
LazyMap可以自动进行nmap扫描,并且能自动生成定制的Nessus策略。特点扫描存活的设备对发现的设备自动进行端口扫描可以同时在多个网卡上运行多个实例为每次扫描生成一个参考目录以Nessus格式输出开放的端口,实现在...
Nmap可用于扫描仅有两个节点的LAN,直至500个节点以上的网络。Nmap 还允许用户定制扫描技巧。通常,一个简单的使用ICMP协议的ping操 作可以满足一般需求;也可以深入探测UDP或者TCP端口,直至主机所 使用的操作系统...