0

I am modifying an nse script, ssl-cert.nse, which was already made for enumerating ssl certificates. I want to output the host ip and the port number in a line of the ssl certificate output. However, any time I try to make a call to host.ip or port.number, it appears that host and port are undeclared variables. How can I output the current host ip and port number of the detected ssl service. Preferably I could concatenate the host and port number inside of the certificate data output. Below is the area of code I have modified / added to in the ssl-cert.nse script file.

        local out1 = host.ip
        local out2 = port.number

        output = function(host, port) 
          out1 = host.targetName
          return host.ip
        end

       output2 = function(host, port)
          out2 = port.number
          return port.number

        end

      if nmap.verbosity() > 0 then
        lines[#lines + 1] = "Issuer: " .. stringify_name(cert.issuer)
      end

      if nmap.verbosity() > 0 then

        lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type .. " " .. out1 .. ":" .. out2
        lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits
        lines[#lines + 1] = "Signature Algorithm: " .. cert.sig_algorithm
      end

      lines[#lines + 1] = "Not valid before: " ..
      date_to_string(cert.validity.notBefore)
      lines[#lines + 1] = "Not valid after:  " ..
      date_to_string(cert.validity.notAfter)
john doe
  • 648
  • 4
  • 15
  • The help center clearly states security tools/penetration testing is on topic, and nmap is clearly a security tool/penetration testing tool – john doe Jul 10 '19 at 17:49

1 Answers1

0

At the bottom you will see return output_tab(cert), output_str(cert) this is the main code which calls the local functions. You want to edit output of output_str function so change the call as output_str(cert, host, port) and local function output_str(cert, host, port) than it will work.

For full example you can check following code. Replace source code from 230-end with following and it will work (it worked at nmap V7.7).

local function output_str(cert, host, port)
  local lines = {}

  lines[#lines + 1] = "Subject: " .. stringify_name(cert.subject)
  if cert.extensions then
    for _, e in ipairs(cert.extensions) do
      if e.name == "X509v3 Subject Alternative Name" then
        lines[#lines + 1] = "Subject Alternative Name: " .. e.value
        break
      end
    end
  end

  if nmap.verbosity() > 0 then
    lines[#lines + 1] = "Issuer: " .. stringify_name(cert.issuer)
  end

  if nmap.verbosity() > 0 then
    lines[#lines + 1] = "Public Key type: " .. cert.pubkey.type .. "  " .. host.ip .. "  " .. port.number
    lines[#lines + 1] = "Public Key bits: " .. cert.pubkey.bits
    lines[#lines + 1] = "Signature Algorithm: " .. cert.sig_algorithm
  end

  lines[#lines + 1] = "Not valid before: " ..
  date_to_string(cert.validity.notBefore)
  lines[#lines + 1] = "Not valid after:  " ..
  date_to_string(cert.validity.notAfter)

  if nmap.verbosity() > 0 then
    lines[#lines + 1] = "MD5:   " .. stdnse.tohex(cert:digest("md5"), { separator = " ", group = 4 })
    lines[#lines + 1] = "SHA-1: " .. stdnse.tohex(cert:digest("sha1"), { separator = " ", group = 4 })
  end

  if nmap.verbosity() > 1 then
    lines[#lines + 1] = cert.pem
  end
  return stdnse.strjoin("\n", lines)
end

action = function(host, port)
  host.targetname = tls.servername(host)
  local status, cert = sslcert.getCertificate(host, port)
  if ( not(status) ) then
    stdnse.debug1("getCertificate error: %s", cert or "unknown")
    return
  end

  return output_tab(cert), output_str(cert, host, port)
end
alnbhclyn
  • 254
  • 1
  • 7