1

lets say i have the following url:

www.domain.com:4567/blabla/index.html

I'm trying to get its' ssl expiration date.

There's this:

nmap --script=ssl-cert.nse -p 9194 www.domain.com

but it doesnt quite work. I'm unable to find the right argument in nmap.

Edit: I could go for Openssl but I need a Windows based solution.

JustAGuy
  • 629
  • 3
  • 18
  • 35
  • Does this answer your question? [Displaying a remote SSL certificate details using CLI tools](https://serverfault.com/questions/661978/displaying-a-remote-ssl-certificate-details-using-cli-tools) – Gerald Schneider Sep 27 '20 at 08:47
  • Nope. That's not nmap. – JustAGuy Sep 27 '20 at 11:27
  • 3
    Just out of curiosity: why is it so important to use `nmap`, and no other tools? I mean, the command you wrote does print the expiration date, all you need to grep it out. – Lacek Sep 27 '20 at 12:11
  • 2
    uhm, yes, there are answers to that question that use nmap. But nmap is generally not the tool of choice for this, usually one just uses openssl. – Gerald Schneider Sep 27 '20 at 12:42
  • `doesnt quite work`. Would help if you provided the output of the command. – Greg Askew Sep 27 '20 at 13:06
  • I actually could go for Openssl but I need a Windows based solution and this is a bash-centric solution. I wanted NMAP because I already had a Powershell-NMAP script that did checked websites for expiring ssls but once I got something with different ports and paths it just errored out on bad syntax. – JustAGuy Sep 29 '20 at 13:54

2 Answers2

1

The URL you showed is for port 4567. Therefore, you need to use that port in your Nmap scan: nmap -p4567 --script ssl-cert www.domain.com

Also, if the port you're scanning is not one of the typically-expected ports for SSL/TLS, then the script might not run. You can force it to run by adding + to the script name (not recommended for scans of multiple ports): nmap -p4567 --script +ssl-cert www.domain.com. Newer versions of Nmap will usually not need this because they will just try a probe to check if they can open a SSL connection anyway.

bonsaiviking
  • 4,355
  • 16
  • 26
0

The right way to us is:

nmap -sV -p 443 --script ssl-cert example.com

You need to include -sV option for service discovery.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
Ivan Gregoric
  • 1