Permalink
Browse files

STARTTLS support for ssl-enum-ciphers

  • Loading branch information...
1 parent 3d3ef1b commit e3f8c42a8e11e8fb65d2436c817dda1518cf0bcc @bonsaiviking bonsaiviking committed Apr 9, 2014
Showing with 23 additions and 8 deletions.
  1. +23 −8 scripts/ssl-enum-ciphers.nse
@@ -2,6 +2,7 @@ local coroutine = require "coroutine"
local io = require "io"
local nmap = require "nmap"
local shortport = require "shortport"
+local sslcert = require "sslcert"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
@@ -140,15 +141,27 @@ local function try_params(host, port, t)
local buffer, err, i, record, req, resp, sock, status
-- Create socket.
- sock = nmap.new_socket()
- sock:set_timeout(5000)
- status, err = sock:connect(host, port, "tcp")
- if not status then
- stdnse.print_debug(1, "Can't connect: %s", err)
- sock:close()
- return nil
+ local specialized = sslcert.getPrepareTLSWithoutReconnect(port)
+ if specialized then
+ local status
+ status, sock = specialized(host, port)
+ if not status then
+ stdnse.print_debug(1, "Can't connect: %s", err)
+ return nil
+ end
+ else
+ sock = nmap.new_socket()
+ sock:set_timeout(5000)
+ local status = sock:connect(host, port)
+ if not status then
+ stdnse.print_debug(1, "Can't connect: %s", err)
+ sock:close()
+ return nil
+ end
end
+ sock:set_timeout(5000)
+
-- Send request.
req = tls.client_hello(t)
status, err = sock:send(req)
@@ -428,7 +441,9 @@ local filltable = function(filename,table)
return true
end
-portrule = shortport.ssl
+portrule = function (host, port)
+ return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)
+end
--- Return a table that yields elements sorted by key when iterated over with pairs()
-- Should probably put this in a formatting library later.

0 comments on commit e3f8c42

Please sign in to comment.