Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Ncat: no way to specify/override SSL hostname #1927
If you are connecting to a webserver by IP, you may want to specify the hostname in the TLS negotiation, especially if it has multiple vhosts using the same certificate with Subject Alternate Names and behaving differently depending on which name is supplied during TLS negotiation (before the submitted Host: header is read).
Since 5.50 or so, nmap has had a knob to specify the hostname to request during TLS/SNI negotiation, first called nsi_set_hostname and now called nsock_iod_set_hostname. This is accessible from NSE code, but not, I think, from ncat.
I have an old patch for this, will update and submit a PR.
nsock_iod_set_hostname is accessible in nse code, but I could not find a knob to use it with ncat. This patch adds --ssl-servername to ncat. With this patch, using the example from issue nmap#1927: ``` $ echo -n -e 'GET / HTTP/1.0\r\nHost: servername\r\n\r\n' | \ ncat -n -v --ssl --ssl-servername servername 10.1.2.3 443 HTTP/1.1 200 OK ``` Signed-off-by: Hank Leininger <email@example.com> Closes: nmap#1927