Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tls.servername script-arg for TLS SNI without DNS #540

wants to merge 3 commits into from


Copy link

@bbc2 bbc2 commented Sep 5, 2016

As explained in, when the DNS cannot be used, or for testing purposes, it can be useful to force the TLS server name indicated by Nmap. This pull request should thus address #276.

Examples of how this is achieved:

nmap --script ssl-cert
nmap --script ssl-cert
nmap --script ssl-enum-ciphers

The script-arg has precedence over host.targetname and there is no support for supplying multiple servernames to be attempted. It basically behaves the same as

openssl s_client -servername <tls.servername> -connect<port> <host.targetname>

The script argument is supported by all scripts already benefiting from Nmap's existing TLS SNI support. Those using the tls.lua library were easy to adapt because of the modularity of that library. By the way, I think this reduced the complexity of ssl-enum-ciphers.nse. Those relying on sslcert.getCertificate were adapted with just:

host.targetname = tls.servername(host)

The reason is that sslcert.getCertificate uses Nmap's nsock implementation of TLS with OpenSSL, which would have been trickier to modify.

My main use case is building a script that scans the right IP address of a host even if the DNS of that host rotates, which is a common way of performing load-balancing. It is about to be used (merged into Nmap or not) by

I hope this is useful!

@nmap-bot nmap-bot closed this in e4717fa Dec 5, 2016
suraj51k pushed a commit to suraj51k/nmap that referenced this pull request Jan 31, 2017
@bbc2 bbc2 deleted the tls-servername-arg branch May 5, 2020 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
None yet

Successfully merging this pull request may close these issues.

None yet

1 participant