Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Add tls.servername script-arg for TLS SNI without DNS #540
As explained in http://seclists.org/nmap-dev/2016/q1/46, when the DNS cannot be used, or for testing purposes, it can be useful to force the TLS server name indicated by Nmap. This pull request should thus address #276.
Examples of how this is achieved:
nmap --script ssl-cert --script-args=tls.servername=example.net 192.0.2.1 nmap --script ssl-cert --script-args=tls.servername=example.net example.org nmap --script ssl-enum-ciphers --script-args=tls.servername=example.net example.org
The script-arg has precedence over
openssl s_client -servername <tls.servername> -connect example.net:<port> <host.targetname>
The script argument is supported by all scripts already benefiting from Nmap's existing TLS SNI support. Those using the
host.targetname = tls.servername(host)
The reason is that
My main use case is building a script that scans the right IP address of a host even if the DNS of that host rotates, which is a common way of performing load-balancing. It is about to be used (merged into Nmap or not) by https://discovery.cryptosense.com.
I hope this is useful!