Add script ssl-cert-intaddr.nse: Detect private IP addresses leaked in SSL certificates #557

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant

This PR adds ssl-cert-intaddr.nse which detects private (RFC1918) IPv4 addresses leaked in various fields of SSL certificates of targets with public IP addresses. If such leaks are found, the script will output the leaked addresses and their location within the certificate.

Example spotted in the wild on a Checkpoint firewall:

nmap -p 443 --script ssl-cert-intaddr.nse example.com
Starting Nmap 7.30 ( https://nmap.org ) at 2016-09-30 05:14 EDT
Nmap scan report for 
Host is up (0.067s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-cert-intaddr: 
|   X509v3 Subject Alternative Name: 
|_    10.12.58.1
Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds

Additional example:

nmap --p 443 --script ssl-cert-intaddr.nse 10.121.22.89
Starting Nmap 7.30 ( https://nmap.org ) at 2016-09-30 05:16 EDT
Nmap scan report for 10.121.22.89
Host is up (0.000087s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-cert-intaddr: 
|   Issuer emailAddress: 
|     10.6.6.6
|   Subject commonName: 
|     10.5.5.5
|   Subject organizationalUnitName: 
|     10.4.4.4
|   Issuer organizationName: 
|     10.0.2.1
|     10.0.2.2
...

nmap-bot closed this in 30f868d Dec 6, 2016

@suraj51k suraj51k added a commit to suraj51k/nmap that referenced this pull request Jan 31, 2017

@bonsaiviking @suraj51k bonsaiviking + suraj51k Add ssl-cert-intaddr. Closes #557 51a6f3b
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment