Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Add script ssl-cert-intaddr.nse: Detect private IP addresses leaked in SSL certificates #557

Closed
wants to merge 1 commit into
from

Conversation

Projects
None yet
1 participant

This PR adds ssl-cert-intaddr.nse which detects private (RFC1918) IPv4 addresses leaked in various fields of SSL certificates of targets with public IP addresses. If such leaks are found, the script will output the leaked addresses and their location within the certificate.

Example spotted in the wild on a Checkpoint firewall:

nmap -p 443 --script ssl-cert-intaddr.nse example.com
Starting Nmap 7.30 ( https://nmap.org ) at 2016-09-30 05:14 EDT
Nmap scan report for 
Host is up (0.067s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-cert-intaddr: 
|   X509v3 Subject Alternative Name: 
|_    10.12.58.1
Nmap done: 1 IP address (1 host up) scanned in 0.56 seconds

Additional example:

nmap --p 443 --script ssl-cert-intaddr.nse 10.121.22.89
Starting Nmap 7.30 ( https://nmap.org ) at 2016-09-30 05:16 EDT
Nmap scan report for 10.121.22.89
Host is up (0.000087s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-cert-intaddr: 
|   Issuer emailAddress: 
|     10.6.6.6
|   Subject commonName: 
|     10.5.5.5
|   Subject organizationalUnitName: 
|     10.4.4.4
|   Issuer organizationName: 
|     10.0.2.1
|     10.0.2.2
...

@nmap-bot nmap-bot closed this in 30f868d Dec 6, 2016

suraj51k added a commit to suraj51k/nmap that referenced this pull request Jan 31, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment