Made a new script for Ticketbleed, a vuln that was announced within the last several hours. This branch also makes a convenience change to tls.lua that can be omitted if undesirable. This script borrows pieces from ssl-heartbleed.nse where useful.
Please note that I have not yet found any vulnerable systems, but I believe that with the amount of debugging and testing against unaffected systems that it will correctly flag an affected system. There are many, many guards against false positives.
Let me know if anything needs fixing, I will try to be responsive since this is a particularly 'topical' script.
Create new (untested) script to test for today's Ticketbleed vuln.
Revert debugging comments.
Add friendly error when running as unprivileged user.
Add NewSessionTicket record parsing to library.
Allow for the script to be downloaded separately and still function.
Changed output to include formatted session ID.
Spacing consistency fix.
Add length guards before invoking unpack().
Finally got it working against a known-vulnerable host.
Better debugging for servers without session resumption.
Change output substring offset to match new session ID length.
I believe this script is ready for proper review. I managed to generate a PCAP file against a known-vulnerable host and iron out what I think are the last of the errors. The biggest change is moving from one byte session IDs to 16-byte session IDs random for reliability.
If others think it's a good idea, I can make the session ID length a tunable script-arg.
New script tls-ticketbleed. Closes #686