From 0d47952611198ef6b1163f366dc03922d20b1475 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 17 Apr 2024 09:42:04 +0200 Subject: Adding upstream version 7.94+git20230807.3be01efb1+dfsg. Signed-off-by: Daniel Baumann --- scripts/sslv2.nse | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 scripts/sslv2.nse (limited to 'scripts/sslv2.nse') diff --git a/scripts/sslv2.nse b/scripts/sslv2.nse new file mode 100644 index 0000000..0b7e0a4 --- /dev/null +++ b/scripts/sslv2.nse @@ -0,0 +1,57 @@ +local shortport = require "shortport" +local sslcert = require "sslcert" +local sslv2 = require "sslv2" + +description = [[ +Determines whether the server supports obsolete and less secure SSLv2, and discovers which ciphers it +supports. +]] + +--- +--@output +-- 443/tcp open https syn-ack +-- | sslv2: +-- | SSLv2 supported +-- | ciphers: +-- | SSL2_DES_192_EDE3_CBC_WITH_MD5 +-- | SSL2_IDEA_128_CBC_WITH_MD5 +-- | SSL2_RC2_128_CBC_WITH_MD5 +-- | SSL2_RC4_128_WITH_MD5 +-- | SSL2_DES_64_CBC_WITH_MD5 +-- | SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 +-- |_ SSL2_RC4_128_EXPORT40_WITH_MD5 +--@xmloutput +--SSLv2 supported +-- +-- SSL2_DES_192_EDE3_CBC_WITH_MD5 +-- SSL2_IDEA_128_CBC_WITH_MD5 +-- SSL2_RC2_128_CBC_WITH_MD5 +-- SSL2_RC4_128_WITH_MD5 +-- SSL2_DES_64_CBC_WITH_MD5 +-- SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 +-- SSL2_RC4_128_EXPORT40_WITH_MD5 +--
+ + +author = {"Matthew Boyle", "Daniel Miller"} +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +categories = {"default", "safe"} + + +portrule = function(host, port) + return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port) +end + +action = function(host, port) + local ciphers = sslv2.test_sslv2(host, port) + + if ciphers then + host.registry.sslv2 = host.registry.sslv2 or {} + host.registry.sslv2[port.number .. port.protocol] = ciphers + return { + "SSLv2 supported", + ciphers = #ciphers > 0 and ciphers or "none" + } + end +end -- cgit v1.2.3