[prev in list] [next in list] [prev in thread] [next in thread]
List: nessus-plugins-writers
Subject: Re: [Plugins-writers] Detecting SSL w/ Apache
From: Michel Arboi <mikhail () nessus ! org>
Date: 2004-10-29 9:13:08
Message-ID: m3acu551ln.fsf () nessus ! org
[Download RAW message or body]
--=-=-=
Fixed version...
--=-=-=
Content-Disposition: attachment; filename=apache_SSL_complain.nasl
# This script was written by Michel Arboi <arboi@alussinan.org>
#
# GPL
#
if(description)
{
script_id(15588);
script_version("$Revision$");
name["english"] = "Detect Apache HTTPS";
script_name(english:name["english"]);
desc["english"] = "
Nessus is talking in plain HTTP on a SSL port.
This means that you should enable SSL tests in find_service
'Preferences', or increase the timeouts if this option is
already set and the plugin missed this port.
Tests will go on in HTTPS on _this_ port. Other might be skipped.
Risk factor : None";
script_description(english:desc["english"]);
summary["english"] = "Apache complains that we are talking plain HTTP on HTTPS port";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004 Michel Arboi");
family["english"] = "Misc.";
family["francais"] = "Divers";
script_family(english:family["english"], francais: family["francais"]);
script_dependencie("find_service.nes");
exit(0);
}
#
include("misc_func.inc");
banners = get_kb_list("FindService/tcp/*/get_http");
foreach p (keys(banners))
{
# If there are several values, get_kb_item will fork and that's bad.
# However, this only happens when the KB is saved?
b = banners[p];
port = ereg_replace(string: p, pattern: ".*/([0-9]+)/.*", replace: "\1");
port = int(port);
if (! port) continue;
if (b =~ "<!DOCTYPE HTML .*You're speaking plain HTTP to an SSL-enabled server")
{
security_note(port);
if (service_is_unknown(port: port))
register_service(port: port, proto: "www");
for (t = NESSUS_ENCAPS_SSLv2; t <= NESSUS_ENCAPS_TLSv1; t ++)
{
s = open_sock_tcp(port, transport: t);
if (s)
{
send(socket: s, data: 'GET / HTTP/1.0\r\n\r\n');
b = recv(socket: s, length: 4096);
close(s);
k = "Transports/TCP/"+port;
if (defined_func("replace_kb_item"))
{
replace_kb_item(name: k, item: t);
if (b)
{
replace_kb_item(name: "FindService/tcp/"+port+"/get_http", item: b);
replace_kb_item(name: "www/banner"+port, item: b);
}
}
else
{
set_kb_item(name: k, item: t);
if (b)
{
set_kb_item(name: "FindService/tcp/"+port+"/get_http", item: b);
set_kb_item(name: "www/banner"+port, item: b);
}
}
break;
}
}
}
}
--=-=-=--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic