1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
local shortport = require "shortport"
local sslcert = require "sslcert"
local sslv2 = require "sslv2"
description = [[
Determines whether the server supports obsolete and less secure SSLv2, and discovers which ciphers it
supports.
]]
---
--@output
-- 443/tcp open https syn-ack
-- | sslv2:
-- | SSLv2 supported
-- | ciphers:
-- | SSL2_DES_192_EDE3_CBC_WITH_MD5
-- | SSL2_IDEA_128_CBC_WITH_MD5
-- | SSL2_RC2_128_CBC_WITH_MD5
-- | SSL2_RC4_128_WITH_MD5
-- | SSL2_DES_64_CBC_WITH_MD5
-- | SSL2_RC2_128_CBC_EXPORT40_WITH_MD5
-- |_ SSL2_RC4_128_EXPORT40_WITH_MD5
--@xmloutput
--<elem>SSLv2 supported</elem>
--<table key="ciphers">
-- <elem>SSL2_DES_192_EDE3_CBC_WITH_MD5</elem>
-- <elem>SSL2_IDEA_128_CBC_WITH_MD5</elem>
-- <elem>SSL2_RC2_128_CBC_WITH_MD5</elem>
-- <elem>SSL2_RC4_128_WITH_MD5</elem>
-- <elem>SSL2_DES_64_CBC_WITH_MD5</elem>
-- <elem>SSL2_RC2_128_CBC_EXPORT40_WITH_MD5</elem>
-- <elem>SSL2_RC4_128_EXPORT40_WITH_MD5</elem>
--</table>
author = {"Matthew Boyle", "Daniel Miller"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "safe"}
portrule = function(host, port)
return shortport.ssl(host, port) or sslcert.getPrepareTLSWithoutReconnect(port)
end
action = function(host, port)
local ciphers = sslv2.test_sslv2(host, port)
if ciphers then
host.registry.sslv2 = host.registry.sslv2 or {}
host.registry.sslv2[port.number .. port.protocol] = ciphers
return {
"SSLv2 supported",
ciphers = #ciphers > 0 and ciphers or "none"
}
end
end
|
