Merge pull request #1938 from drwetter/nmap_portdetection_1931
Improved SSL/TLS portdetection in nmap greppable files
This commit is contained in:
commit
2935ecc2e1
|
@ -21353,7 +21353,7 @@ nmap_to_plain_file() {
|
||||||
local target_fname=""
|
local target_fname=""
|
||||||
local oneline=""
|
local oneline=""
|
||||||
local ip hostdontcare round_brackets ports_specs starttls
|
local ip hostdontcare round_brackets ports_specs starttls
|
||||||
local tmp port host_spec protocol dontcare dontcare1
|
local tmp port host_spec protocol ssl_hint dontcare dontcare1
|
||||||
#FIXME: IPv6 is missing here
|
#FIXME: IPv6 is missing here
|
||||||
|
|
||||||
# Ok, since we are here we are sure to have an nmap file. To avoid questions we make sure it's the right format too
|
# Ok, since we are here we are sure to have an nmap file. To avoid questions we make sure it's the right format too
|
||||||
|
@ -21394,11 +21394,15 @@ nmap_to_plain_file() {
|
||||||
while read -r oneline; do
|
while read -r oneline; do
|
||||||
# 25/open/tcp//smtp//<banner>/,
|
# 25/open/tcp//smtp//<banner>/,
|
||||||
[[ "$oneline" =~ '/open/tcp/' ]] || continue # no open tcp for this port on this IP --> move on
|
[[ "$oneline" =~ '/open/tcp/' ]] || continue # no open tcp for this port on this IP --> move on
|
||||||
IFS=/ read -r port dontcare protocol dontcare1 <<< "$oneline"
|
IFS=/ read -r port dontcare protocol ssl_hint dontcare1 <<< "$oneline"
|
||||||
|
if [[ "$ssl_hint" =~ ^(ssl|https) ]] || [[ "$dontcare1" =~ ^(ssl|https) ]]; then
|
||||||
|
echo "${host_spec}:${port}" >>"$target_fname"
|
||||||
|
else
|
||||||
starttls="$(ports2starttls $port)"
|
starttls="$(ports2starttls $port)"
|
||||||
[[ $? -eq 1 ]] && continue # nmap got a port but we don't know how to speak to
|
[[ $? -eq 1 ]] && continue # nmap got a port but we don't know how to speak to
|
||||||
[[ "$DEBUG" -ge 1 ]] && echo "${starttls}$host_spec:$port"
|
[[ "$DEBUG" -ge 1 ]] && echo "${starttls}$host_spec:$port"
|
||||||
echo "${starttls}${host_spec}:${port}" >>"$target_fname"
|
echo "${starttls}${host_spec}:${port}" >>"$target_fname"
|
||||||
|
fi
|
||||||
done < <(tr ',' '\n' <<< "$ports_specs")
|
done < <(tr ',' '\n' <<< "$ports_specs")
|
||||||
done < "$FNAME"
|
done < "$FNAME"
|
||||||
[[ "$DEBUG" -ge 1 ]] && echo
|
[[ "$DEBUG" -ge 1 ]] && echo
|
||||||
|
|
|
@ -1,7 +1,5 @@
|
||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
#set -e
|
|
||||||
|
|
||||||
# Utility which converts grepable nmap outout to testssl's file input
|
# Utility which converts grepable nmap outout to testssl's file input
|
||||||
# It is just borrowed from testssl.sh
|
# It is just borrowed from testssl.sh
|
||||||
# License see testssl.sh
|
# License see testssl.sh
|
||||||
|
@ -105,7 +103,7 @@ nmap_to_plain_file () {
|
||||||
local target_fname=""
|
local target_fname=""
|
||||||
local oneline=""
|
local oneline=""
|
||||||
local ip hostdontcare round_brackets ports_specs starttls
|
local ip hostdontcare round_brackets ports_specs starttls
|
||||||
local tmp port host_spec protocol dontcare dontcare1
|
local tmp port host_spec protocol ssl_hint dontcare dontcare1
|
||||||
|
|
||||||
# Ok, since we are here we are sure to have an nmap file. To avoid questions we make sure it's the right format too
|
# Ok, since we are here we are sure to have an nmap file. To avoid questions we make sure it's the right format too
|
||||||
if [[ "$(head -1 "$fname")" =~ ( -oG )(.*) ]] || [[ "$(head -1 "$fname")" =~ ( -oA )(.*) ]] ; then
|
if [[ "$(head -1 "$fname")" =~ ( -oG )(.*) ]] || [[ "$(head -1 "$fname")" =~ ( -oA )(.*) ]] ; then
|
||||||
|
@ -162,7 +160,7 @@ nmap_to_plain_file () {
|
||||||
FNAME="$1"
|
FNAME="$1"
|
||||||
[[ ! -e $FNAME ]] && echo "$FNAME not readable" && exit 2
|
[[ ! -e $FNAME ]] && echo "$FNAME not readable" && exit 2
|
||||||
|
|
||||||
nmap_to_plain_file $FNAME
|
nmap_to_plain_file "$FNAME"
|
||||||
|
|
||||||
exit $?
|
exit $?
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue