poodle

makakin · Oct 22, 2014 · a614031 · a614031
1 parent 2441f18
commit a614031
Show file tree

Hide file tree

Showing 13 changed files with 392 additions and 51 deletions.
diff --git a/src/main-conf.c b/src/main-conf.c
@@ -1488,6 +1488,16 @@ masscan_set_parameter(struct Masscan *masscan,
         while (*p && (p[strlen(p)-1] == '/' || p[strlen(p)-1] == '/'))
             p[strlen(p)-1] = '\0';
     } else if (EQUALS("script", name)) {
+        if (EQUALS("heartbleed", value)) {
+            masscan_set_parameter(masscan, "heartbleed", "true");
+            return;
+        } else if (EQUALS("poodle", value) || EQUALS("sslv3", value)) {
+            masscan->is_poodle_sslv3 = 1;
+            masscan_set_parameter(masscan, "no-capture", "cert");
+            masscan_set_parameter(masscan, "banners", "true");
+            return;
+        }
+
         if (!script_lookup(value)) {
             fprintf(stderr, "FAIL: script '%s' does not exist\n", value);
             fprintf(stderr, "  hint: most nmap scripts aren't supported\n");

diff --git a/src/main.c b/src/main.c
@@ -620,9 +620,14 @@ receive_thread(void *v)
                                     masscan->http_user_agent);
         if (masscan->is_heartbleed)
             tcpcon_set_parameter(   tcpcon,
-                                    "heartbleed",
-                                    1,
-                                    "1");
+                                 "heartbleed",
+                                 1,
+                                 "1");
+        if (masscan->is_poodle_sslv3)
+            tcpcon_set_parameter(   tcpcon,
+                                 "sslv3",
+                                 1,
+                                 "1");
         if (masscan->tcp_connection_timeout) {
             char foo[64];
             sprintf_s(foo, sizeof(foo), "%u", masscan->tcp_connection_timeout);

diff --git a/src/masscan-app.c b/src/masscan-app.c
@@ -32,6 +32,8 @@ masscan_app_to_string(enum ApplicationProtocol proto)
     case PROTO_VULN:    return "vuln";
     case PROTO_HEARTBLEED:    return "heartbleed";
     case PROTO_VNC_RFB: return "vnc";
+    case PROTO_SAFE:    return "safe";
+
     default:
         sprintf_s(tmp, sizeof(tmp), "(%u)", proto);
         return tmp;
@@ -67,6 +69,7 @@ masscan_string_to_app(const char *str)
         {"vuln", PROTO_VULN},
         {"heartbleed", PROTO_HEARTBLEED},
         {"vnc", PROTO_VNC_RFB},
+        {"safe",    PROTO_SAFE},
         {0,0}
     };
     size_t i;

diff --git a/src/masscan-app.h b/src/masscan-app.h
@@ -27,6 +27,7 @@ enum ApplicationProtocol {
     PROTO_VULN,
     PROTO_HEARTBLEED,
     PROTO_VNC_RFB,
+    PROTO_SAFE,
 };
 
 const char *

diff --git a/src/masscan.h b/src/masscan.h
@@ -175,6 +175,7 @@ struct Masscan
     unsigned is_infinite:1;     /* -infinite */
     unsigned is_readscan:1;     /* --readscan, Operation_Readscan */
     unsigned is_heartbleed:1;   /* --heartbleed, scan for this vuln */
+    unsigned is_poodle_sslv3:1; /* --script poodle, scan for this vuln */
 
 
     /**

diff --git a/src/proto-banner1.h b/src/proto-banner1.h
@@ -18,6 +18,7 @@ struct Banner1
     unsigned is_capture_cert:1;
     unsigned is_capture_heartbleed:1;
     unsigned is_heartbleed:1;
+    unsigned is_poodle_sslv3:1;
 
     struct ProtocolParserStream *tcp_payloads[65536];
 };
@@ -47,6 +48,10 @@ struct SSL_SERVER_CERT {
     } sub;
     struct CertDecode x509;
 };
+struct SSL_SERVER_ALERT {
+    unsigned char level;
+    unsigned char description;
+};
 
 struct SSLRECORD {
     unsigned char type;
@@ -66,6 +71,7 @@ struct SSLRECORD {
         } all;
         struct SSL_SERVER_HELLO server_hello;
         struct SSL_SERVER_CERT server_cert;
+        struct SSL_SERVER_ALERT server_alert;
     } x;
 
 };