nmap 可以用来枚举针对 mysql 服务的 tls 密码吗?
我可以testssl.sh
针对 mysql 服务运行枚举密码,但运行nmap
不会枚举密码(如下所示)。我更喜欢运行 nmap,因为它为每个密码提供了明确的“等级”。
对端口 3306 运行 nmap 仅列出端口的状态,没有有关密码的其他信息:
nmap -sV --script ssl-enum-ciphers -p 3306 localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2020-06-30 10:48 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000064s latency).
PORT STATE SERVICE VERSION
3306/tcp open mysql MySQL 5.7.30-0ubuntu0.16.04.1
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.80 seconds
针对端口 3306 运行 testssl.sh 显示所有 tls/cipher 信息:
./testssl.sh --starttls=mysql localhost:3306
Using "OpenSSL 1.0.2-chacha (1.0.2k-dev)" [~183 ciphers]
on HOSTNAME:testssl.sh/bin/openssl.Linux.x86_64
(built: "Jan 18 17:12:17 2019", platform: "linux-x86_64")
Start 2020-06-30 10:44:39 -->> 127.0.0.1:3306 (localhost) <<--
A record via: /etc/hosts
rDNS (127.0.0.1): localhost.
Service set: STARTTLS via MYSQL (experimental)
Testing protocols via native openssl
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 not offered
TLS 1.2 offered (OK)
and lists a bunch of extra information and individual supported ciphers
答案1
Nmap 脚本引擎 (NSE) 直到昨天才支持 MySQL 的 SSL 连接握手。感谢您指出这一点!您可以在此处看到更改:https://github.com/nmap/nmap/commit/f491966ef21def276c0987a1ac1a0a0ff5c92b29
PS Nmap 7.01 已有 4 年历史,并且不支持检查 VNC、MS SQL、NNTP 或 LMTP 的 SSL 配置。