Merge branch 'ssl' of https://github.com/luh2/metasploit-framework into luh2-ssl

Author: jvazquez-r7

modules/auxiliary/scanner/http/ssl.rb

@@ -24,6 +24,7 @@ def initialize
 				[
 					'et', #original module
 					'Chris John Riley', #additions
+					'Veit Hailperin <[email protected]>', # checks for public key size, valid time
 				],
 			'License'     => MSF_LICENSE
 		)
@@ -47,6 +48,10 @@ def run_host(ip)
 				print_status("#{ip}:#{rport} Subject: #{cert.subject}")
 				print_status("#{ip}:#{rport} Issuer: #{cert.issuer}")
 				print_status("#{ip}:#{rport} Signature Alg: #{cert.signature_algorithm}")
+				public_key_size = cert.public_key.n.num_bytes * 8
+				print_status("#{ip}:#{rport} Public Key Size: #{public_key_size} bits")
+				print_status("#{ip}:#{rport} Not Valid Before: #{cert.not_before}")
+				print_status("#{ip}:#{rport} Not Valid After: #{cert.not_after}")
 
 				# Checks for common properties of self signed certificates
 				caissuer = (/CA Issuers - URI:(.*?),/i).match(cert.extensions.to_s)
@@ -71,6 +76,17 @@ def run_host(ip)
 				cert.subject.to_a.each do |n|
 					vhostn = n[1] if n[0] == 'CN'
 				end
+				if public_key_size == 1024
+					print_status("#{ip}:#{rport} WARNING: Public Key only 1024 bits")
+				elsif public_key_size < 1024
+					print_status("#{ip}:#{rport} WARNING: Weak Public Key: #{public_key_size} bits")
+				end
+				if cert.not_after < Time.now
+					print_status("#{ip}:#{rport} WARNING: Certificate not valid anymore")
+				end
+				if cert.not_before > Time.now
+					print_status("#{ip}:#{rport} WARNING: Certificate not valid yet")
+				end
 
 				if vhostn
 					print_status("#{ip}:#{rport} has common name #{vhostn}")
@@ -93,7 +109,10 @@ def run_host(ip)
 						:data	=> {
 							:cn        => vhostn,
 							:subject   => cert.subject.to_a,
-							:algorithm => alg
+							:algorithm => alg,
+							:valid_from => cert.not_before,
+							:valid_after => cert.not_after,
+							:key_size => public_key_size
 
 						}
 					)