@@ -29,6 +29,7 @@ def initialize
2929 [
3030 'et' , #original module
3131 'Chris John Riley' , #additions
32+ 'Veit Hailperin' , # checks for public key size, valid time
3233 ] ,
3334 'License' => MSF_LICENSE
3435 )
@@ -52,6 +53,15 @@ def run_host(ip)
5253 print_status ( "#{ ip } #{ rport } #{ cert . subject } )
5354 print_status ( "#{ ip } #{ rport } #{ cert . issuer } )
5455 print_status ( "#{ ip } #{ rport } #{ cert . signature_algorithm } )
56+ public_key = cert . public_key . to_pem ( )
57+ # removing header and footer
58+ public_key = public_key . sub ( "-----BEGIN RSA PUBLIC KEY-----" , "" )
59+ public_key = public_key . sub ( "-----END RSA PUBLIC KEY-----" , "" )
60+ public_key_size = Rex ::Text . decode_base64 ( public_key ) . size
61+ # removing 12 bytes for some shmoo of exponent and modulus
62+ print_status ( "#{ ip } #{ rport } #{ ( public_key_size - 12 ) * 8 } )
63+ print_status ( "#{ ip } #{ rport } #{ cert . not_before } )
64+ print_status ( "#{ ip } #{ rport } #{ cert . not_after } )
5565
5666 # Checks for common properties of self signed certificates
5767 caissuer = ( /CA Issuers - URI:(.*?),/i ) . match ( cert . extensions . to_s )
@@ -76,6 +86,17 @@ def run_host(ip)
7686 cert . subject . to_a . each do |n |
7787 vhostn = n [ 1 ] if n [ 0 ] == 'CN'
7888 end
89+ if public_key_size = 1024
90+ print_status ( "#{ ip } #{ rport } )
91+ elsif public_key_size < 1024
92+ print_status ( "#{ ip } #{ rport } #{ public_key_size } )
93+ end
94+ if cert . not_after < Time . now
95+ print_status ( "#{ ip } #{ rport } )
96+ end
97+ if cert . not_before > Time . now
98+ print_status ( "#{ ip } #{ rport } )
99+ end
79100
80101 if vhostn
81102 print_status ( "#{ ip } #{ rport } #{ vhostn } )
@@ -98,7 +119,10 @@ def run_host(ip)
98119 :data => {
99120 :cn => vhostn ,
100121 :subject => cert . subject . to_a ,
101- :algorithm => alg
122+ :algorithm => alg ,
123+ :valid_from => cert . not_before ,
124+ :valid_after => cert . not_after ,
125+ :key_size => public_key_size
102126
103127 }
104128 )
0 commit comments