{"id":335,"date":"2017-06-23T22:02:02","date_gmt":"2017-06-23T21:02:02","guid":{"rendered":"https:\/\/www.attackdebris.com\/?p=335"},"modified":"2017-06-23T22:41:15","modified_gmt":"2017-06-23T21:41:15","slug":"335","status":"publish","type":"post","link":"https:\/\/www.attackdebris.com\/?p=335","title":{"rendered":"Nmap-ssl-parser"},"content":{"rendered":"

Nmap-ssl-parser<\/strong><\/p>\n

Nessus and Nmap both do a decent job of enumerating supported SSL protocols and ciphers from remote servers. However, I usually find myself also utilising other 3rd party SSL scanning tools. To that end I wanted an easy way to quickly parse out SSL services to an output file for input into other tools.<\/p>\n

Nmap-ssl-parser is a python script designed to query nmap XML output and provide a list of usable ssl services in the format host:port<\/code><\/p>\n

The nmap-ssl-parser script parses an nmap.xml output file, extracts all SSL services and writes them to a filename of your choice.<\/p>\n

Step 1 – Create a valid nmap .xml fil<\/strong>e:<\/p>\n

Note: Some form of Nmap version scanning must be utilised to create the XML ouput i.e. -sV<\/code> or -A<\/code> (In order to determine whether the service is SSL enabled)<\/p>\n

\"\"<\/a><\/p>\n

Step 2 – Parse the nmap .xml file with nmap-ssl-parser.py:<\/strong><\/p>\n

\"\"<\/a><\/p>\n

That’s effectively job done, as can be seen below our output file “my_output_file.txt” contains our host:port<\/code> formatted list ready for importing into any other tool of choice:<\/p>\n

\"\"<\/a><\/p>\n

The code and installation instructions can be found here: https:\/\/github.com\/attackdebris\/nmap-ssl-parser<\/a><\/p>\n

Also check out auto-sslscan, which takes this process a step further by automating sslscans from the parsed list of SSL services: https:\/\/github.com\/attackdebris\/auto-sslscan<\/a><\/p>\n

Credit\u00a0 – The base code I used to create nmap-ssl-parser: https:\/\/github.com\/DanMcInerney\/nmap-parser\/blob\/master\/nmap-parser.py<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Nmap-ssl-parser Nessus and Nmap both do a decent job of enumerating supported SSL protocols and ciphers from remote servers. However, I usually find myself also utilising other 3rd party SSL scanning tools. To that end I wanted an easy way to quickly parse out SSL services to an output file for input into other tools. … <\/p>\n

Continue reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[12],"class_list":["post-335","post","type-post","status-publish","format-standard","hentry","category-tools","tag-tools","item-wrap"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/s3MDvd-335","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts\/335","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=335"}],"version-history":[{"count":9,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts\/335\/revisions"}],"predecessor-version":[{"id":347,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=\/wp\/v2\/posts\/335\/revisions\/347"}],"wp:attachment":[{"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=335"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=335"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.attackdebris.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=335"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}