I have written a plugin that checks the expiry dates of SSL certificates. While I've tested it on machines to which I have access, I'd like to test it on a wider array of services before submitting it to Renaud for general distribution. If any of you have the time and inclination, please see the attached plugin and try it out. [Note: it requires the localtime() function, which is rather new to NASL ( introduced on 9/15/2004) so if you have a version of Nessus before that, it won't work for you.] For each SSL-enabled service (SSLv2, SSLv3, or TLSv1) identified by find_services, the plugin sends a Client Hello message, identifies the expiry dates for the server's certificate returned as part of the Server Hello, and compares the results with the current date as well as a date 60 days into the future. It will produce a warning if the certificate has expired and a note if the certificate is due to expire in 60 days. If you run into any trouble (eg, it can't get the expiry dates), set debug_level to 1 in the global settings, rerun the scan, and send me the debug output written to nessusd.dump. If no big gotchas turn up, I hope to submit the plugin to Renaud on Friday. George -- theall@private
_______________________________________________ Plugins-writers mailing list Plugins-writers@private http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Wed Oct 27 2004 - 09:55:54 PDT