Script rsa-vuln-roca

Script types: portrule
Categories: vuln, safe
Download: https://svn.nmap.org/nmap/scripts/rsa-vuln-roca.nse

Script Summary

Detects RSA keys vulnerable to Return Of Coppersmith Attack (ROCA) factorization.

SSH hostkeys and SSL/TLS certificates are checked. The checks require recent updates to the openssl NSE library.

References:

• https://crocs.fi.muni.cz/public/papers/rsa_ccs17

See also:

• ssl-cert.nse
• ssh-hostkey.nse

Script Arguments

mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username

See the documentation for the mssql library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

tls.servername

See the documentation for the tls library.

smtp.domain

See the documentation for the smtp library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap -p 22,443 --script rsa-vuln-roca <target>

Script Output

Requires

• stdnse
• openssl
• nmap
• shortport
• ssh2
• sslcert
• math
• string
• vulns

---

Author:

• Daniel Miller

License: Same as Nmap--See https://nmap.org/book/man-legal.html