External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 20:05:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1529 from projectdiscovery/issue-1231-zcrypto

Browse Source
This commit is contained in:
Sandeep Singh 2022-02-05 12:24:47 +05:30 committed by GitHub
commit a48e2adb69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
15 changed files with 648 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
integration_tests/ssl/basic-ztls.yaml Normal file
View File

@ -0,0 +1,15 @@
id: basic-ssl-tls
info:
name: Basic SSL Request with ztls
author: pdteam
severity: info
ssl:
- address: "{{Host}}:{{Port}}"
min_version: sslv3
max_version: tls12
matchers:
- type: dsl
dsl:
- "not_after>=0"

13
integration_tests/ssl/basic.yaml Normal file
View File

@ -0,0 +1,13 @@
id: expired-ssl
info:
name: Basic SSL Request
author: pdteam
severity: info
ssl:
- address: "{{Host}}:{{Port}}"
matchers:
- type: dsl
dsl:
- "not_after>=0"

2
v2/cmd/integration-test/http.go
View File

@ -554,7 +554,7 @@ type httpRawUnsafeRequest struct{}
func (h *httpRawUnsafeRequest) Execute(filePath string) error {
var routerErr error
ts := testutils.NewTCPServer(func(conn net.Conn) {
ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) {
defer conn.Close()
_, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 36\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nThis is test raw-unsafe-matcher test"))
})

1
v2/cmd/integration-test/integration-test.go
View File

@ -27,6 +27,7 @@ var (
"websocket": websocketTestCases,
"headless": headlessTestcases,
"whois": whoisTestCases,
"ssl": sslTestcases,
}
)

8
v2/cmd/integration-test/network.go
View File

@ -21,7 +21,7 @@ type networkBasic struct{}
func (h *networkBasic) Execute(filePath string) error {
var routerErr error
ts := testutils.NewTCPServer(func(conn net.Conn) {
ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) {
defer conn.Close()
data := make([]byte, 4)
@ -52,7 +52,7 @@ type networkMultiStep struct{}
func (h *networkMultiStep) Execute(filePath string) error {
var routerErr error
ts := testutils.NewTCPServer(func(conn net.Conn) {
ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) {
defer conn.Close()
data := make([]byte, 5)
@ -100,11 +100,11 @@ type networkRequestSelContained struct{}
func (h *networkRequestSelContained) Execute(filePath string) error {
var routerErr error
ts := testutils.NewTCPServer(func(conn net.Conn) {
ts := testutils.NewTCPServer(false, defaultStaticPort, func(conn net.Conn) {
defer conn.Close()
_, _ = conn.Write([]byte("Authentication successful"))
}, defaultStaticPort)
})
defer ts.Close()
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "", debug)
if err != nil {

54
v2/cmd/integration-test/ssl.go Normal file
View File

@ -0,0 +1,54 @@
package main
import (
"net"
"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
)
var sslTestcases = map[string]testutils.TestCase{
"ssl/basic.yaml": &sslBasic{},
"ssl/basic-ztls.yaml": &sslBasicZtls{},
}
type sslBasic struct{}
// Execute executes a test case and returns an error if occurred
func (h *sslBasic) Execute(filePath string) error {
ts := testutils.NewTCPServer(true, defaultStaticPort, func(conn net.Conn) {
defer conn.Close()
data := make([]byte, 4)
if _, err := conn.Read(data); err != nil {
return
}
})
defer ts.Close()
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
if err != nil {
return err
}
return expectResultsCount(results, 1)
}
type sslBasicZtls struct{}
// Execute executes a test case and returns an error if occurred
func (h *sslBasicZtls) Execute(filePath string) error {
ts := testutils.NewTCPServer(true, defaultStaticPort, func(conn net.Conn) {
defer conn.Close()
data := make([]byte, 4)
if _, err := conn.Read(data); err != nil {
return
}
})
defer ts.Close()
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug, "-ztls")
if err != nil {
return err
}
return expectResultsCount(results, 1)
}

1
v2/cmd/nuclei/main.go
View File

@ -135,6 +135,7 @@ on extensive configurability, massive extensibility and ease of use.`)
flagSet.StringVarP(&options.ClientCertFile, "client-cert", "cc", "", "client certificate file (PEM-encoded) used for authenticating against scanned hosts"),
flagSet.StringVarP(&options.ClientKeyFile, "client-key", "ck", "", "client key file (PEM-encoded) used for authenticating against scanned hosts"),
flagSet.StringVarP(&options.ClientCAFile, "client-ca", "ca", "", "client certificate authority file (PEM-encoded) used for authenticating against scanned hosts"),
flagSet.BoolVar(&options.ZTLS, "ztls", false, "Use ztls library with autofallback to standard one for tls13"),
)
createGroup(flagSet, "interactsh", "interactsh",

7
v2/go.mod
View File

@ -26,8 +26,8 @@ require (
github.com/owenrumney/go-sarif v1.1.1
github.com/pkg/errors v0.9.1
github.com/projectdiscovery/clistats v0.0.8
github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345
github.com/projectdiscovery/fastdialer v0.0.14
github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143
github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47
github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08
github.com/projectdiscovery/fileutil v0.0.0-20210928100737-cab279c5d4b5
github.com/projectdiscovery/goflags v0.0.8-0.20220121110825-48035ad3ffe0
@ -72,6 +72,7 @@ require (
github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7
github.com/projectdiscovery/iputil v0.0.0-20210804143329-3a30fcde43f3
github.com/stretchr/testify v1.7.0
github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b
)
require (
@ -135,11 +136,13 @@ require (
github.com/tklauser/numcpus v0.3.0 // indirect
github.com/trivago/tgo v1.0.7 // indirect
github.com/ulikunitz/xz v0.5.10 // indirect
github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 // indirect
github.com/valyala/bytebufferpool v1.0.0 // indirect
github.com/yl2chen/cidranger v1.0.2 // indirect
github.com/ysmood/goob v0.3.0 // indirect
github.com/yusufpapurcu/wmi v1.2.2 // indirect
github.com/zclconf/go-cty v1.10.0 // indirect
github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 // indirect
go.etcd.io/bbolt v1.3.6 // indirect
go.uber.org/zap v1.20.0 // indirect
goftp.io/server/v2 v2.0.0 // indirect

23
v2/go.sum
View File

@ -369,6 +369,7 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN
github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8=
github.com/ngdinhtoan/glide-cleanup v0.2.0/go.mod h1:UQzsmiDOb8YV3nOsCxK/c9zPpCZVNoHScRE3EO9pVMM=
github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
@ -388,6 +389,7 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ=
github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48=
github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7 h1:3Xn/CN6GVY+7mVuGgt5bfp0F9JwcWqnvwfb23Jf8Vxg=
github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7/go.mod h1:inRbqVxN7ri77yTJY3ZtGtKegIFa3Qnarh7Xp9P7LgY=
github.com/owenrumney/go-sarif v1.0.11/go.mod h1:hTBFbxU7GuVRUvwMx+eStp9M/Oun4xHCS3vqpPvket8=
@ -406,11 +408,12 @@ github.com/projectdiscovery/blackrock v0.0.0-20210415162320-b38689ae3a2e h1:7bwa
github.com/projectdiscovery/blackrock v0.0.0-20210415162320-b38689ae3a2e/go.mod h1:/IsapnEYiWG+yEDPXp0e8NWj3npzB9Ccy9lXEUJwMZs=
github.com/projectdiscovery/clistats v0.0.8 h1:tjmWb15mqsPf/yrQXVHLe2ThZX/5+mgKSfZBKWWLh20=
github.com/projectdiscovery/clistats v0.0.8/go.mod h1:lV6jUHAv2bYWqrQstqW8iVIydKJhWlVaLl3Xo9ioVGg=
github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345 h1:jT6f/cdOpLkp9GAfRrxk57BUjYfIrR8E+AjMv5H5U4U=
github.com/projectdiscovery/cryptoutil v0.0.0-20210805184155-b5d2512f9345/go.mod h1:clhQmPnt35ziJW1AhJRKyu8aygXCSoyWj6dtmZBRjjc=
github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143 h1:ulWFeH179xgDUfNQT/LyimW1znNlivsqv2d/lNFZU30=
github.com/projectdiscovery/cryptoutil v0.0.0-20220124150510-1f21e1ec3143/go.mod h1:VJvSNE8f8A1MgpjgAL2GPJSQcJa4jbdaeQJstARFrU4=
github.com/projectdiscovery/fastdialer v0.0.12/go.mod h1:RkRbxqDCcCFhfNUbkzBIz/ieD4uda2JuUA4WJ+RLee0=
github.com/projectdiscovery/fastdialer v0.0.14 h1:xTcU8c8wTp+AE92TVLINSCvgXsbF0ITera8HfbU1dok=
github.com/projectdiscovery/fastdialer v0.0.14/go.mod h1:Mex24omi3RxrmhA8Ote7rw+6LWMiaBvbJq8CNp0ksII=
github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47 h1:TUsZiwez9uFmph1hlTsiH7rdB+wi4524+lMuV2z6FaM=
github.com/projectdiscovery/fastdialer v0.0.15-0.20220127193345-f06b0fd54d47/go.mod h1:GbQvP1ezGlQn0af3lVcl08b5eRQu960T7A9pwazybSo=
github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08 h1:NwD1R/du1dqrRKN3SJl9kT6tN3K9puuWFXEvYF2ihew=
github.com/projectdiscovery/filekv v0.0.0-20210915124239-3467ef45dd08/go.mod h1:paLCnwV8sL7ppqIwVQodQrk3F6mnWafwTDwRd7ywZwQ=
github.com/projectdiscovery/fileutil v0.0.0-20210804142714-ebba15fa53ca/go.mod h1:U+QCpQnX8o2N2w0VUGyAzjM3yBAe4BKedVElxiImsx0=
@ -487,6 +490,7 @@ github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAm
github.com/shirou/gopsutil/v3 v3.21.7/go.mod h1:RGl11Y7XMTQPmHh8F0ayC6haKNBgH4PXMJuTAcMOlz4=
github.com/shirou/gopsutil/v3 v3.22.1 h1:33y31Q8J32+KstqPfscvFwBlNJ6xLaBy4xqBXzlYV5w=
github.com/shirou/gopsutil/v3 v3.22.1/go.mod h1:WapW1AOOPlHyXr+yOyw3uYx36enocrtSoSBy0L5vUHY=
github.com/sirupsen/logrus v1.3.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
github.com/smartystreets/assertions v1.0.0 h1:UVQPSSmc3qtTi+zPPkCXvZX9VvW/xT/NsRvKfwY81a8=
@ -539,6 +543,8 @@ github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljT
github.com/ulikunitz/xz v0.5.6/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8=
github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8=
github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6 h1:TtyC78WMafNW8QFfv3TeP3yWNDG+uxNkk9vOrnDu6JA=
github.com/ulule/deepcopier v0.0.0-20200430083143-45decc6639b6/go.mod h1:h8272+G2omSmi30fBXiZDMkmHuOgonplfKIKjQWzlfs=
github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasttemplate v1.2.1 h1:TVEnxayobAdVkhQfrfes2IzOB6o+z4roRkPF52WA1u4=
@ -580,6 +586,11 @@ github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQ
github.com/zclconf/go-cty v1.8.4/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0=
github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk=
github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521 h1:kKCF7VX/wTmdg2ZjEaqlq99Bjsoiz7vH6sFniF/vI4M=
github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b h1:iYQzlljG1dOXBtsJGyzFC/wBK5qUCWs1eLCr/UcJYPA=
github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b/go.mod h1:5nID//bFGkx3/+iHcFIFRHQ54EOPJ0iSj0IGKpMElvw=
go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ=
go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=
go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4=
@ -608,6 +619,7 @@ go.uber.org/zap v1.20.0/go.mod h1:wjWOCqI0f2ZZrJF/UufIOkiC8ii6tm1iqIsLo76RfJw=
goftp.io/server/v2 v2.0.0 h1:FF8JKXXKDxAeO1uXEZz7G+IZwCDhl19dpVIlDtp3QAg=
goftp.io/server/v2 v2.0.0/go.mod h1:7+H/EIq7tXdfo1Muu5p+l3oQ6rYkDZ8lY7IM5d5kVdQ=
golang.org/x/arch v0.0.0-20180920145803-b19384d3c130/go.mod h1:cYlCBUl1MsqxdiKgmc4uh7TxZfWSFLOGSRR090WDxt8=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@ -618,6 +630,7 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201112155050-0c6587e931a9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
@ -687,6 +700,7 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
@ -722,6 +736,7 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cO
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@ -740,6 +755,7 @@ golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7w
golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@ -782,6 +798,7 @@ golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220111092808-5a964db01320 h1:0jf+tOCoZ3LyutmCOWpVni1chK4VfFLhRsDK7MhqGRY=
golang.org/x/sys v0.0.0-20220111092808-5a964db01320/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=

1
v2/pkg/protocols/common/protocolstate/state.go
View File

@ -20,6 +20,7 @@ func Init(options *types.Options) error {
opts.BaseResolvers = options.InternalResolversList
}
opts.WithDialerHistory = true
opts.WithZTLS = options.ZTLS
dialer, err := fastdialer.NewDialer(opts)
if err != nil {
return errors.Wrap(err, "could not create dialer")

367
v2/pkg/protocols/ssl/ciphers.go Normal file
View File

@ -0,0 +1,367 @@
package ssl
import (
"fmt"
ztls "github.com/zmap/zcrypto/tls"
)
var ciphers = map[string]uint16{
"TLS_NULL_WITH_NULL_NULL": ztls.TLS_NULL_WITH_NULL_NULL,
"TLS_RSA_WITH_NULL_MD5": ztls.TLS_RSA_WITH_NULL_MD5,
"TLS_RSA_WITH_NULL_SHA": ztls.TLS_RSA_WITH_NULL_SHA,
"TLS_RSA_EXPORT_WITH_RC4_40_MD5": ztls.TLS_RSA_EXPORT_WITH_RC4_40_MD5,
"TLS_RSA_WITH_RC4_128_MD5": ztls.TLS_RSA_WITH_RC4_128_MD5,
"TLS_RSA_WITH_RC4_128_SHA": ztls.TLS_RSA_WITH_RC4_128_SHA,
"TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5": ztls.TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
"TLS_RSA_WITH_IDEA_CBC_SHA": ztls.TLS_RSA_WITH_IDEA_CBC_SHA,
"TLS_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_RSA_EXPORT_WITH_DES40_CBC_SHA,
"TLS_RSA_WITH_DES_CBC_SHA": ztls.TLS_RSA_WITH_DES_CBC_SHA,
"TLS_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
"TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA,
"TLS_DH_DSS_WITH_DES_CBC_SHA": ztls.TLS_DH_DSS_WITH_DES_CBC_SHA,
"TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA,
"TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA,
"TLS_DH_RSA_WITH_DES_CBC_SHA": ztls.TLS_DH_RSA_WITH_DES_CBC_SHA,
"TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA,
"TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,
"TLS_DHE_DSS_WITH_DES_CBC_SHA": ztls.TLS_DHE_DSS_WITH_DES_CBC_SHA,
"TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
"TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
"TLS_DHE_RSA_WITH_DES_CBC_SHA": ztls.TLS_DHE_RSA_WITH_DES_CBC_SHA,
"TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
"TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5": ztls.TLS_DH_ANON_EXPORT_WITH_RC4_40_MD5,
"TLS_DH_ANON_WITH_RC4_128_MD5": ztls.TLS_DH_ANON_WITH_RC4_128_MD5,
"TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA": ztls.TLS_DH_ANON_EXPORT_WITH_DES40_CBC_SHA,
"TLS_DH_ANON_WITH_DES_CBC_SHA": ztls.TLS_DH_ANON_WITH_DES_CBC_SHA,
"TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA,
"SSL_FORTEZZA_KEA_WITH_NULL_SHA": ztls.SSL_FORTEZZA_KEA_WITH_NULL_SHA,
"SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA": ztls.SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA,
"TLS_KRB5_WITH_DES_CBC_SHA": ztls.TLS_KRB5_WITH_DES_CBC_SHA,
"TLS_KRB5_WITH_3DES_EDE_CBC_SHA": ztls.TLS_KRB5_WITH_3DES_EDE_CBC_SHA,
"TLS_KRB5_WITH_RC4_128_SHA": ztls.TLS_KRB5_WITH_RC4_128_SHA,
"TLS_KRB5_WITH_IDEA_CBC_SHA": ztls.TLS_KRB5_WITH_IDEA_CBC_SHA,
"TLS_KRB5_WITH_DES_CBC_MD5": ztls.TLS_KRB5_WITH_DES_CBC_MD5,
"TLS_KRB5_WITH_3DES_EDE_CBC_MD5": ztls.TLS_KRB5_WITH_3DES_EDE_CBC_MD5,
"TLS_KRB5_WITH_RC4_128_MD5": ztls.TLS_KRB5_WITH_RC4_128_MD5,
"TLS_KRB5_WITH_IDEA_CBC_MD5": ztls.TLS_KRB5_WITH_IDEA_CBC_MD5,
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA,
"TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA,
"TLS_KRB5_EXPORT_WITH_RC4_40_SHA": ztls.TLS_KRB5_EXPORT_WITH_RC4_40_SHA,
"TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5,
"TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5,
"TLS_KRB5_EXPORT_WITH_RC4_40_MD5": ztls.TLS_KRB5_EXPORT_WITH_RC4_40_MD5,
"TLS_PSK_WITH_NULL_SHA": ztls.TLS_PSK_WITH_NULL_SHA,
"TLS_DHE_PSK_WITH_NULL_SHA": ztls.TLS_DHE_PSK_WITH_NULL_SHA,
"TLS_RSA_PSK_WITH_NULL_SHA": ztls.TLS_RSA_PSK_WITH_NULL_SHA,
"TLS_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_RSA_WITH_AES_128_CBC_SHA,
"TLS_DH_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_DH_DSS_WITH_AES_128_CBC_SHA,
"TLS_DH_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_DH_RSA_WITH_AES_128_CBC_SHA,
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
"TLS_DH_ANON_WITH_AES_128_CBC_SHA": ztls.TLS_DH_ANON_WITH_AES_128_CBC_SHA,
"TLS_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_RSA_WITH_AES_256_CBC_SHA,
"TLS_DH_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_DH_DSS_WITH_AES_256_CBC_SHA,
"TLS_DH_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_DH_RSA_WITH_AES_256_CBC_SHA,
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
"TLS_DH_ANON_WITH_AES_256_CBC_SHA": ztls.TLS_DH_ANON_WITH_AES_256_CBC_SHA,
"TLS_RSA_WITH_NULL_SHA256": ztls.TLS_RSA_WITH_NULL_SHA256,
"TLS_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_RSA_WITH_AES_128_CBC_SHA256,
"TLS_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_RSA_WITH_AES_256_CBC_SHA256,
"TLS_DH_DSS_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_AES_128_CBC_SHA256,
"TLS_DH_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_AES_128_CBC_SHA256,
"TLS_DHE_DSS_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
"TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA,
"TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA,
"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
"TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA,
"TLS_RSA_EXPORT1024_WITH_RC4_56_MD5": ztls.TLS_RSA_EXPORT1024_WITH_RC4_56_MD5,
"TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5": ztls.TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5,
"TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA": ztls.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
"TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA": ztls.TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA,
"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA": ztls.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
"TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA": ztls.TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA,
"TLS_DHE_DSS_WITH_RC4_128_SHA": ztls.TLS_DHE_DSS_WITH_RC4_128_SHA,
"TLS_DHE_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
"TLS_DH_DSS_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_DSS_WITH_AES_256_CBC_SHA256,
"TLS_DH_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_RSA_WITH_AES_256_CBC_SHA256,
"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
"TLS_DHE_RSA_WITH_AES_256_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
"TLS_DH_ANON_WITH_AES_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_AES_128_CBC_SHA256,
"TLS_DH_ANON_WITH_AES_256_CBC_SHA256": ztls.TLS_DH_ANON_WITH_AES_256_CBC_SHA256,
"TLS_GOSTR341094_WITH_28147_CNT_IMIT": ztls.TLS_GOSTR341094_WITH_28147_CNT_IMIT,
"TLS_GOSTR341001_WITH_28147_CNT_IMIT": ztls.TLS_GOSTR341001_WITH_28147_CNT_IMIT,
"TLS_GOSTR341094_WITH_NULL_GOSTR3411": ztls.TLS_GOSTR341094_WITH_NULL_GOSTR3411,
"TLS_GOSTR341001_WITH_NULL_GOSTR3411": ztls.TLS_GOSTR341001_WITH_NULL_GOSTR3411,
"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
"TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA,
"TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA,
"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
"TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA,
"TLS_PSK_WITH_RC4_128_SHA": ztls.TLS_PSK_WITH_RC4_128_SHA,
"TLS_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_PSK_WITH_3DES_EDE_CBC_SHA,
"TLS_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_PSK_WITH_AES_128_CBC_SHA,
"TLS_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_PSK_WITH_AES_256_CBC_SHA,
"TLS_DHE_PSK_WITH_RC4_128_SHA": ztls.TLS_DHE_PSK_WITH_RC4_128_SHA,
"TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
"TLS_DHE_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_DHE_PSK_WITH_AES_128_CBC_SHA,
"TLS_DHE_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_DHE_PSK_WITH_AES_256_CBC_SHA,
"TLS_RSA_PSK_WITH_RC4_128_SHA": ztls.TLS_RSA_PSK_WITH_RC4_128_SHA,
"TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
"TLS_RSA_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_RSA_PSK_WITH_AES_128_CBC_SHA,
"TLS_RSA_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_RSA_PSK_WITH_AES_256_CBC_SHA,
"TLS_RSA_WITH_SEED_CBC_SHA": ztls.TLS_RSA_WITH_SEED_CBC_SHA,
"TLS_DH_DSS_WITH_SEED_CBC_SHA": ztls.TLS_DH_DSS_WITH_SEED_CBC_SHA,
"TLS_DH_RSA_WITH_SEED_CBC_SHA": ztls.TLS_DH_RSA_WITH_SEED_CBC_SHA,
"TLS_DHE_DSS_WITH_SEED_CBC_SHA": ztls.TLS_DHE_DSS_WITH_SEED_CBC_SHA,
"TLS_DHE_RSA_WITH_SEED_CBC_SHA": ztls.TLS_DHE_RSA_WITH_SEED_CBC_SHA,
"TLS_DH_ANON_WITH_SEED_CBC_SHA": ztls.TLS_DH_ANON_WITH_SEED_CBC_SHA,
"TLS_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_RSA_WITH_AES_128_GCM_SHA256,
"TLS_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_RSA_WITH_AES_256_GCM_SHA384,
"TLS_DHE_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
"TLS_DHE_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
"TLS_DH_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_AES_128_GCM_SHA256,
"TLS_DH_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_AES_256_GCM_SHA384,
"TLS_DHE_DSS_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,
"TLS_DHE_DSS_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
"TLS_DH_DSS_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_AES_128_GCM_SHA256,
"TLS_DH_DSS_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_AES_256_GCM_SHA384,
"TLS_DH_ANON_WITH_AES_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_AES_128_GCM_SHA256,
"TLS_DH_ANON_WITH_AES_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_AES_256_GCM_SHA384,
"TLS_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_PSK_WITH_AES_128_GCM_SHA256,
"TLS_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_PSK_WITH_AES_256_GCM_SHA384,
"TLS_DHE_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
"TLS_DHE_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
"TLS_RSA_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_AES_128_GCM_SHA256,
"TLS_RSA_PSK_WITH_AES_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
"TLS_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_PSK_WITH_AES_128_CBC_SHA256,
"TLS_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_PSK_WITH_AES_256_CBC_SHA384,
"TLS_PSK_WITH_NULL_SHA256": ztls.TLS_PSK_WITH_NULL_SHA256,
"TLS_PSK_WITH_NULL_SHA384": ztls.TLS_PSK_WITH_NULL_SHA384,
"TLS_DHE_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
"TLS_DHE_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
"TLS_DHE_PSK_WITH_NULL_SHA256": ztls.TLS_DHE_PSK_WITH_NULL_SHA256,
"TLS_DHE_PSK_WITH_NULL_SHA384": ztls.TLS_DHE_PSK_WITH_NULL_SHA384,
"TLS_RSA_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_AES_128_CBC_SHA256,
"TLS_RSA_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_AES_256_CBC_SHA384,
"TLS_RSA_PSK_WITH_NULL_SHA256": ztls.TLS_RSA_PSK_WITH_NULL_SHA256,
"TLS_RSA_PSK_WITH_NULL_SHA384": ztls.TLS_RSA_PSK_WITH_NULL_SHA384,
"TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
"TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256,
"TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256,
"TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
"TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
"TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_CBC_SHA256,
"TLS_RENEGO_PROTECTION_REQUEST": ztls.TLS_RENEGO_PROTECTION_REQUEST,
"TLS_FALLBACK_SCSV": ztls.TLS_FALLBACK_SCSV,
"TLS_ECDH_ECDSA_WITH_NULL_SHA": ztls.TLS_ECDH_ECDSA_WITH_NULL_SHA,
"TLS_ECDH_ECDSA_WITH_RC4_128_SHA": ztls.TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
"TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
"TLS_ECDHE_ECDSA_WITH_NULL_SHA": ztls.TLS_ECDHE_ECDSA_WITH_NULL_SHA,
"TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": ztls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
"TLS_ECDH_RSA_WITH_NULL_SHA": ztls.TLS_ECDH_RSA_WITH_NULL_SHA,
"TLS_ECDH_RSA_WITH_RC4_128_SHA": ztls.TLS_ECDH_RSA_WITH_RC4_128_SHA,
"TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
"TLS_ECDHE_RSA_WITH_NULL_SHA": ztls.TLS_ECDHE_RSA_WITH_NULL_SHA,
"TLS_ECDHE_RSA_WITH_RC4_128_SHA": ztls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
"TLS_ECDH_ANON_WITH_NULL_SHA": ztls.TLS_ECDH_ANON_WITH_NULL_SHA,
"TLS_ECDH_ANON_WITH_RC4_128_SHA": ztls.TLS_ECDH_ANON_WITH_RC4_128_SHA,
"TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA,
"TLS_ECDH_ANON_WITH_AES_128_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_AES_128_CBC_SHA,
"TLS_ECDH_ANON_WITH_AES_256_CBC_SHA": ztls.TLS_ECDH_ANON_WITH_AES_256_CBC_SHA,
"TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
"TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
"TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
"TLS_SRP_SHA_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_WITH_AES_128_CBC_SHA,
"TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
"TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
"TLS_SRP_SHA_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_WITH_AES_256_CBC_SHA,
"TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
"TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA": ztls.TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
"TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
"TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
"TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
"TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
"TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
"TLS_ECDHE_PSK_WITH_RC4_128_SHA": ztls.TLS_ECDHE_PSK_WITH_RC4_128_SHA,
"TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA,
"TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA": ztls.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA,
"TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
"TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
"TLS_ECDHE_PSK_WITH_NULL_SHA": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA,
"TLS_ECDHE_PSK_WITH_NULL_SHA256": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA256,
"TLS_ECDHE_PSK_WITH_NULL_SHA384": ztls.TLS_ECDHE_PSK_WITH_NULL_SHA384,
"TLS_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256,
"TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384,
"TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256,
"TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384,
"TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DH_ANON_WITH_ARIA_128_CBC_SHA256,
"TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DH_ANON_WITH_ARIA_256_CBC_SHA384,
"TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
"TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
"TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
"TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
"TLS_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
"TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
"TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256,
"TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384,
"TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_ARIA_128_GCM_SHA256,
"TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_ARIA_256_GCM_SHA384,
"TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
"TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
"TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
"TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
"TLS_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
"TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
"TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256,
"TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384,
"TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DH_ANON_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DH_ANON_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256": ztls.TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256,
"TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384": ztls.TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384,
"TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256": ztls.TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
"TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384": ztls.TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
"TLS_RSA_WITH_AES_128_CCM": ztls.TLS_RSA_WITH_AES_128_CCM,
"TLS_RSA_WITH_AES_256_CCM": ztls.TLS_RSA_WITH_AES_256_CCM,
"TLS_DHE_RSA_WITH_AES_128_CCM": ztls.TLS_DHE_RSA_WITH_AES_128_CCM,
"TLS_DHE_RSA_WITH_AES_256_CCM": ztls.TLS_DHE_RSA_WITH_AES_256_CCM,
"TLS_RSA_WITH_AES_128_CCM_8": ztls.TLS_RSA_WITH_AES_128_CCM_8,
"TLS_RSA_WITH_AES_256_CCM_8": ztls.TLS_RSA_WITH_AES_256_CCM_8,
"TLS_DHE_RSA_WITH_AES_128_CCM_8": ztls.TLS_DHE_RSA_WITH_AES_128_CCM_8,
"TLS_DHE_RSA_WITH_AES_256_CCM_8": ztls.TLS_DHE_RSA_WITH_AES_256_CCM_8,
"TLS_PSK_WITH_AES_128_CCM": ztls.TLS_PSK_WITH_AES_128_CCM,
"TLS_PSK_WITH_AES_256_CCM": ztls.TLS_PSK_WITH_AES_256_CCM,
"TLS_DHE_PSK_WITH_AES_128_CCM": ztls.TLS_DHE_PSK_WITH_AES_128_CCM,
"TLS_DHE_PSK_WITH_AES_256_CCM": ztls.TLS_DHE_PSK_WITH_AES_256_CCM,
"TLS_PSK_WITH_AES_128_CCM_8": ztls.TLS_PSK_WITH_AES_128_CCM_8,
"TLS_PSK_WITH_AES_256_CCM_8": ztls.TLS_PSK_WITH_AES_256_CCM_8,
"TLS_PSK_DHE_WITH_AES_128_CCM_8": ztls.TLS_PSK_DHE_WITH_AES_128_CCM_8,
"TLS_PSK_DHE_WITH_AES_256_CCM_8": ztls.TLS_PSK_DHE_WITH_AES_256_CCM_8,
"TLS_ECDHE_ECDSA_WITH_AES_128_CCM": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
"TLS_ECDHE_ECDSA_WITH_AES_256_CCM": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
"TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8": ztls.TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
"TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8": ztls.TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
"TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256": ztls.TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256": ztls.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256_OLD,
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD": ztls.TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256_OLD,
"SSL_RSA_WITH_RC2_CBC_MD5": ztls.SSL_RSA_WITH_RC2_CBC_MD5,
"SSL_RSA_WITH_IDEA_CBC_MD5": ztls.SSL_RSA_WITH_IDEA_CBC_MD5,
"SSL_RSA_WITH_DES_CBC_MD5": ztls.SSL_RSA_WITH_DES_CBC_MD5,
"SSL_RSA_WITH_3DES_EDE_CBC_MD5": ztls.SSL_RSA_WITH_3DES_EDE_CBC_MD5,
"SSL_EN_RC2_128_CBC_WITH_MD5": ztls.SSL_EN_RC2_128_CBC_WITH_MD5,
"OP_PCL_TLS10_AES_128_CBC_SHA512": ztls.OP_PCL_TLS10_AES_128_CBC_SHA512,
}
func toCiphers(items []string) ([]uint16, error) {
var convertedCiphers []uint16
for _, item := range items {
zcipher, ok := ciphers[item]
if !ok {
return nil, fmt.Errorf("unsupported cipher suite: %s", item)
}
convertedCiphers = append(convertedCiphers, zcipher)
}
return convertedCiphers, nil
}

110
v2/pkg/protocols/ssl/ssl.go
View File

@ -25,6 +25,7 @@ import (
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/network/networkclientpool"
templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
ztls "github.com/zmap/zcrypto/tls"
)
// Request is a request for the SSL protocol
@ -35,6 +36,27 @@ type Request struct {
// description: |
// Address contains address for the request
Address string `yaml:"address,omitempty" jsonschema:"title=address for the ssl request,description=Address contains address for the request"`
// description: |
// Minimum tls version - auto if not specified.
// values:
// - "sslv3"
// - "tls10"
// - "tls11"
// - "tls12"
// - "tls13"
MinVersion string `yaml:"min_version,omitempty" jsonschema:"title=TLS version,description=Minimum tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
// description: |
// Max tls version - auto if not specified.
// values:
// - "sslv3"
// - "tls10"
// - "tls11"
// - "tls12"
// - "tls13"
MaxVersion string `yaml:"max_version,omitempty" jsonschema:"title=TLS version,description=Max tls version - automatic if not specified.,enum=sslv3,enum=tls10,enum=tls11,enum=tls12,enum=tls13"`
// description: |
// Client Cipher Suites - auto if not specified.
CiperSuites []string `yaml:"cipher_suites,omitempty"`
// cache any variables that may be needed for operation.
dialer *fastdialer.Dialer
@ -96,9 +118,53 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous
}
addressToDial := string(finalAddress)
config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname}
var minVersion, maxVersion uint16
if request.MinVersion != "" {
version, err := toVersion(request.MinVersion)
if err != nil {
return err
}
minVersion = version
}
if request.MaxVersion != "" {
version, err := toVersion(request.MaxVersion)
if err != nil {
return err
}
maxVersion = version
}
cipherSuites, err := toCiphers(request.CiperSuites)
if err != nil {
return err
}
var conn net.Conn
if request.options.Options.ZTLS {
zconfig := &ztls.Config{InsecureSkipVerify: true, ServerName: hostname}
if minVersion > 0 {
zconfig.MinVersion = minVersion
}
if maxVersion > 0 {
zconfig.MaxVersion = maxVersion
}
if len(cipherSuites) > 0 {
zconfig.CipherSuites = cipherSuites
}
conn, err = request.dialer.DialZTLSWithConfig(context.Background(), "tcp", addressToDial, zconfig)
} else {
config := &tls.Config{InsecureSkipVerify: true, ServerName: hostname}
if minVersion > 0 {
config.MinVersion = minVersion
}
if maxVersion > 0 {
config.MaxVersion = maxVersion
}
if len(cipherSuites) > 0 {
config.CipherSuites = cipherSuites
}
conn, err = request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config)
}
conn, err := request.dialer.DialTLSWithConfig(context.Background(), "tcp", addressToDial, config)
if err != nil {
requestOptions.Output.Request(requestOptions.TemplateID, input, request.Type().String(), err)
requestOptions.Progress.IncrementFailedRequestsBy(1)
@ -107,10 +173,6 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous
defer conn.Close()
_ = conn.SetReadDeadline(time.Now().Add(time.Duration(requestOptions.Options.Timeout) * time.Second))
connTLS, ok := conn.(*tls.Conn)
if !ok {
return nil
}
requestOptions.Output.Request(requestOptions.TemplateID, address, request.Type().String(), err)
gologger.Verbose().Msgf("Sent SSL request to %s", address)
@ -118,23 +180,47 @@ func (request *Request) ExecuteWithResults(input string, dynamicValues, previous
gologger.Debug().Str("address", input).Msgf("[%s] Dumped SSL request for %s", requestOptions.TemplateID, input)
}
state := connTLS.ConnectionState()
if len(state.PeerCertificates) == 0 {
return nil
var (
tlsData interface{}
certNotAfter int64
)
if request.options.Options.ZTLS {
connTLS, ok := conn.(*ztls.Conn)
if !ok {
return nil
}
state := connTLS.ConnectionState()
if len(state.PeerCertificates) == 0 {
return nil
}
tlsData = cryptoutil.ZTLSGrab(connTLS)
cert := connTLS.ConnectionState().PeerCertificates[0]
certNotAfter = cert.NotAfter.Unix()
} else {
connTLS, ok := conn.(*tls.Conn)
if !ok {
return nil
}
state := connTLS.ConnectionState()
if len(state.PeerCertificates) == 0 {
return nil
}
tlsData = cryptoutil.TLSGrab(&state)
cert := connTLS.ConnectionState().PeerCertificates[0]
certNotAfter = cert.NotAfter.Unix()
}
tlsData := cryptoutil.TLSGrab(&state)
jsonData, _ := jsoniter.Marshal(tlsData)
jsonDataString := string(jsonData)
data := make(map[string]interface{})
cert := connTLS.ConnectionState().PeerCertificates[0]
data["type"] = request.Type().String()
data["response"] = jsonDataString
data["host"] = input
data["matched"] = addressToDial
data["not_after"] = float64(cert.NotAfter.Unix())
data["not_after"] = float64(certNotAfter)
data["ip"] = request.dialer.GetDialedIP(hostname)
event := eventcreator.CreateEvent(request, data, requestOptions.Options.Debug || requestOptions.Options.DebugResponse)

23
v2/pkg/protocols/ssl/version.go Normal file
View File

@ -0,0 +1,23 @@
package ssl
import (
"crypto/tls"
"fmt"
ztls "github.com/zmap/zcrypto/tls"
)
var versions = map[string]uint16{
"sslv3": ztls.VersionSSL30,
"tls10": ztls.VersionTLS10,
"tls11": ztls.VersionTLS11,
"tls12": ztls.VersionTLS12,
"tls13": tls.VersionTLS13,
}
func toVersion(item string) (uint16, error) {
if version, ok := versions[item]; ok {
return version, nil
}
return 0, fmt.Errorf("unsupported version: %s", item)
}

50
v2/pkg/testutils/integration.go
View File

@ -1,6 +1,7 @@
package testutils
import (
"crypto/tls"
"errors"
"fmt"
"net"
@ -97,21 +98,51 @@ type TCPServer struct {
listener net.Listener
}
// keys taken from https://pascal.bach.ch/2015/12/17/from-tcp-to-tls-in-go/
const serverKey = `-----BEGIN EC PARAMETERS-----
BgUrgQQAIg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDBJazGwuqgOLsCMr7P56w26JBEHQokiuAy2iCQfCnmOWm7S9FveQ/DP
qB69zvUPs26gBwYFK4EEACKhZANiAARehvy96ygCAsJ6iQvthzl/Nvq4P3c4MGyx
UMLMe0L10OCxeCl5ZY2CuFf8UnBgV1u414U4+yjIrS57w1/3utBKC9TVRGj+Vcls
2NZ4+8Jh6/M/Jf/Mpd8QyIy0WesEUM4=
-----END EC PRIVATE KEY-----
`
const serverCert = `-----BEGIN CERTIFICATE-----
MIICJDCCAakCCQDFa0/D9jJw6DAKBggqhkjOPQQDAjB7MQswCQYDVQQGEwJVUzEP
MA0GA1UECAwGcGRsYW5kMQ8wDQYDVQQHDAZwZGNpdHkxCzAJBgNVBAoMAnBkMQsw
CQYDVQQLDAJwZDELMAkGA1UEAwwCcGQxIzAhBgkqhkiG9w0BCQEWFGFueXRoaW5n
QGFueXRoaW5nLnBkMB4XDTIyMDEyNzIyMDUwNFoXDTMyMDEyNTIyMDUwNFowezEL
MAkGA1UEBhMCVVMxDzANBgNVBAgMBnBkbGFuZDEPMA0GA1UEBwwGcGRjaXR5MQsw
CQYDVQQKDAJwZDELMAkGA1UECwwCcGQxCzAJBgNVBAMMAnBkMSMwIQYJKoZIhvcN
AQkBFhRhbnl0aGluZ0Bhbnl0aGluZy5wZDB2MBAGByqGSM49AgEGBSuBBAAiA2IA
BF6G/L3rKAICwnqJC+2HOX82+rg/dzgwbLFQwsx7QvXQ4LF4KXlljYK4V/xScGBX
W7jXhTj7KMitLnvDX/e60EoL1NVEaP5VyWzY1nj7wmHr8z8l/8yl3xDIjLRZ6wRQ
zjAKBggqhkjOPQQDAgNpADBmAjEAgxGPbjRlhz+1Scmr6RU9VbzVJWN8KCsTTpx7
pqfmKpJ29UYReZN+fm/6fc5vkv1rAjEAkTuTf8ARSn1UiKlCTTDQVtCoRcMVLQQp
TCxxGzcAlUAAJE6+SJpY7fPRe+n2EvPS
-----END CERTIFICATE-----
`
// NewTCPServer creates a new TCP server from a handler
func NewTCPServer(handler func(conn net.Conn), port ...int) *TCPServer {
func NewTCPServer(withTls bool, port int, handler func(conn net.Conn)) *TCPServer {
server := &TCPServer{}
var gotPort int
if len(port) > 0 {
gotPort = port[0]
}
l, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", gotPort))
l, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port))
if err != nil {
panic(err)
}
server.URL = l.Addr().String()
server.listener = l
cer, err := tls.X509KeyPair([]byte(serverCert), []byte(serverKey))
if err != nil {
panic(err)
}
config := &tls.Config{Certificates: []tls.Certificate{cer}}
go func() {
for {
// Listen for an incoming connection.
@ -120,7 +151,12 @@ func NewTCPServer(handler func(conn net.Conn), port ...int) *TCPServer {
continue
}
// Handle connections in a new goroutine.
go handler(conn)
if withTls {
connTls := tls.Server(conn, config)
go handler(connTls)
} else {
go handler(conn)
}
}
}()
return server

2
v2/pkg/types/types.go
View File

@ -196,6 +196,8 @@ type Options struct {
ClientKeyFile string
// ClientCAFile client certificate authority file (PEM-encoded) used for authenticating against scanned hosts
ClientCAFile string
// Use ZTLS library
ZTLS bool
}
func (options *Options) AddVarPayload(key string, value interface{}) {