Nmap – get ssl expiration from fqdn

nmap

lets say i have the following url:

www.domain.com:4567/blabla/index.html

I'm trying to get its' ssl expiration date.

There's this:

nmap --script=ssl-cert.nse -p 9194 www.domain.com

but it doesnt quite work.
I'm unable to find the right argument in nmap.

Edit: I could go for Openssl but I need a Windows based solution.

Best Answer

The URL you showed is for port 4567. Therefore, you need to use that port in your Nmap scan: nmap -p4567 --script ssl-cert www.domain.com

Also, if the port you're scanning is not one of the typically-expected ports for SSL/TLS, then the script might not run. You can force it to run by adding + to the script name (not recommended for scans of multiple ports): nmap -p4567 --script +ssl-cert www.domain.com. Newer versions of Nmap will usually not need this because they will just try a probe to check if they can open a SSL connection anyway.

Related Solutions

NMAP: Check if port 80 and 8080 is open

Your NMAP command is fine. It's the service you're trying to connect to that is the "problem".

You can find that a "server" has an open port on 80 or 8080 but still not be able to connect it. For instance, I have about three dozen polycom phones that are accessible at port 8080 but they have bum config files. When someone tries to access them at that port they aren't able to connect.

And it may depend on how you're trying to connect. Even though its port 8080 maybe you aren't supposed to use a browser to connect to it.(I know - crazy idea).

Find out what type of device you're trying to connect to using this (you'll need sudo or root):

nmap -sS -O -p80,8080 192.168.1.0/24

Nmap find all alive hostnames and IPs in LAN

nmap versions lower than 5.30BETA1:

nmap -sP 192.168.1.*

newer nmap versions:

nmap -sn 192.168.1.*

This gives me hostnames along with IP adresses, and only pings the hosts to discover them. This will only give you the hostnames if you run it as root.

EDIT: As of Nmap 5.30BETA1 [2010-03-29] -sP has been replaced with -sn as the preferred way to do ping scans, while skipping port scanning, just like the comments indicate:

Previously the -PN and -sP options were recommended. This establishes a more regular syntax for some options that disable phases of a scan:

-n no reverse DNS

-Pn no host discovery

-sn no port scan

Best Answer

Related Solutions

NMAP: Check if port 80 and 8080 is open

Nmap find all alive hostnames and IPs in LAN

Related Topic