Playing with some internet scan

24 Feb 2015

Some dude over there put online the result of his scans.

The (big) output file is in JSON which is easy to play with. He used his scan to sell his visualization tool but I don’t have time for this hipster-y stuff.

I know the web is being scanned all the time, and some results have already been made public, so what’s just after is no news.

SSL fun

 egrep "\"notAfter\": \"(200[0-9]|19)" Nmap-Modbus-IPv4.json | ruby -e "require 'json'; require 'pp' ; STDIN.each_line {|l|  JSON.parse(l)['ports'].each {|p| (p['scripts'] || []).each{|s| pp s['ssl-cert']['validity']['notAfter'] if s['ssl-cert']}}}"  | sort | head

"19031206150859Z"
"19040105065354Z"
"19060322212239Z"
"19060330212826Z"
"19060401212741Z"
"19060409211230Z"
"19060421204958Z"
"19060423210554Z"
"19060424212323Z"
"19060430204429Z"

Haha. Let’s check the winner here :

$ openssl s_client -connect 190.95.241.194:8888 -showcerts

depth=0 C = EC, ST = Napo, L = Papallacta, O = Ecoluz, CN = 190.95.241.194, emailAddress = drenbiedel@gmail.com
verify error:num=18:self signed certificate

Looks like ecuador had internet, and Gmail in 1903 !

Das Blog à Renzo Google-Free since 02/2015

Playing with some internet scan

SSL fun