TLS-Scanner
TLS-Scanner copied to clipboard
Published
20 hours ago •
tls-attacker
tls-attacker
Null Pointer Exception After the Invalid Curve Probe
Null Pointer Exception after the invalid curve probe
┌──(kali㉿kali)-[~/Documents/Tools/TLS-Scanner]
└─$ sudo docker run -t tlsscanner -connect www.m10x.de:443 -outputFile result.json
[sudo] password for kali:
INFO : Main - Performing Scan, this may take some time...
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
INFO : ThreadedScanJobExecutor - Common bugs probe executed
INFO : ThreadedScanJobExecutor - Server name indication (SNI) probe executed
INFO : ThreadedScanJobExecutor - Compression probe executed
INFO : ThreadedScanJobExecutor - Protocol version probe executed
INFO : ThreadedScanJobExecutor - Cipher suite order probe executed
INFO : ThreadedScanJobExecutor - Client certificate authentication support probe executed
INFO : ThreadedScanJobExecutor - Signature Hash Algorithm Order probe executed
INFO : ThreadedScanJobExecutor - Record fragmentation probe executed
INFO : ThreadedScanJobExecutor - Early CCS probe executed
INFO : ThreadedScanJobExecutor - Tokenbinding probe executed
INFO : ThreadedScanJobExecutor - HTTP header probe executed
INFO : ThreadedScanJobExecutor - Cipher suite probe executed
INFO : ThreadedScanJobExecutor - Extensions probe executed
INFO : ThreadedScanJobExecutor - Signature and hash algorithm probe executed
INFO : ThreadedScanJobExecutor - TLS Fallback SCSV probe executed
INFO : ThreadedScanJobExecutor - Hello retry probe executed
INFO : ThreadedScanJobExecutor - ESNI probe executed
INFO : ThreadedScanJobExecutor - HTTP false start probe executed
INFO : ThreadedScanJobExecutor - Certificate probe executed
INFO : ThreadedScanJobExecutor - EC point formats probe executed
INFO : ThreadedScanJobExecutor - Resumption probe executed
INFO : ThreadedScanJobExecutor - Renegotiation probe executed
INFO : ThreadedScanJobExecutor - ALPN probe executed
INFO : ThreadedScanJobExecutor - Alpaca attack probe executed
INFO : ThreadedScanJobExecutor - Named groups probe executed
INFO : ThreadedScanJobExecutor - Session ticket probe executed
WARN : SessionTicketManipulationProbe - Initial Handshake for Fingerprinting failed TLS12
INFO : ThreadedScanJobExecutor - Session ticket manipulation probe executed
INFO : ThreadedScanJobExecutor - Session ticket padding oracle probe executed
INFO : ThreadedScanJobExecutor - Session ticket collector for afterprobe probe executed
INFO : ThreadedScanJobExecutor - Named groups order probe executed
WARN : TlsServerProbe - Was unable to get results for TLS12>SECP256R1>UNCOMPRESSED>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 Message: null
WARN : TlsServerProbe - Was unable to get results for TLS13>SECP256R1>UNCOMPRESSED>TLS_AES_128_GCM_SHA256 Message: null
INFO : ThreadedScanJobExecutor - Invalid curve probe executed
Exception in thread "main" java.lang.NullPointerException
at de.rub.nds.tlsscanner.core.util.ArrayUtil.findSubarray(ArrayUtil.java:24)
at de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.SessionSecret.findIn(SessionSecret.java:33)
at de.rub.nds.tlsscanner.serverscanner.probe.sessionticket.ticket.Ticket.checkContainsSecrets(Ticket.java:66)
at de.rub.nds.tlsscanner.serverscanner.afterprobe.SessionTicketAfterProbe.analyzeUnencryptedTicket(SessionTicketAfterProbe.java:254)
at de.rub.nds.tlsscanner.serverscanner.afterprobe.SessionTicketAfterProbe.analyze(SessionTicketAfterProbe.java:97)
at de.rub.nds.tlsscanner.serverscanner.afterprobe.SessionTicketAfterProbe.analyze(SessionTicketAfterProbe.java:45)
at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.executeAfterProbes(ThreadedScanJobExecutor.java:174)
at de.rub.nds.scanner.core.execution.ThreadedScanJobExecutor.execute(ThreadedScanJobExecutor.java:86)
at de.rub.nds.scanner.core.execution.Scanner.scan(Scanner.java:159)
at de.rub.nds.tlsscanner.serverscanner.Main.main(Main.java:44)
