On 11/08/11 15:31, Ralph Holz wrote: >>> Does this mean you can scan 1.5M+ hostnames in less than 24h? You don't >>> conduct full SSL handshakes then, correct? >> >> Correct. The scanner only waits for the TLS Handshake Record with >> certificates. >> Time taken by the scan depends a lot on the scanner location, one finishes >> consistently within 4-5 hours, the other between 11-13 hours (in 100 >> threads). > > Will you release the code? I have been thinking about replacing our > openssl-based scanner with something quicker, at least for some use cases.
The code is here: git clone git://git.nic.cz/perspectives-observatory/ Look for threaded_scanner.py. (The code is a fork of Perspectives server, with some tweaks/fixes.) One known limitation: it won't handle the case when the certificates in handshake protocol are long enough to be fragmented over multiple record layers (throws error). In practice I've seen two such cases: mail.zitro-technologies.de (the number of subj alt names is impressive) and afw.akf-servicelease.de (sends chain of length 18). >>> Which DB back-end do you use? If it's postgres, I'd be happy to feed it >>> into our DB, too, and see what we have. >> >> It's postgres. > > Oh, excellent. Do you provide .custom format, too? I've sent you the link in mail. (In case anyone else is interested, write me, it's not put here because of the host's traffic quotas). Ondrej
