Network Mapper (Nmap) is a powerful open-source network scanning tool used for security auditing, network discovery, and vulnerability assessment. It can identify hosts, services, operating systems, and security configurations across networks.
The Nmap plugin:
- Leverages the Nmap SSL/TLS certificate extraction capabilities to discover X.509 certificates from various network services.
- Traditional algorithm certificates—The plugin can discover certificates using the following traditional algorithms:
Algorithm
Examples
RSA
1024-bit, 2048-bit, 3072-bit, 4096-bit
ECDSA (Elliptic Curve)
P-256, P-384, P-521 curves
EdDSA
Ed25519, Ed448 (Edwards-curve signatures)
DSA
Legacy DSA implementations (discouraged)
- Post-Quantum cryptography certificates (supported in future releases)—The plugin is designed to detect and report certificates issued with emerging post-quantum algorithms. For example:
Algorithm
Examples
ML-DSA
(Module-Lattice-Based Digital Signature Algorithm): ML-DSA-44, ML-DSA-65, ML-DSA-87
FALCON
Compact lattice-based signatures
SPHINCS+
Hash-based signatures
ML-KEM (Key Encapsulation)
ML-KEM-512, ML-KEM-768, ML-KEM-1024
Note: Failed connection attempts due to unreachable hosts or closed ports do not stop the scan.
- Traditional algorithm certificates—The plugin can discover certificates using the following traditional algorithms:
- Uses the Nmap
ssl-certandssl-enum-ciphersNSE scripts to:- Detect service types and versions
- Extract certificates in real-time as services are discovered.
- Enumerate cipher suites