certificate_verify msg, passive security_scanner, more checks

[tintinweb]

• adds poc for cve-2014-3466
• adds certificate_verify message

• security_scanner

  • adds check for renegotiation_info
  • adds basic client side sloth check (rsa+md5|sha1 in ext: signature and hash algorithms) (primarly for sniffer based security checker - which is not implemented atm)
  • adds pubkey min length check, uncommon pubkey length check, factorized moduli check, see below
  • adds security_scanner passive (sniff) mode

    * EVENT - CIPHERS - Export ciphers enabled
    * EVENT - CIPHERS - RC4 ciphers enabled
    * EVENT - CIPHERS - MD5 ciphers enabled
    * EVENT - FREAK - server supports RSA_EXPORT cipher suites
    * EVENT - INSUFFICIENT SERVER CERT PUBKEY SIZE - 2048 >= 640 bits
    * EVENT - SUSPICIOUS SERVER CERT PUBKEY SIZE - 640 not a multiple of 2048 bits
    * EVENT - SERVER CERT PUBKEY FACTORED - trivial private_key recovery possible due to known factors n = p x q. See https://en.wikipedia.org/wiki/RSA_numbers | grep 3107418240490043721350750035888567930037346022842727545720161948823206440518081504556346829671723286782437916272838033415471073108501919548529007337724822783525742386454014691736602477652346609
    * EVENT - DOWNGRADE / POODLE - FALLBACK_SCSV - not honored