File ssl-enum-ciphers
Script types:
portrule
Categories:
discovery, intrusive
Download: http://nmap.org/svn/scripts/ssl-enum-ciphers.nse
User Summary
This script repeatedly initiates SSL/TLS connections, each time trying a new cipher or compressor while recording whether a host accepts or rejects it. The end result is a list of all the ciphers and compressors that a server accepts.
Each cipher is shown with a strength rating: one of strong,
weak, or unknown strength. The output line
beginning with Least strength shows the strength of the
weakest cipher offered. If you are auditing for weak ciphers, you would
want to look more closely at any port where Least strength
is not strong. The cipher strength database is in the file
nselib/data/ssl-ciphers, or you can use a different file
through the script argument
ssl-enum-ciphers.rankedcipherlist.
SSLv3/TLSv1 requires more effort to determine which ciphers and compression methods a server supports than SSLv2. A client lists the ciphers and compressors that it is capable of supporting, and the server will respond with a single cipher and compressor chosen, or a rejection notice.
This script is intrusive since it must initiate many connections to a server, and therefore is quite noisy.
Script Arguments
ssl-enum-ciphers.rankedcipherlist
A path to a file of cipher names and strength ratings
Example Usage
nmap --script ssl-enum-ciphers -p 443 <host>
Script Output
PORT STATE SERVICE REASON 443/tcp open https syn-ack | ssl-enum-ciphers: | SSLv3 | Ciphers (6) | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - unknown strength | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - unknown strength | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength | Compressors (1) | uncompressed | TLSv1.0 | Ciphers (6) | TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - unknown strength | TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong | TLS_DHE_RSA_WITH_AES_256_CBC_SHA - unknown strength | TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong | TLS_RSA_WITH_AES_128_CBC_SHA - strong | TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength | Compressors (1) | uncompressed |_ Least strength = unknown strength
Requires
Author: Mak Kolybabi <mak@kolybabi.com>, Gabriel Lawrence
License: Same as Nmap--See http://nmap.org/book/man-legal.html