Categories: vuln, safe
Weak ephemeral Diffie-Hellman parameter detection for SSL/TLS services.
This script simulates SSL/TLS handshakes using ciphersuites that have ephemeral Diffie-Hellman as the key exchange algorithm.
Diffie-Hellman MODP group parameters are extracted and analyzed for vulnerability to Logjam (CVE 2015-4000) and other weaknesses.
Opportunistic STARTTLS sessions are established on services that support them.
mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.usernameSee the documentation for the mssql library.
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusernameSee the documentation for the smbauth library.
smtp.domainSee the documentation for the smtp library.
randomseed, smbbasic, smbport, smbsignSee the documentation for the smb library.
vulns.short, vulns.showallSee the documentation for the vulns library.
nmap --script ssl-dh-params <target>
Host script results: | ssl-dh-params: | VULNERABLE: | Transport Layer Security (TLS) Protocol DHE_EXPORT Ciphers Downgrade MitM (Logjam) | State: VULNERABLE | IDs: OSVDB:122331 CVE:CVE-2015-4000 | The Transport Layer Security (TLS) protocol contains a flaw that is triggered | when handling Diffie-Hellman key exchanges defined with the DHE_EXPORT cipher. | This may allow a man-in-the-middle attacker to downgrade the security of a TLS | session to 512-bit export-grade cryptography, which is significantly weaker, | allowing the attacker to more easily break the encryption and monitor or tamper | with the encrypted stream. | Disclosure date: 2015-5-19 | Check results: | EXPORT-GRADE DH GROUP 1 | Ciphersuite: TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA | Modulus Type: Non-safe prime | Modulus Source: sun.security.provider/512-bit DSA group with 160-bit prime order subgroup | Modulus Length: 512 bits | Generator Length: 512 bits | Public Key Length: 512 bits | References: | https://weakdh.org | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000 | http://osvdb.org/122331 | | Diffie-Hellman Key Exchange Insufficient Diffie-Hellman Group Strength | State: VULNERABLE | Transport Layer Security (TLS) services that use Diffie-Hellman groups of | insuffficient strength, especially those using one of a few commonly shared | groups, may be susceptible to passive eavesdropping attacks. | Check results: | WEAK DH GROUP 1 | Ciphersuite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | Modulus Type: Safe prime | Modulus Source: Unknown/Custom-generated | Modulus Length: 512 bits | Generator Length: 8 bits | Public Key Length: 512 bits | References: | https://weakdh.org | | Diffie-Hellman Key Exchange Potentially Unsafe Group Parameters | State: VULNERABLE | This TLS service appears to be using a modulus that is not a safe prime and does | not correspond to any well-known DSA group for Diffie-Hellman key exchange. | These parameters MAY be secure if: | - They were generated according to the procedure described in FIPS 186-4 for | DSA Domain Parameter Generation, or | - The generator g generates a subgroup of large prime order | Additional testing may be required to verify the security of these parameters. | Check results: | NON-SAFE DH GROUP 1 | Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA | Modulus Type: Non-safe prime | Modulus Source: Unknown/Custom-generated | Modulus Length: 1024 bits | Generator Length: 1024 bits | Public Key Length: 1024 bits | References: | https://weakdh.org |_ http://www2.esentire.com/TLSUnjammedWP
License: Same as Nmap--See https://nmap.org/book/man-legal.html